" Ravenscar的状" C / C ++的配置文件 [英] "Ravenscar-like" profile for C/C++

问题描述

您好，

ADA Ravenscar是ADA语言的一个受限子集，已为安全关键应用程序中的实时软件开发定义了

。

完成了SPARK

配置文件中定义的其他限制，它允许构建非常确定的应用程序，支持

自动静态代码分析和可调度性分析。
http://www.acm.org/pubs/articles/pro...p1-dobbing.pdf


我想知道是否有是一个类似的C / C ++标准。我发现

只有MISRA-C和EC ++，但它们相对于

Ravenscar ADA配置文件而言相当宽松。此外，因为ADA标准涵盖了超出C / C ++标准范围的概念，所以我认为相当于C / C ++中的Ravenscar配置文件相当于
应参考

RTOS。


Marc


-

解决方案

" Marc Le Roy" <在****** @ invalide.com>在消息中写道

news：c6 ********** @ news-reader4.wanadoo.fr ...

你好，
< ADA Ravenscar是ADA语言的一个受限子集，已定义用于安全关键
应用程序中的实时软件开发。完成了SPARK
配置文件中定义的其他限制，它允许构建支持自动静态代码分析和可调度性分析的非常确定的应用程序。
http://www.acm.org/pubs/ article / pro ... p1-dobbing.pdf
我想知道是否有类似的C / C ++标准。我发现只有MISRA-C和EC ++，但它们对于Ravenscar ADA配置文件来说相当宽松。此外，由于ADA标准涵盖了超出C / C ++标准范围的概念，我认为相当于C / C ++中的Ravenscar配置文件应该参考 RTOS。

在C ++中没有理由使用这样的子集。使用适合您需要的C ++部分。整个语言的设计旨在实现最大的运行时间/空间效率。我在这里放置了我旧网站页面的内容，我认为你会发现有用的东西：

------------- -------------------------------------------

常见神话常见问题


这里讨论ANSI / ISO C ++ 1998.


C ++是一种通用编程语言对系统的偏见

编程。它适用于在严格的时间和空间限制下编写关键任务应用程序，如操作系统，实时模拟等等。它适用于向所有人编写应用程序
系统，从小型嵌入式设备到大型主机。


C ++是主要的通用编程语言。其他编程

语言如Visual Basic，C＃，Java等在全球范围内远远落后于采用（许多人可能因商业时尚而不知道的事实）。在这个常见问题中

我将试图揭穿各种广泛传播的C ++神话，并引起我的注意。


神话1


具有低级别内容的C风格操作（内置数组等）比使用容器和算法的高级C ++操作快得多b / b


标准库（模板等）" ;.


答：这是一个神话。 C ++标准的模板和其他结构

库以这样的方式编写，以便尽可能快地使用尽可能小的内容，以便内联。这意味着我们通常比我们的低级代码具有更好的性能，这些代码在函数中是分开的，并且用函数调用的时间成本调用
。


一个例子。考虑代码：


#include< ctime>

#include< cstdlib>

#include< cstring>

#include< vector>

#include< valarray>

#include< algorithm>

#include< iostream>

//对于qsort（）

inline int cmp（const void * p1，const void * p2）

{

return * static_cast< const int *>（p1） - * static_cast< const int *>（p2）;

}

int main（）

{

using namespace std;


const unsigned long SIZE = 20 * 1024 * 1024;


int * p1 = new int [SIZE];


srand（time（0））;


//在免费商店的数组中创建的随机数

for（unsigned long i = 0; i< SIZE; i ++）

p1 [i] = rand（）;


int * p2 = new int [SIZE];


memcpy（p2，p1，SIZE * sizeof（* p1 ））;

//数字从p复制到向量< int>

vector< int> vecarray（p1，& p1 [SIZE]）;


//数字也被复制到valarray< int> ;.

// valarray是为数值计算优化的数组容器。

valarray< int> vlarray（p1，SIZE）;

clock_t t1，t2，t3，t4，t5， t6，t7，t8，temp;


//等待从清晰的刻度开始以获得准确的结果

for（temp = t1 = clock（）; ！（T1-TEMP）; t1 =时钟（））

;


sort（vecarray.begin（），vecarray.end（））;


t2 =时钟（）;


//等待明确勾选以获得准确结果

for（temp = t3 = clock（ ）;;（t3-temp）; t3 = clock（））

;


qsort（p1，SIZE，sizeof（* p1），cmp） ;


t4 =时钟（）;

//等待明确勾选以获得准确结果

for（temp = t5 = clock（）;！（t5-temp）; t5 = clock（））

;


sort（p2，p2 + SIZE）;

t6 =时钟（）;

//等待明确勾选以获得准确结果

for（temp = t7 = clock（ ）;;（t7-temp）; t7 = clock（））

;


sort（& vlarray [0]，& vlarray [0 ] + vlarray.size（））;

t8 = clock（）;


delete [] p1;

delete [ ] p2;


cout<<" \ nvector< int> / sort（）排序时间："<<< t2-t1<<""翻译在

秒：" ;;

cout<< static_cast< double>（t2-t1）/ CLOCKS_PER_SEC<< endl;

cout<<" \ nvalarray< int> / sort（）排序时间："<<<< t8-t7<<""翻译在

秒：" ;;

cout<< static_cast< double>（t8-t7）/ CLOCKS_PER_SEC<< endl;

cout<<" \ nint * / qsort（）排序时间："<<< t4-t3<<""以秒为单位翻译：

" ;;

cout<< static_cast< double>（t4-t3）/ CLOCKS_PER_SEC<< endl;

cout<<" \ nint * / sort（）排序时间："<<< t6-t5<<""以秒为单位翻译：

" ;;

cout<< static_cast< double>（t6-t5）/ CLOCKS_PER_SEC<< endl;

}


此代码在免费商店中创建一个低级int数组，其中包含

" random"值，第二个具有相同的值，C ++高级别

向量< int>容器和C ++高级valarray< int>容器与

相同的内容。然后它测量每个人需要排序的时间。

应用C子集qsort（）的第一个C风格数组。在第二个

C风格的数组中，应用了C ++高级sort（）（模板）。对于C ++

高级向量< int>和valarray< int> （模板），C ++高级

sort（）（模板）被应用。程序最后输出时间。


PIII 1000 MHz，1024 MB RAM的结果：


MINGW GCC 3.1版（ Windows端口）：


g ++ temp.cpp -o

temp -pedantic-errors -Wall -fexpensive-optimizations -O3 -ffloat-store -mcp < br $>
u = pentiumpro


C：\ c> temp


vector< int> / sort（）排序时间：10345转化为秒：10.345

valarray< int> / sort（）排序时间：8051转换为秒：8.051


int * / sort（）排序时间：8342转换为秒：8.342


Borland C ++ 5.5：


bcc32 -O2 -6 temp.cpp


C：\c> temp


vector< int> / sort（）排序时间：14561转化为秒：14.561

valarray< int> / sort（）排序时间：14140已翻译成秒：14.14
/>
int * / qsort（）排序时间：15963转换为秒：15.963



英特尔C ++ 6：


icl / EHa / G6 / O3 / Qansi / Za / Qipo temp.cpp


C：\c> temp


vector< int> / sort（）排序时间：10094转换为秒：10.094


valarray< int> / sort（）排序时间：8743转换为秒：8.743

int * / qsort（）排序时间：12929转化为秒：12.929


int * / sort（）排序时间：9053转换为秒：9.053

Visual C ++ 2002 .NET：


cl / EHa / Ox / G6 / Za / Wp64 temp.cpp


C：\ c> temp


vector< int> / sort（）排序时间：8522秒转换：8.522

valarray< int> / sort（）排序时间：8352秒转换：8.352


int * / qsort（）排序时间：13209 transla ted in seconds：13.209


int * / sort（）排序时间：8392转换为秒：8.392


所以通过使用C ++更高级别构造我们至少保持C低等效的效率，同时享受C ++提供的高水平的舒适性和安全性。在许多情况下，我们甚至可以获得时间/空间效率。


参考文献： http://www.research.att.com/~bs/esc99.html

http://www23.brinkster.com/noicys/do...eaking-cpp。 pdf 215 KB PDF file


[最后更新时间：2003年2月27日]


版权所有？ 2001-2003 Ioannis Vranos

------------------------------------- ------



问候，


Ioannis Vranos

Ioannis Vranos写道：

在C ++中没有理由使用这样的子集。使用符合您需求的C ++部分。

您似乎不太了解高完整性系统的世界，

特别是需要根据标准认证的那些，例如

DO178B A级;-)


你应该看一下这个文件：
http：// polaris.dit.upm.es/~str/proye...ents/RP_ug.pdf

特别是第2节，它解释了为什么这样一个限制性的ADA简介有
已经定义了
。


C ++确实存在与任务有关的问题

因为任务不是C ++的一部分标准，但其他遗骸。事实上，

在实时项目中有很好的使用C和C ++的经验[是的，

他们是不同的语言;-)]，我有个好主意什么可以或不可以在安全关键系统中使用
。但我很确定我的

客户和认证机构对我们建立的标准的建立标准比我认为的更有信心:-)


Marc

On Sun，2004年4月25日18:11:10 +0300，Ioannis Vranos

< iv*@guesswh.at.emails.ru>在comp.lang.c中写道：

" Marc Le Roy" <在****** @ invalide.com>在消息中写道
新闻：c6 ********** @ news-reader4.wanadoo.fr ...

你好，

ADA Ravenscar是ADA语言的一个受限子集，已定义用于安全关键

应用程序中的实时软件开发。已完成其他限制，如它们在SPARK
配置文件中定义，它允许构建支持自动静态代码分析和可调度性分析的非常确定的应用程序。

http://www.acm.org/pubs/articles/ pro ... p1-dobbing.pdf

我想知道C / C ++是否有类似的标准。我发现只有MISRA-C和EC ++，但它们对于Ravenscar ADA配置文件来说相当宽松。此外，由于ADA标准涵盖了超出C / C ++标准范围的概念，我认为相当于C / C ++中的Ravenscar配置文件应该参考 RTOS。

在C ++中没有理由使用这样的子集。使用符合您需求的C ++部分。整个语言旨在最大限度地提高运行时/空间的效率。我在这里放置了我的旧网站页面的内容，我认为你会发现它很有用：

[large snip]


你完全误解了这个问题。


这里的问题与运行时/空间没什么关系

效率，但正如OP明确指出的那样，安全关键

应用程序。你在你剪掉的那段过长的讽刺信息中使用的短语，关键任务应用程序，

不是，从来没有，也永远不会远程相似。事实上，它只是一个营销热门词。


这使得你的答案在上下文中毫无意义。


-

Jack Klein

主页： http://JK-Technology.Com

常见问题解答

comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html

comp.lang.c ++ http：// www .parashift.com / c ++ - faq-lite /

alt.comp.lang.learn.c-c ++
http://www.contrib.andrew.cmu.edu/~a...FAQ- acllc.html

Hello,

ADA Ravenscar is a restricted subset of the ADA language that has been
defined for real-time software development in safety critical applications.
Completed with additional restrictions like the ones defined in the SPARK
profile, it allow to build very deterministic applications that support
automatic static code analysis and schedulability analysis.
http://www.acm.org/pubs/articles/pro...p1-dobbing.pdf

I would like to know if there is a similar standard for C / C++. I found
only MISRA-C and EC++, but they are rather permissive with respect to the
Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
that are out of the scope of the C/C++ standards, I suppose that an
equivalent of the Ravenscar profile in C/C++ should make reference to an
RTOS.

Marc

--

解决方案

"Marc Le Roy" <in******@invalide.com> wrote in message
news:c6**********@news-reader4.wanadoo.fr...

Hello,

ADA Ravenscar is a restricted subset of the ADA language that has been
defined for real-time software development in safety critical applications. Completed with additional restrictions like the ones defined in the SPARK
profile, it allow to build very deterministic applications that support
automatic static code analysis and schedulability analysis.
http://www.acm.org/pubs/articles/pro...p1-dobbing.pdf
I would like to know if there is a similar standard for C / C++. I found
only MISRA-C and EC++, but they are rather permissive with respect to the
Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
that are out of the scope of the C/C++ standards, I suppose that an
equivalent of the Ravenscar profile in C/C++ should make reference to an
RTOS.

There is no reason for such a subset in C++. Use the part of C++ that fits
your needs. The whole language is designed for maximum run-time/space
efficiency. I place here the contents of a page of my old web site which i
think you will find useful:
--------------------------------------------------------

FAQ for common myths

Here ANSI/ISO C++ 1998 is discussed.

C++ is a general purpose programming language with a bias towards systems
programming. It is suitable for writing mission critical applications under
severe time and space constraints, like Operating Systems, real-time
simulations, etc. It is suitable for writing applications towards all kinds
of systems, from small embedded devices to large mainframes.

C++ is the dominant general purpose programming language. Other programming
languages like Visual Basic, C#, Java, etc are far behind in worldwide
adoption (a fact that many may not know due to commercial fads). In this FAQ
I shall be trying to debunk various C++ myths that are widespread and come
to my attention.

Myth 1

"C-style operations with low level stuff (built in arrays, etc) are faster
than high level C++ operations with containers and algorithms of the
standard library (templates, etc)".

Answer: This is a myth. Template and other constructs of the C++ standard
library are written in such a way so as to be as fast as possible and as
small as possible so as to be inlined. That means we usually have better
performance than our low level code, which is separated in functions and is
called with the cost of time that function calls have.

An example. Consider the code:

#include <ctime>
#include <cstdlib>
#include <cstring>
#include <vector>
#include <valarray>
#include <algorithm>
#include <iostream>
// For qsort()
inline int cmp(const void *p1, const void *p2)
{
return *static_cast<const int *>(p1)-*static_cast<const int *>(p2);
}
int main()
{
using namespace std;

const unsigned long SIZE=20*1024*1024;

int *p1=new int[SIZE];

srand(time(0));

// Random numbers created in the array on the free store
for(unsigned long i=0; i<SIZE; i++)
p1[i]=rand();

int *p2=new int[SIZE];

memcpy(p2, p1, SIZE*sizeof(*p1));
// The numbers are copied from p to a vector<int>
vector<int>vecarray(p1, &p1[SIZE]);

// The numbers are also copied to a valarray<int>.
// valarray is an array container optimised for numerical computations.
valarray<int>vlarray(p1, SIZE);
clock_t t1, t2, t3, t4, t5, t6, t7, t8, temp;

// Wait to begin from a clear tick for accurate results
for(temp=t1=clock(); !(t1-temp); t1=clock())
;

sort(vecarray.begin(), vecarray.end());

t2=clock();

// Wait to begin from a clear tick for accurate results
for(temp=t3=clock(); !(t3-temp); t3=clock())
;

qsort(p1, SIZE, sizeof(*p1), cmp);

t4=clock();
// Wait to begin from a clear tick for accurate results
for(temp=t5=clock(); !(t5-temp); t5=clock())
;

sort(p2, p2+SIZE);
t6=clock();
// Wait to begin from a clear tick for accurate results
for(temp=t7=clock(); !(t7-temp); t7=clock())
;

sort(&vlarray[0], &vlarray[0]+vlarray.size());
t8=clock();

delete[] p1;
delete[] p2;

cout<<"\nvector<int>/sort() sorting time: "<<t2-t1<<" translated in
seconds: ";
cout<<static_cast<double>(t2-t1)/CLOCKS_PER_SEC<<endl;

cout<<"\nvalarray<int>/sort() sorting time: "<<t8-t7<<" translated in
seconds: ";
cout<<static_cast<double>(t8-t7)/CLOCKS_PER_SEC<<endl;

cout<<"\nint */qsort() sorting time: "<<t4-t3<<" translated in seconds:
";
cout<<static_cast<double>(t4-t3)/CLOCKS_PER_SEC<<endl;

cout<<"\nint */sort() sorting time: "<<t6-t5<<" translated in seconds:
";
cout<<static_cast<double>(t6-t5)/CLOCKS_PER_SEC<<endl;

}

This code creates a low level int array on the free store containing
"random" values, a second one with the same values, a C++ high level
vector<int> container and a C++ high level valarray<int> container with the
same contents. Then it measures the time each one needs to be sorted. At
the first C-style array the C subset qsort() is applied. At the second
C-style array the C++ high level sort() (template) is applied. For the C++
high level vector<int> and valarray<int> (templates), the C++ high level
sort() (template) is applied. At the end the program outputs the timings.

The results on a PIII 1000 MHz, 1024 MB RAM:

MINGW GCC version 3.1 (Windows port) :

g++ temp.cpp -o
temp -pedantic-errors -Wall -fexpensive-optimizations -O3 -ffloat-store -mcp
u=pentiumpro

C:\c>temp

vector<int>/sort() sorting time: 10345 translated in seconds: 10.345

valarray<int>/sort() sorting time: 8051 translated in seconds: 8.051

int */qsort() sorting time: 14050 translated in seconds: 14.05

int */sort() sorting time: 8342 translated in seconds: 8.342

Borland C++ 5.5:

bcc32 -O2 -6 temp.cpp

C:\c>temp

vector<int>/sort() sorting time: 14561 translated in seconds: 14.561

valarray<int>/sort() sorting time: 14140 translated in seconds: 14.14

int */qsort() sorting time: 15963 translated in seconds: 15.963

int */sort() sorting time: 14311 translated in seconds: 14.311

Intel C++ 6:

icl /EHa /G6 /O3 /Qansi /Za /Qipo temp.cpp

C:\c>temp

vector<int>/sort() sorting time: 10094 translated in seconds: 10.094

valarray<int>/sort() sorting time: 8743 translated in seconds: 8.743

int */qsort() sorting time: 12929 translated in seconds: 12.929

int */sort() sorting time: 9053 translated in seconds: 9.053

Visual C++ 2002 .NET:

cl /EHa /Ox /G6 /Za /Wp64 temp.cpp

C:\c>temp

vector<int>/sort() sorting time: 8522 translated in seconds: 8.522

valarray<int>/sort() sorting time: 8352 translated in seconds: 8.352

int */qsort() sorting time: 13209 translated in seconds: 13.209

int */sort() sorting time: 8392 translated in seconds: 8.392

So by using C++ higher level constructs we maintain at least the efficiency
of C low level equivalents while enjoying the high level comfort and safety
C++ provides. And in many cases we even gain in time/space efficiency.

References: http://www.research.att.com/~bs/esc99.html

http://www23.brinkster.com/noicys/do...eaking-cpp.pdf 215 KB PDF file

[Last updated: 27 February 2003]

Copyright ? 2001-2003 Ioannis Vranos
-------------------------------------------


Regards,

Ioannis Vranos

Ioannis Vranos wrote:

There is no reason for such a subset in C++. Use the part of C++ that
fits your needs.

It seems that you don''t know very well the world of high integrity systems,
especially the ones that require certification according to standards like
DO178B level A ;-)

You should have a look to this document:
http://polaris.dit.upm.es/~str/proye...ents/RP_ug.pdf
especially to section 2, that explain why such a restrictive ADA profile has
been defined.

It is true that the problems in relation with tasking do not exist in C++
because tasking is not part of the C++ standard, but other remains. In fact,
having a good experience of using both C and C++ in real time projects [yes,
they are different languages ;-) ], I have a good idea of what can or cannot
be used in safety critical systems. But I am pretty sure that both my
customer and certification authorities will have a greater confidence in a
established standard than in my opinion :-)

Marc

On Sun, 25 Apr 2004 18:11:10 +0300, "Ioannis Vranos"
<iv*@guesswh.at.emails.ru> wrote in comp.lang.c:

"Marc Le Roy" <in******@invalide.com> wrote in message
news:c6**********@news-reader4.wanadoo.fr...

Hello,

ADA Ravenscar is a restricted subset of the ADA language that has been
defined for real-time software development in safety critical

applications.

Completed with additional restrictions like the ones defined in the SPARK
profile, it allow to build very deterministic applications that support
automatic static code analysis and schedulability analysis.

http://www.acm.org/pubs/articles/pro...p1-dobbing.pdf

I would like to know if there is a similar standard for C / C++. I found
only MISRA-C and EC++, but they are rather permissive with respect to the
Ravenscar ADA profile. Moreover, because the ADA standard covers concepts
that are out of the scope of the C/C++ standards, I suppose that an
equivalent of the Ravenscar profile in C/C++ should make reference to an
RTOS.

There is no reason for such a subset in C++. Use the part of C++ that fits
your needs. The whole language is designed for maximum run-time/space
efficiency. I place here the contents of a page of my old web site which i
think you will find useful:

[large snip]

You have completely mis-understood the question.

The issues here have nothing at all to do with run-time/space
efficiency, but about, as the OP specifically stated, "safety critical
applications". The phrase you used in the part of your overly long
pedantic message that I snipped, "mission critical applications", is
not, never has been, and never will be remotely similar. In fact, it
is nothing more than a marketing buzz word.

This renders your answer meaningless in the context.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html

这篇关于&QUOT; Ravenscar的状&QUOT; C / C ++的配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！