Universität Bielefeld - Technische Fakultät
 AG Rechnernetze und Verteilte Systeme 
 Arbeitsgruppe von Prof. Peter B. Ladkin, Ph.D. 
Zurück   Weiter
  From the Risk Forum 19.53  

Risks-19.53-9.1

Re: What really happened on Mars Rover Pathfinder (Jones, R-19.49)

From: Ken Tindell < ken@nrtg.com>
Date: Fri, 12 Dec 1997 19:16:15 -0000

> This scenario is a classic case of priority inversion.

So classic that it has happened before many times in many projects. And I fear will continue to happen. Today, people are building critical real-time systems based on Windows NT. But NT doesn't implement priority inheritance. Instead it contains a "priority randomizer" which randomly selects tasks and alters their priorities in the hope that eventually the priority inversion goes away. Whilst this may be adequate for a general-purpose computer in a workstation environment, this is unlikely to be adequate for a critical real-time system.

> For the record, the paper was:
> L. Sha, R. Rajkumar, and J. P. Lehoczky. Priority Inheritance Protocols: An
> An Approach to Real-Time Synchronization. In IEEE Transactions on Computers,
> vol. 39, pp. 1175-1185, Sep. 1990.

I must point out that their work appeared much earlier in technical reports and conference proceedings and was widely cited before the 1990 paper appeared. Interested readers might like to read the following paper, which gives an historical perspective on when major results were made available:

"Fixed Priority Scheduling: An Historical Perspective", Audsley, Burns, Davis, Tindell, Wellings, Real-Time Systems journal, March 1995, Volume 8, No. 2/3, pp. 173-198.

I find it outrageous that engineers in 1997 are building critical systems that contain serious defects that were detectable and correctable ten years ago. I do wonder at what point failure to be aware of these risks constitutes negligence.

 Copyright © 1998 Peter B. Ladkin, 05. September 1998 
Letzte Änderung am 11.12.2001
von Mirco Hilbert