From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,fac1372a6e25492a
X-Google-Attributes: gid103376,public
From: "Robert I. Eachus" <eachus@mitre.org>
Subject: Re: Ada Protected Object Turorial #2: Overview of Tasks
Date: 1999/12/21
Message-ID: <38600BE3.25B9F4BF@mitre.org>#1/1
X-Deja-AN: 563586918
Content-Transfer-Encoding: 7bit
References: <83hu2h$bba$1@bgtnsc01.worldnet.att.net>
 <83j1g0$ck4$1@nnrp1.deja.com>
X-Accept-Language: en
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: usenet@news.mitre.org
X-Trace: top.mitre.org 945818178 20707 129.83.41.77 (21 Dec 1999 23:16:18 GMT)
Organization: The MITRE Corporation
Mime-Version: 1.0
NNTP-Posting-Date: 21 Dec 1999 23:16:18 GMT
Newsgroups: comp.lang.ada
Date: 1999-12-21T23:16:18+00:00
List-Id: <comp.lang.ada>

Robert Dewar wrote:

> All in all, a good rule in Ada 95 is not to use ATC. I know
> that I generally say that any rule saying "don't use feature
> X" is a mistake since the feature would not be in the language
> unless it had been carefully thought out and understood to
> be useful. However, in my opinion [not new, I strongly opposed
> adding this feature] ATC is NOT a desirable feature in Ada :-)

   ATC is IMHO only useful in one very specific situation, but in that
case it is critical.  If you are building a fault tolerant system, you
need to be able to recover from the failure of some other component of
the system.  An example important to Ada's original intended use is in
round-robin schedulers for real-time systems.  In Ada 83 it is possible,
but very kludgy, to write a real-time cyclic executive.  But worse, if
the executive has to abort a task that  is overruning its time slot, it
must use an unlimited abort, which can cause nasal demons and other
effects unacceptable in safety-critical systems.  With ATC, it is
possible to migrate the time budget downward into the application, and
any operation that may exceed its budget can be wrapped in an ATC which
carefully limits the possible chaos.  In general, the abortable region
will be written as a procedure that cannot or will not access global
data.  After an ATC, the values of the out or in out parameters to the
call can and must be ignored.  Consider a radar system where there is an
algorithm whose execution time depends on the received data.  With ATC,
it is possible to discard data from one pulse and go on to the next. 
(This is necessary because the "bad guys" out there may be using all
sorts of electronic countermeasures and jamming.  If you can just
determine the jammed azimuth, it is possible to use triangulation to
find the source...

-- 

                                        Robert I. Eachus

with Standard_Disclaimer;
use  Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...