From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,LOTS_OF_MONEY autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-23 10:45:15 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!feed.news.qwest.net!news.uswest.net.POSTED!not-for-mail Message-ID: <3B8543DD.890CFEB2@timesys.com> From: Adam Fineman X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.17-timesys-2.0beta i686) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of References: <3B834E5D.B0D26AB1@adaworks.com> <9lvsic$bet9s$1@ID-9852.news.dfncis.de> <0sDnZRVkz5qL@eisner.encompasserve.org> <3b83847d.1117251944@news.worldonline.nl> <3B83F498.E0F6C582@timesys.com> <7aTg7.10919$2u.78544@www.newsranger.com> <3B842DEA.E01CA1BE@timesys.com> <5M7h7.11864$2u.82854@www.newsranger.com> <3B85294F.BB780B7F@timesys.com> <9m3cbh$dvu$3@bird.wu-wien.ac.at> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 23 Aug 2001 13:56:45 -0400 NNTP-Posting-Host: 65.117.135.98 X-Trace: news.uswest.net 998588713 65.117.135.98 (Thu, 23 Aug 2001 12:45:13 CDT) NNTP-Posting-Date: Thu, 23 Aug 2001 12:45:13 CDT Xref: archiver1.google.com comp.lang.ada:12350 comp.lang.c:76477 comp.lang.c++:85215 comp.lang.functional:7660 Date: 2001-08-23T13:56:45-04:00 List-Id: Markus Mottl wrote: > > In comp.lang.functional Adam Fineman wrote: > > Sounds like a horribly bad idea to me. I don't have any particular > > complaints about HP/UX as a general-purpose operating system, but it > > is _not_ a real time OS and should not be used to run the engines of > > a warship. > > A real time OS makes guarantees about the maximum time it requires to > handle certain operations. This does not mean that a general-purpose > (non-real-time) OS is useless for real time tasks: IMO a non-real-time OS is useless for this particular real time task. > it's all a matter of > latencies, probabilities and costs. > > Given the probability distribution of the time the OS requires to handle > some critical request, Given? Who gave you that, exactly? ;-) The rest of the calculation you describe is fairly trivial. The only hard part what you assume to be given.... > you can very well compute how probable it is that > it will not be able to do so in time: just integrate the area below > the probability density function to the right of the maximum allowed > latency. Then multiply this probability with the costs of e.g. having > some warship dead in the water. > > Add these costs to the price of buying an off-the-shelve general-purpose > OS and compare the result to the price of a real time OS for this > specific purpose. Voila, your decision criterion for when to buy what > kind of OS. > > Of course, the probability density function and the costs of losing > a warship may be difficult to estimate, but I hope the Navy employs > competent managers + technical staff for that purpose. > It really doesn't matter how competent the Navy's "managers & technical staff" are; the probability density function you would require is not determinable in the real world. This probability density function _can_ be determined for a properly implemented real time system, but not for a general-purpose OS in this situation. The cost of a warship is easily determined. For example, my ship had a sticker price of about 900,000,000 USD. Of course, one can't determine the cost of the 330 odd crewmembers or the possibility of losing a war because a ship goes DIW at the wrong moment. Hard real time systems are used when the cost of a missed deadline is prohibitive. Controlling the engines of a warship certainly qualifies. By the way, have you ever heard of the Mars Pathfinder mission? - Adam -- Adam Fineman SQA Engineer TimeSys Corporation -- Opinions posted here are my own.