xiaoxiang781216 commented on code in PR #18016:
URL: https://github.com/apache/nuttx/pull/18016#discussion_r2711087783
##########
sched/task/task_cancelpt.c:
##########
@@ -125,14 +125,13 @@ bool nxnotify_cancellation(FAR struct tcb_s *tcb)
*/
tls->tl_cpstate |= CANCEL_FLAG_CANCEL_PENDING;
- leave_critical_section(flags);
- return true;
+ ret = true;
Review Comment:
> 1. I don’t think that obtaining ASIL-D certification or adopting AUTOSAR
guarantees safety; it is merely a threshold set by leading enterprises.
No,
> 2. Certified companies have not disclosed the kernel they use, but I know
it is Zephyr.
so, why do you reference the official Zephry code base and said that "the
rule of one entry and one exit point for subprograms and functions" isn't
required?
> 3. To pass ASIL-D certification, the nuttx kernel requires extensive
modifications.
yes, we are modifying sched/ and make the change pass the certification and
production testing.
> Some changes, such as those related to dynamic memory management, may not
cover all scenarios.
one time dynmaic allocation is fine. we add assert in free and testing the
cerification kernel never call free in anycase.
> Formal verification is completely unsuitable for software development
workflows. These constraints were only documented because early compilers were
riddled with bugs. I wonder if you have encountered a lot of odd issues while
using the Green Hills compiler—they can’t even handle switch prediction
properly. So why are we still trusting these obsolete tools?
we use other safety compiler for certification. Anyway, let's come back to
this patch, do you have any other concern?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
