From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Advice, tasking and hardware Date: Wed, 8 Jun 2016 09:29:28 +0200 Organization: Aioe.org NNTP Server Message-ID: References: <25c43463-47ca-4021-82ee-299e6a075faa@googlegroups.com> <2c0dfaf8-9344-4b9c-87b4-12de687687ce@googlegroups.com> <0dc88dae-098b-4282-b1da-4798cc14131d@googlegroups.com> <8ada2408-b58b-4a32-bc95-f90689d5a8e4@googlegroups.com> <79b3d527-cc80-44ae-b9d2-1a4d3e9affb7@googlegroups.com> NNTP-Posting-Host: vFKDMXWEWKqnQQwESBoFfw.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: news.eternal-september.org comp.lang.ada:30657 Date: 2016-06-08T09:29:28+02:00 List-Id: On 08/06/2016 06:06, rieachus@comcast.net wrote: > On Tuesday, June 7, 2016 at 4:21:15 PM UTC-4, Dmitry A. Kazakov wrote: >> On 2016-06-07 18:53, rieachus@comcast.net wrote: >>> On Monday, June 6, 2016 at 3:19:20 AM UTC-4, Dmitry A. Kazakov wrote: >>> >>>> As questionable aborting task is, if do, that is unrelated to any >>>> protected objects. They block nothing unless erroneous, e.g. when you >>>> run an infinite loop within a protected action. If you do you would not >>>> be able to abort the task stuck in the action, it is abort-deferred. >>> >>> Sigh! This is the one instance where aborting a task is not just >>> appropriate, but sometimes necessary. I have no control over, for >>> example, bit flipping by cosmic rays. >> >> Why do you think aborting task would heal that? Why not zeroing a random >> section of memory, sending an SMS, or assigning 666 to the process counter? >> >>> If the deadman timer runs out, >>> there is a serious problem and the airplane (or launch vehicle) is >>> falling out of the sky. >> >> Yes, but that is not to address by some random actions. You have to >> bring the system to the nearest known safe state. Restarting a task >> might be one, unless the cosmic ray hit the task body's code, external >> objects the task uses, other tasks and hardware it communicates to etc. > > Code is in Flash, with caches that get flushed on a restart. But the system's state is not in there, e.g. the memory pools, external objects, states of other tasks, states of external devices. In order to be able to repair the system by restarting one task, there must be some very strong conditions to satisfy, which are not except for very rare and very special cases. So if a watchdog fires, the nearest safe state is restart of whole partition. > It is fairly common for flipped bits to result in a task which is in > an indefinite loop, That is the visible effect, the point is if restarting a task heals a symptom or the illness. P.S. It would be nice if Ada had, as well, a non-cooperative model of private, protected and task. That is, private parts inacessible without memory mapping only to occur through publicly visible calls. Such tasks and objects could be resurrected without partition restart. They would also be great for distributed systems done high-level instead of low-level Annex E. Unfortunately there is no demand... -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de