Re: Ravenscar - program termination

Maciej Sobczak writes:
I wrote a Hello World program and I want to impress my boss telling
him that my program complies with Ravenscar recommendations. That
sounds much more serious than a plain dumb Hello World program!

A high-integrity "hello world"? With tasking? :)

+pragma Profile (Ravenscar);
with Ada.Text_IO;
+with Ada.Synchronous_Task_Control;
procedure Hello is
+ Blocker : Ada.Synchronous_Task_Control.Suspension_Object;
begin
Ada.Text_IO.Put_Line("Hello Ravenscar!");
loop
- null;
+ Ada.Synchronous_Task_Control.Suspend_Until_True (Blocker);
end loop;
end Hello;

That should solve your CPU utilisation problem :)

OK, back to serious mode.
One of the Ravenscar objectives is to allow implementations to provide
stripped-down runtime when the profile is requested. This is a nice
feature, even for programs that are not safety-critical in nature.
How does GNAT handle this? Can I expect it to build smaller (faster?)
executables when I say pragma Profile(Ravenscar) provided that the
program complies to all the restrictions anyway?

I'm not sure how GNAT handles this, and I think it depends on the
target. It makes no sense at all to write high-integrity software
running on a low-integrity operating system (not to mention
low-integrity hardware); the intention is that the high-integrity
Ravenscar run-time kernel *is* the operating system.

As a consequence, Ada.Text_IO in a high-integrity system makes little
sense, unless you have a high-integrity console driver. Since the
console driver would be hardware-dependent, you'd have to write your
own to complement GNAT's minimal Ravenscar tasking kernel.

I think that's why, in effect, high-integrity implies embedded.

In low-integrity, non-embedded software, you cannot benefit from the
"minimal kernel", "lock-free operation" or "configurable scheduling
policies", but you can benefit from other inherent properties of the
tasking model, which reduce the opportunities for deadlocks.

PS. Keep in mind that calls to Ada.Text_IO.Put_Line are "potentially
blocking", so you cannot call them from a protected object in
Ravenscar. See ARM 9.5.1(8, 10), D.13.1(4/2), H.5(5/2).

--
Ludovic Brenta.
.