From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.140.91.136 with SMTP id z8mr21198505qgd.12.1465390575089; Wed, 08 Jun 2016 05:56:15 -0700 (PDT) X-Received: by 10.157.25.166 with SMTP id k35mr253660otk.6.1465390575048; Wed, 08 Jun 2016 05:56:15 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!p34no4214778qgp.1!news-out.google.com!z5ni244qge.0!nntp.google.com!p34no4214777qgp.1!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Wed, 8 Jun 2016 05:56:14 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=2601:191:8202:8510:5985:2c17:9409:aa9c; posting-account=fdRd8woAAADTIlxCu9FgvDrUK4wPzvy3 NNTP-Posting-Host: 2601:191:8202:8510:5985:2c17:9409:aa9c References: <25c43463-47ca-4021-82ee-299e6a075faa@googlegroups.com> <2c0dfaf8-9344-4b9c-87b4-12de687687ce@googlegroups.com> <0dc88dae-098b-4282-b1da-4798cc14131d@googlegroups.com> <8ada2408-b58b-4a32-bc95-f90689d5a8e4@googlegroups.com> <79b3d527-cc80-44ae-b9d2-1a4d3e9affb7@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: Advice, tasking and hardware From: rieachus@comcast.net Injection-Date: Wed, 08 Jun 2016 12:56:15 +0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:30661 Date: 2016-06-08T05:56:14-07:00 List-Id: On Wednesday, June 8, 2016 at 3:30:07 AM UTC-4, Dmitry A. Kazakov wrote: =20 > That is the visible effect, the point is if restarting a task heals a=20 > symptom or the illness. >=20 > P.S. It would be nice if Ada had, as well, a non-cooperative model of=20 > private, protected and task. That is, private parts inacessible without= =20 > memory mapping only to occur through publicly visible calls. Such tasks= =20 > and objects could be resurrected without partition restart. They would=20 > also be great for distributed systems done high-level instead of=20 > low-level Annex E. Unfortunately there is no demand... Um. Hard real-time systems are hard, and it is harder still to recover fro= m (transient) hardware errors. However, there are tools, and SPARK helps a= lot. In the systems I worked on, each priority level corresponded to a th= read, and was fired off every 20 ms. There was a time requirement on resta= rting any task from scratch that basically resulted in a (small) collection= of state variables, and the large swaths of state data like radar tracks w= ould be discarded by hardware transient recovery.=20 Oh, all physical memory allocations had to be done before the system was st= arted. You could, and often did have a per task memory pool, and restart j= ust changed the allocated amount to zero. Of course, any package which con= tained state had to be task specific. The tasks that updated the HUD was r= elatively low priority, and some cockpit displays lower still. So telling t= he pilot to try cycling the power to the computer system wasn't a solution.= Hmm. I remember some older systems A6A DIANE? Where the watchdog timer wa= s connected to a cockpit light. That system though, did nav, radar and wea= pons, but was not involved in flight control.