From: Peter Morris <no@spam.please.net>
Subject: Re: High-integrity networking
Date: Thu, 11 Oct 2007 22:30:25 +0930
Date: 2007-10-11T22:30:25+09:30 [thread overview]
Message-ID: <9p1sg31bj47b0dvk39vlcis33boa5k3a9s@4ax.com> (raw)
In-Reply-To: m2przm7o7y.fsf@mac.com
On Wed, 10 Oct 2007 20:40:17 +0100, Simon Wright
<simon.j.wright@mac.com> wrote:
>Peter Morris <no@spam.please.net> writes:
>
>> Issues with using Ravenscar and the Ada Distributed Systems Annex for
>> High-Integrity Systems
>> http://www.acm.org/sigada/ada_letters/march2001/103-audsley_1.pdf
>>
>> It identified the following problem:
>>
>> "It is clear that in order to facilitate distributed
>> high-integrity real-time programming, the run-time
>> support for distributed programming itself should conform
>> to the Ravenscar profile. We have illustrated in this paper
>> that this support requires greater expressive power than that
>> afforded by Ravenscar. The result is greater complexity in
>> the run-time � the code is almost certainly less analyzable,
>> and definitely harder to produce and read."
>
>Not clear from the last sentence whether it's the run-time or the user
>code that's harder to analyse, produce or read. (Presumably that's not
>true of Ravenscar itself, or no one would use it? It would be a hard
>sell to management ...)
>
I think they are referring to implementations of the DSA. Eg they say
that the GLADE implementation uses many protected objects that don't
comply with Ravenscar requirements.
>> I don't know if anyone has solved this problem.
>
>Could a solution be analogous to the SPARK technique of telling the
>Analyser that certain elements can be assumed to behave as specified
>without needing proof?
>
That should be possible. Eg if an implementation of the DSA had passed
sufficiently rigorous tests.
However I feel there is room for something simpler than the DSA.
>
>Of course, that depends on what problem you are trying to solve; using
>Ravenscar makes it easier to argue for correctness, not using
>Ravenscar probably doesn't make an argiment impossible.
>
I think that is true.
Regards,
Peter Morris
prev parent reply other threads:[~2007-10-11 13:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-08 12:13 High-integrity networking Maciej Sobczak
2007-10-08 16:03 ` Colin Paul Gloster
2007-10-08 20:35 ` Maciej Sobczak
2007-10-15 17:14 ` Colin Paul Gloster
2007-10-16 8:44 ` Maciej Sobczak
2007-10-08 21:02 ` Jeffrey R. Carter
2007-10-09 13:17 ` Maciej Sobczak
2007-10-09 17:37 ` Jeffrey R. Carter
2007-10-09 20:57 ` Maciej Sobczak
2007-10-10 13:16 ` Brian Drummond
2007-10-10 18:13 ` anon
2007-10-10 18:54 ` Peter Morris
2007-10-10 6:29 ` Peter Morris
2007-10-10 19:40 ` Simon Wright
2007-10-11 13:00 ` Peter Morris [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox