Re: Spirit rover OS problems - OT: Priority Inversion
From: Lewin A.R.W. Edwards (larwe_at_larwe.com)
Date: 9 Feb 2004 11:32:23 -0800
> > > http://www.embedded.com/story/OEG20020321S0023
> > By the way, look at the first reference in that article ("What really
By the way, to all: I am NOT referring to the above URL. I am
referring to the first reference quoted in it, to which the link is
<http://catless.ncl.ac.uk/Risks/19.54.html#subj6>. This latter
reference appears to be considerably less sanitized than the
> This is what I read: "This problem was not caused by a mistake in the
This is what *I* read (verbatim):
"Once we understood the problem the fix appeared obvious : change the
creation flags for the semaphore so as to enable the priority
inheritance. The Wind River folks, for many of their services, supply
global configuration variables for parameters such as the "options"
parameter for the semMCreate used by the select service (although this
is not documented and those who do not have vxWorks source code or
have not studied the source code might be unaware of this feature).
However, the fix is not so obvious for several reasons :"
> > * The workaround was not a documented feature.
> The article doesn't say that the workaround was not documented. It says, "In
The article I reference above specifically says that it was
undocumented and its existence could only be learned by studying the
> for 1.5 years before rebooting, and then only for good measure. Many people
> whom I respect who have experience on both Windows and Linux agree that
> there are just as many if not more problems with stability on Linux. Open
> Source has its place but it is not the answer to reliability, though it's
> nice and helpful to have the source.
Can you point out where I ever said "Linux"? I said open source. I
didn't say Open Source(sm) :) I would point you to eCos, uCos-II, and
now even (kinda) Windows CE as examples of open source applications
that are not Open Source - and specifically not Linux.
I am specifically excluding OSes that are closed-source to the masses
but open-source to the rich illuminati/trough-fillers (potayto,
I'm very happy your application ran for so long under Windows NT. This
phenomenon is commonly known as "luck" and is modeled
pseudo-mathematically in many role-playing games with more or less the
same accuracy as any reliability estimate you can give your client.
The problem is that you have no way of guaranteeing that it will
survive a given system loading condition, because without OS source
you have no hope of knowing what the machine is doing at any given
time, nor the tools to find out.
Any professional gambler-cum-mathematician will tell you that a
hundred good hands in a row from an unbiased pack of cards do not
predict the outcome of the next deal. Having the source is like having
X-ray vision at a card game. It doesn't protect you against an
opponent with a world-beating hand, but it lets you plan for it and
limit your losses.