From: Martin on
On Feb 10, 8:29 am, Hibou57 (Yannick Duchêne)
<yannick_duch...(a)yahoo.fr> wrote:
> On 10 fév, 09:17, Maciej Sobczak <see.my.homep...(a)gmail.com> wrote:> > There are two kinds of blockings: bounded and unbounded. The idea is
> > > that when computing a time budget, you can account for bounded
> > > blockings, but not unbounded ones.
> > > The "potentially blocking" phrase should be understood as really meaning
> > > unbounded.
>
> > Well, I know what you try to convey, but there are traps:
>
> >    delay Some_Static_Constant;
>
> > Is it bounded or unbounded?
>
> > As far as WCET (or any other time-based analysis) goes, the above can
> > be accounted for statically. Still, it is a no-no within any protected
> > operation.
>
> Interesting enigma
>
> I would say Bounded, as it is predictable.
> ... as long as the delay is short, otherwise it will break the other
> rule stating that a protected operation should be fast to execute.
>
> If I try to have a delay X.Y in a protected operation, GNAT just warns
> me “ potentially blocking operation in protected operation ”, while
> the program is still compiled.
>
> You've said “ it is a no-no within any protected ” : do you get a
> compilation error when you do the same ?
>
> I've not seen anything in the Rationale nor in the ARM which
> explicitly disallow it anyway (but as these are long pages I should
> later read again, I may have miss it).

It's isn't predicatable - it will delay for /at least/
Some_Static_Constant. It's up to the task scheduling algorithm (plus
the rest of the program! ;-) as to what happen next...and when!

Cheers
-- Martin
From: Jean-Pierre Rosen on
Maciej Sobczak a �crit :
> On 9 Lut, 15:26, Jean-Pierre Rosen <ro...(a)adalog.fr> wrote:
>
>> There are two kinds of blockings: bounded and unbounded. The idea is
>> that when computing a time budget, you can account for bounded
>> blockings, but not unbounded ones.
>
>> The "potentially blocking" phrase should be understood as really meaning
>> unbounded.
>
> Well, I know what you try to convey, but there are traps:
>
> delay Some_Static_Constant;
>
> Is it bounded or unbounded?
>
For the rules of potentially blocking operations, delay is potentially
blocking because it /can/ be unbounded. Many unbounded things can be
proved bounded with sufficient analysis and provided some elements are
static; that's not the point here.

--
---------------------------------------------------------
J-P. Rosen (rosen(a)adalog.fr)
Visit Adalog's web site at http://www.adalog.fr
From: Jean-Pierre Rosen on
Martin a �crit :

> It's isn't predicatable - it will delay for /at least/
> Some_Static_Constant. It's up to the task scheduling algorithm (plus
> the rest of the program! ;-) as to what happen next...and when!
>
If your compiler supports annex D, the possible extra delay time has to
be documented - see D.9.

--
---------------------------------------------------------
J-P. Rosen (rosen(a)adalog.fr)
Visit Adalog's web site at http://www.adalog.fr
From: Martin on
On Feb 10, 11:44 am, Jean-Pierre Rosen <ro...(a)adalog.fr> wrote:
> Martin a écrit :
>
> > It's isn't predicatable - it will delay for /at least/
> > Some_Static_Constant. It's up to the task scheduling algorithm (plus
> > the rest of the program! ;-) as to what happen next...and when!
>
> If your compiler supports annex D, the possible extra delay time has to
> be documented - see D.9.
>
> --
> ---------------------------------------------------------
>            J-P. Rosen (ro...(a)adalog.fr)
> Visit Adalog's web site athttp://www.adalog.fr


D.9 (12) in this case?

I guess if you're that interested then you do need an Annex D
conforming compiler...just looking and yup, GNAT GLP 2009 for WinXP
doesn't list that - so non-deterministic for this OS.

Cheers
-- Martin
From: Robert A Duff on
Martin <martin.dowie(a)btopenworld.com> writes:

> It's isn't predicatable - it will delay for /at least/
> Some_Static_Constant.

Well, implementations are supposed to wake the task up
as soon as possible after the delay expires.
We don't really have a way to say that in RM terms,
but an implementation that delays for an extra
second, for example, should probably be considered
broken.

>..It's up to the task scheduling algorithm (plus
> the rest of the program! ;-) as to what happen next...and when!

Yeah, the rest of the program is key. But that's the case even
without delays. For example, suppose a protected procedure
says, "X := X + 1;". Looks pretty bounded. But it can
get preempted by a higher priority task, which can
go off and do stuff for a long and unbounded time.

You have to take care to get your priorities right.

- Bob