From: Ludovic Brenta <ludovic@ludovic-brenta.org>
Subject: Re: Ravenscar - program termination
Date: Wed, 31 Jan 2007 09:12:40 +0100
Date: 2007-01-31T09:12:40+01:00 [thread overview]
Message-ID: <87fy9rty13.fsf@ludovic-brenta.org> (raw)
In-Reply-To: 45c0499c$0$22512$39db0f71@news.song.fi
Niklas Holsti writes:
> If Ravenscar really requires that the main procedure be
> non-terminating, I'm happy to learn that. From a very formal point
> of view I guess this requirement means that the kernel need not
> implement "await for task termination" even in the environment task.
Indeed, one of Ravenscar's goals is to make the necessary kernel easy
to certify to the most stringent safety standards. As with all
high-integrity software, the best way to achieve this is to make
things small and simple. So, not only does Ravenscar avoid the need
to wait for task termination, but also the tasking model (priority
ceiling inheritance) avoids the need for locks completely. Imagine a
tasking kernel with no mutexes :)
Ravenscar is beautiful, IMHO.
--
Ludovic Brenta.
next prev parent reply other threads:[~2007-01-31 8:12 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-29 16:34 Ravenscar - program termination Maciej Sobczak
2007-01-29 19:53 ` Ludovic Brenta
2007-01-30 8:09 ` Maciej Sobczak
2007-01-30 9:37 ` Markus E Leypold
2007-01-30 17:48 ` Jeffrey R. Carter
2007-01-31 9:01 ` Maciej Sobczak
2007-01-31 9:59 ` Ludovic Brenta
2007-01-30 14:24 ` matteo.bordin
2007-01-30 19:15 ` Niklas Holsti
2007-01-30 20:30 ` Robert A Duff
2007-01-31 7:53 ` Niklas Holsti
2007-01-31 8:12 ` Ludovic Brenta [this message]
2007-01-31 8:59 ` Niklas Holsti
2007-01-31 18:02 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox