From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Ravenscar - program termination
Date: Wed, 31 Jan 2007 10:59:03 +0100
Date: 2007-01-31T10:59:03+01:00 [thread overview]
Message-ID: <87bqkftt3s.fsf@ludovic-brenta.org> (raw)
In-Reply-To: epplu3$lk2$1@cernne03.cern.ch
Maciej Sobczak writes:
> I wrote a Hello World program and I want to impress my boss telling
> him that my program complies with Ravenscar recommendations. That
> sounds much more serious than a plain dumb Hello World program!
A high-integrity "hello world"? With tasking? :)
+pragma Profile (Ravenscar);
with Ada.Text_IO;
+with Ada.Synchronous_Task_Control;
procedure Hello is
+ Blocker : Ada.Synchronous_Task_Control.Suspension_Object;
begin
Ada.Text_IO.Put_Line("Hello Ravenscar!");
loop
- null;
+ Ada.Synchronous_Task_Control.Suspend_Until_True (Blocker);
end loop;
end Hello;
That should solve your CPU utilisation problem :)
> OK, back to serious mode.
> One of the Ravenscar objectives is to allow implementations to provide
> stripped-down runtime when the profile is requested. This is a nice
> feature, even for programs that are not safety-critical in nature.
> How does GNAT handle this? Can I expect it to build smaller (faster?)
> executables when I say pragma Profile(Ravenscar) provided that the
> program complies to all the restrictions anyway?
I'm not sure how GNAT handles this, and I think it depends on the
target. It makes no sense at all to write high-integrity software
running on a low-integrity operating system (not to mention
low-integrity hardware); the intention is that the high-integrity
Ravenscar run-time kernel *is* the operating system.
As a consequence, Ada.Text_IO in a high-integrity system makes little
sense, unless you have a high-integrity console driver. Since the
console driver would be hardware-dependent, you'd have to write your
own to complement GNAT's minimal Ravenscar tasking kernel.
I think that's why, in effect, high-integrity implies embedded.
In low-integrity, non-embedded software, you cannot benefit from the
"minimal kernel", "lock-free operation" or "configurable scheduling
policies", but you can benefit from other inherent properties of the
tasking model, which reduce the opportunities for deadlocks.
PS. Keep in mind that calls to Ada.Text_IO.Put_Line are "potentially
blocking", so you cannot call them from a protected object in
Ravenscar. See ARM 9.5.1(8, 10), D.13.1(4/2), H.5(5/2).
--
Ludovic Brenta.
next prev parent reply other threads:[~2007-01-31 9:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-29 16:34 Ravenscar - program termination Maciej Sobczak
2007-01-29 19:53 ` Ludovic Brenta
2007-01-30 8:09 ` Maciej Sobczak
2007-01-30 9:37 ` Markus E Leypold
2007-01-30 17:48 ` Jeffrey R. Carter
2007-01-31 9:01 ` Maciej Sobczak
2007-01-31 9:59 ` Ludovic Brenta [this message]
2007-01-30 14:24 ` matteo.bordin
2007-01-30 19:15 ` Niklas Holsti
2007-01-30 20:30 ` Robert A Duff
2007-01-31 7:53 ` Niklas Holsti
2007-01-31 8:12 ` Ludovic Brenta
2007-01-31 8:59 ` Niklas Holsti
2007-01-31 18:02 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox