From: R_Tim_Coslet@cup.portal.com
Subject: Re: "Subtract C, add Ada"
Date: 23 Jan 1995 21:02:57 -0800
Date: 1995-01-23T21:02:57-08:00 [thread overview]
Message-ID: <131598@cup.portal.com> (raw)
In-Reply-To: 3fpc7j$mts@cliffy.lfwc.lockheed.com
>Samuel Mize (smize@Starbase.NeoSoft.COM) wrote:
>: Sure you do, if there was a programmer error, or a hardware glitch,
>: or a bad memory location, etc. These are the things you don't want.
>: Given that you can't eliminate those, oh *boy* do you want exceptions,
>: given the alternative (core dump at 30,000 feet -- how do I reboot
>: my F-16?!?!?!?)
>
>However, for systems with the capability to degrade cleanly, exceptions are
>a very good thing and in fact are widely used in embedded avionics software.
>
>--------------------------------------------------------------------
The software I'm currently working on for a cockpit display system
was specificly designed to USE exceptions to gracefully degrade the
system functionality in the presence of serious hardware problems.
Each 16ms display frame consists of a series of calls to the various
CSCs controlling the sybsystems of the display. If no fatal hardware
problems occur it runs completely without exceptions. But in the
case of fatal hardware failures (e.g. inability to access a subsystem)
an exception is raised within that CSC, terminating any further
processing for that subsystem for that frame, letting the other CSCs
have the "extra" unused time. Thus the system will gracefully degrade,
mo matter how deep it had gotten into the CSC for a given subsystem
when the hardware died. No exception is ever allowed to propagate
outside of the top level CSC in which it occured to the main task.
The exception processing is a little expensive (about 1ms/exception),
but with several CSCs consuming 4 or 5ms in normal operation and the
overall time budget a bit tight, the exception usually saves time
making the remaining 3ms or more available to other CSCs immediately
in that frame when such a failure occurs.
Same thing with a serious programmer error that was not detected in
test: the affected CSC dies gracefully and the system functionality
degrades... BUT the REST of the system continues to function!
Such graceful degradation in function would have been MUCH harder
to implement in this system WITHOUT exceptions.
R. Tim Coslet
Usenet: R_Tim_Coslet@cup.portal.com
technology, n. domesticated natural phenomena
next prev parent reply other threads:[~1995-01-24 5:02 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3fdcoi$chn@miranda.gmrc.gecm.com>
1995-01-20 5:01 ` "Subtract C, add Ada" Samuel Mize
1995-01-20 22:07 ` Garlington KE
1995-01-24 5:02 ` R_Tim_Coslet [this message]
1995-02-10 13:49 R.A.L Williams
[not found] <3gsr0e$oin@miranda.gmrc.gecm.com>
1995-02-07 16:58 ` Mark S. Hathaway
1995-02-08 7:39 ` Travis C. Porco
1995-02-08 16:07 ` Fred J. McCall
1995-02-08 21:30 ` Garlington KE
-- strict thread matches above, loose matches on Subject: below --
1995-01-31 9:34 R.A.L Williams
1995-02-01 16:45 ` Charles H. Sampson
1995-01-23 8:49 R.A.L Williams
1995-01-25 23:18 ` Charles H. Sampson
1995-01-20 10:20 R.A.L Williams
1995-01-20 13:22 ` Renaud HEBERT
1995-01-24 3:35 ` David Moore
1995-01-25 5:38 ` Robert Dewar
1995-01-28 16:35 ` Jules
1995-01-29 8:06 ` Matt Kennel
1995-01-30 5:31 ` Michael Feldman
1995-01-31 22:22 ` David O'Brien
1995-01-24 20:23 ` N. Mellor
1995-01-25 8:50 ` Robb Nebbe
1995-01-25 14:19 ` John Volan
1995-01-26 5:07 ` Samuel Mize
1995-01-26 18:51 ` Mark A Biggar
1995-01-21 15:18 ` Robert Dewar
1995-01-21 21:03 ` David O'Brien
1995-01-23 3:09 ` Jay Martin
1995-01-23 12:50 ` Andrew McConnell
1995-01-24 0:54 ` Matt Kennel
1995-01-25 17:03 ` Norman H. Cohen
1995-01-26 1:13 ` Dr. Richard Botting
1995-01-26 14:32 ` Anders Juul Munch
1995-01-24 0:17 ` Bob Kitzberger
1995-01-23 20:46 ` Robert Firth
1995-01-24 14:25 ` Samuel Mize
1995-01-25 7:27 ` David O'Brien
1995-01-25 12:14 ` Robert A Duff
1995-01-25 5:57 ` David O'Brien
[not found] ` <3g9rf0$71k@Starbase.NeoSoft.COM>
1995-01-28 21:08 ` David O'Brien
1995-01-31 18:07 ` Samuel Mize
1995-02-01 10:23 ` Samuel Mize
1995-01-30 0:24 ` Mark S. Hathaway
1995-01-31 3:30 ` Jay Martin
1995-02-01 13:25 ` Jesper Kaagaard
1995-01-20 9:33 R.A.L Williams
[not found] <3fgphd$sc3@rational.rational.com>
1995-01-20 5:51 ` RonaldS60
1995-02-07 13:55 ` Robert C. Soong
[not found] <3etund$hnr@miranda.gmrc.gecm.com>
1995-01-12 9:56 ` Erik Svensson
1995-01-12 14:44 ` Norman H. Cohen
1995-01-13 1:51 ` David O'Brien
1995-01-13 12:38 ` Laurent Gasser
1995-01-13 20:53 ` John DiCamillo
[not found] ` <3f8fnf$c8p@gamma.ois.com>
1995-01-16 11:02 ` Matt Kennel
[not found] ` <milodD2IFpG.329@netcom.com>
1995-01-17 21:39 ` R. William Beckwith
[not found] ` <3fa11q$sdh@gnat.cs.nyu.edu>
1995-01-16 20:20 ` David Moore
1995-01-14 0:24 ` David O'Brien
1995-01-20 4:43 ` Samuel Mize
1995-01-21 20:28 ` David O'Brien
1995-01-22 21:12 ` Robert Dewar
1995-01-23 18:35 ` Norman H. Cohen
1995-01-23 19:18 ` John Cosby - The Coz
1995-01-24 14:11 ` Samuel Mize
1995-01-14 10:37 ` Keith Thompson
[not found] ` <3fcjgt$b0v@cronkite.seas.gwu.edu>
1995-01-16 18:47 ` Robert Dewar
[not found] ` <D2It0r.4rp@inmet.camb.inmet.com>
1995-01-17 14:11 ` Norman H. Cohen
1994-12-30 16:06 Mitch Gart
1995-01-03 19:04 ` whiting_ms@corning.com (Matt Whiting)
1995-01-05 4:31 ` Michael Feldman
1995-01-04 21:40 ` Fred McCall
1995-01-05 4:30 ` Richard Pattis
1995-01-05 16:07 ` Kevin Weise
1995-01-06 13:06 ` Jahn Rentmeister
1995-01-06 16:47 ` Laurent Gasser
1995-01-06 17:29 ` David Weller
1995-01-06 17:30 ` David Weller
1995-01-10 18:28 ` Bob Kitzberger
1995-01-06 23:36 ` Kenneth Almquist
1995-01-04 22:45 ` Jay M. Martin
1995-01-05 4:37 ` Michael Feldman
1995-01-05 18:08 ` Jay Martin
1995-01-05 23:56 ` Robert Dewar
1995-01-08 8:04 ` Jay Martin
1995-01-06 0:07 ` Michael M. Bishop
1995-01-10 21:30 ` Jay Martin
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox