From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.glorb.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!border1.nntp.dca1.giganews.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!buffer2.nntp.dca1.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail NNTP-Posting-Date: Mon, 31 Jul 2017 23:19:09 -0500 From: Dennis Lee Bieber Newsgroups: comp.lang.ada Subject: Re: What is the current language profile for concurrent, multi-core, safety-critical, hard real-time systems? Date: Tue, 01 Aug 2017 00:19:09 -0400 Organization: IISS Elusive Unicorn Message-ID: References: User-Agent: ForteAgent/8.00.32.1272 X-No-Archive: YES MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Usenet-Provider: http://www.giganews.com NNTP-Posting-Host: 108.73.117.0 X-Trace: sv3-94ThgJfzRM2rZUWJh1NGVfooJ8b4c+ahTRlbmB6mg/geb8h9GxPF7vVCU1jH3egj4zl7xtFQdr8Z151!Ubx8Mz2OL0PPGsZLJO/INpnasfapZvBmlGVWoNAJ10sD8OHsXshJKfWM0CRKNWevlckxnUAZhmBc!+Oje/JrIl5i/pg9xDr9oOhhJfg== X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 4169 X-Received-Bytes: 4291 X-Received-Body-CRC: 1023431284 Xref: news.eternal-september.org comp.lang.ada:47538 Date: 2017-08-01T00:19:09-04:00 List-Id: On Tue, 1 Aug 2017 01:45:22 -0000 (UTC), Adam Jensen declaimed the following: >That's interesting, thanks. I've been looking at the ARM Cortex-R8[1] >which seems like it might address some of these issues in its hardware >architecture. > >[1]: https://developer.arm.com/products/processors/cortex-r/cortex-r8 > >I suppose that mapping an Ada run-time system onto that specific hardware >might require a significant investment. > I suspect /very/ significant. Can you lock tasks to specific processors? If not, you run into the uncertainty in timing when a task gets loaded into a different core. Even if you can, can you show that the processing on one core will not impact another. As I understand it, lock-step doesn't help for independent tasks -- it's a redundancy mode in which a difference between the cores signals an exception condition (in flight systems, this would be a periodic compare between two independent /boxes/ to confirm that both are producing the same results). >But more simply, this web page says: "Ravenscar >for multiprocessor systems adapts a safe and widely used tasking profile >to modern architectures". Doesn't that seem to suggest that there exists >an Ada-2012 Ravenscar profile for multi-core systems? Is that mostly hype >or hokum? There may be a profile -- but (again, from my little exposure in FMS) will it pass certification? There isn't yet enough history for multi-core to pass flight certification (granted, part of that may be that no company wants to spend the money to prove to the FAA that multi-core can be safe -- dual single-core boxes can be validated as there is no "hidden" interaction on memory access, WCET is a single core determination). Even Ada tasking may not be trusted (I was maintaining a program that used a small RTOS to create the processes, rather than having Ada tasks doing the work). A bit of a chicken&egg situation: there may be processors designed for multi-core real-time, and there may be companies who'd like to use them... But developing and getting software certified for use (again, my exposure is flight management systems) would have to be done on company R&D funds -- since client companies probably won't pay for an "experiment"; they likely want just an upgrade to an existing single core system, where reuse may reduce the cost of certification for flight. Automotive may be less critical -- a timing discrepancy isn't going to result in a few hundred people falling from the sky, one should be able to limp-mode to the shoulder of the road. (OTOH: between ABS, traction control, stability control, etc. I expect the next generation of drivers will not be able to react properly should the assists fault even momentarily) -- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com HTTP://wlfraed.home.netcom.com/