From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: Paul Rubin <no.email@nospam.invalid>
Newsgroups: comp.lang.ada
Subject: Re: How to get Ada to ?cross the chasm??
Date: Wed, 09 May 2018 15:03:51 -0700
Organization: A noiseless patient Spider
Message-ID: <878t8szdtk.fsf@nightsong.com>
References: <1c73f159-eae4-4ae7-a348-03964b007197@googlegroups.com>
	<pcdagp$7pn$1@franka.jacob-sparre.dk> <87lgd1heva.fsf@nightsong.com>
	<pcg54t$gul$1@franka.jacob-sparre.dk> <87zi1gz3kl.fsf@nightsong.com>
	<pciqcd$ou1$1@franka.jacob-sparre.dk> <878t8x7k1j.fsf@nightsong.com>
	<fl7t0uF410rU1@mid.individual.net> <pcmjao$1soj$1@gioia.aioe.org>
	<fl8lgcF9dqgU1@mid.individual.net> <pcnem2$19mn$1@gioia.aioe.org>
	<fl938cFchk8U1@mid.individual.net> <pcnqgm$1tb4$1@gioia.aioe.org>
	<87k1sg2qux.fsf@nightsong.com> <pcov1b$1cvt$1@gioia.aioe.org>
	<87h8njmk4r.fsf@nightsong.com> <pcq81a$1n85$1@gioia.aioe.org>
	<87po27fbv9.fsf@nightsong.com> <flemg6FkatpU1@mid.individual.net>
	<87in7x62vw.fsf@nightsong.com> <flh2g3F5sg3U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: reader02.eternal-september.org;
 posting-host="a15f8e13c869a4517dec92123a650d01";
	logging-data="19486"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX1/Y+UJuGAL07+AcXgn/6UXC"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
Cancel-Lock: sha1:r8OXvHVEtUbOp7Of7LeQW/W5Nc0=
	sha1:DQNQXJLXg5VmxIwd7prL95p79qM=
Xref: reader02.eternal-september.org comp.lang.ada:52176
Date: 2018-05-09T15:03:51-07:00
List-Id: <comp.lang.ada>

Niklas Holsti <niklas.holsti@tidorum.invalid> writes:
>> Niklas Holsti <niklas.holsti@tidorum.invalid> writes:
>>> WCET analysis
>> I'd say this is a niche area
> It is one of the core areas for the Ada language, and constrains the
> evolution of the language.

Sure, that's fine, one of Ada's core areas targets a niche (but
important) class of applications.  I think the idea of "Crossing the
chasm" was to get Ada more widely used outside the niche, in a
mainstream that mostly doesn't care about WCET beyond wanting programs
to be reasonably responsive most of the time.  

>> for which I'm surprised the methods we're discussing are ever viable.
> Which methods are these? I'm perhaps lost.

Applicative data structures, and methods in general that use dynamic
memory allocation extensively.  I'm used to the idea of a realtime
program as being something you could reasonably write in MISRA C or
Forth, i.e. it would tend to have completely static storage, mostly
straight-line code in fixed-sized loops, even with not too many "if"
statements past some kind of event dispatch.  That is probably a little
too constrained though.

I've played around with this and it's cool:
https://github.com/tomahawkins/atom

> Reference counts are certainly viable for real-time systems, provided
> that long/deep chains of references are avoided (or handled by the
> "garbage list" method) which is often possible.

ISTM that if the total amount of live data is bounded, then GC time is
also bounded, so GC can still be ok to use.

> There has been a lot of work on and promotion of GC for real-time
> systems, but most practitioners are still not convinced.

I agree with this, I'm not convinced either.  I'd be interested to know
what the proposed application areas are.  In my own mind there's a
pretty large divide between general purpose applications (that I'd run
on a server using a GC'd language) and realtime ones (that I'd run on an
MCU with no dynamic memory allocation at all).  But I know in reality
there's an in-between area. 

> I'm emotionally repulsed by the probabilistic approach, but I have to
> admit it seems the only practical path for WCET analysis of current
> high-end processors.

I have doubts about the reliability of the high-end processors
(speculative execution, N layers of caches, branch prediction etc).  But
we're headed into an era when ubiquitous critical systems (self-driving
cars) are controlled by artificial neural nets trained by statistical
machine learning, where absolutely nobody understands why the system
decides any particular thing.  Scary times.

>> I'd still like to know if there is careful analysis about max structure
>> depth and WCET, particularly formal analysis.
> Sorry, I don't understand what you want to know. Clarify, please.

E.g. I look at that GADT-checked Haskell red-black tree indexed using
zippers, and can imagine that being implemented with a refcounted
system.  Some bounds on the tree size give consequent bounds on its
depth, so it could conceivably be used in a system with a WCET analysis.
What I wonder is whether anyone does that in practice.  I imagine
working on a realtime system like your satellite stuff, and going into
the office saying I wanted to use something like that.  My boss would
probably tell me I was crazy.