windows shell could not been restarted

  • Thread starter Thread starter andsin
  • Start date Start date
A

andsin

hello!
i using XPE to build a SCADA. i need to continuous control
a work of two programms. i written a programm-supervisor
which do it(using SendMessageTimeout). how i can to
control the work ability of supervisor.
thank you.
 
I hope that you are not making some life critical system.
i using XPE to build a SCADA. i need to continuous control
a work of two programms. i written a programm-supervisor
which do it(using SendMessageTimeout). how i can to
control the work ability of supervisor.
thank you.

You can use board with hardware WDT (watch dog timer).
Write driver that will reset WDT and that will be reset by your software.
If driver stop responding device will be reset.
If monitored thread or process stops you can restart that process or do
whatever you like.
Bottom line your device can't stop responding in any case. I have
implemented such solution.

For me it is ok to restart device.
But for most SCADA applications loss of control for more that 50ms is not
acceptable.

I suggest you make simple microprocessor hardware based on Atmel AVR or some
other controllers to do all the work, and use your device only for
monitoring of process.
Or buy some Motorola SCADA system.

Best regards,
Slobodan
 
-----Original Message-----
I hope that you are not making some life critical system.
:} yes, it is not a life critical system.
You can use board with hardware WDT (watch dog timer).
Write driver that will reset WDT and that will be reset by your software.
If driver stop responding device will be reset.
If monitored thread or process stops you can restart that process or do
whatever you like.
Bottom line your device can't stop responding in any case. I have
implemented such solution.
my controller (Lippert) supplied with wdt. it restarts a
system. but i wish no restart when it is possible to
restart partitional application.
For me it is ok to restart device.
But for most SCADA applications loss of control for more that 50ms is not
acceptable.
I suggest you make simple microprocessor hardware based on Atmel AVR or some
other controllers to do all the work, and use your device only for
monitoring of process.
Or buy some Motorola SCADA system.
Best regards,
Slobodan

Motorola's SCADAs? it is a very interest...
we have an some projects built on microcontrollers(PIC).
but the programming and debuging of such devices is not
comfortable.
Thank you very much, Slobodan.
 
we have an some projects built on microcontrollers(PIC).
but the programming and debuging of such devices is not
comfortable.

I know I been programming them back in 95/96, it was living hell.
They were first RISCs with embedded flash, so they are very popular.
Since 98 I have been programming Atmel AVR. It is very easy to program
compared to PIC 16x series.

They are very powerful and have 130+ instructions.
1 clock / machine cycle. Up to 16MIPS @ 16MHz.
Most instructions are executed in single cycle.

32 general purpose registers (all connected to ALU) you can call them
accumulators.

From 2KB-128KB Code flash memory.
512B-4KB EEPROM.
RAM 512B-4KB
Many embedded hardware features (USARTS, SPI, I2C, WDT, etc)
Part of FLASH can be declared as boot block, and can be protected separately
from modification.
Flash can be programmed using boot program, very powerful for firmware
update in field.
Low power consumption can be lowered bellow 1uA.

Look at models ATMega8 - ATMega128.
Prices are in range 4$-30$ more or less.

They have embedded almost all that one SCADA developer could need.

Best regards,
Slobodan
 
my controller (Lippert) supplied with wdt. it restarts a
system. but i wish no restart when it is possible to
restart partitional application.
i written a programm-supervisor
which do it(using SendMessageTimeout). how i can to
control the work ability of supervisor.

If supervisor stops then wdt will restart your system, that is general idea.

Make supervisor process realtime priority.
And I think that it is better to use Events rather than messages. But this
is up to you.

Make supervisor as simple as posible so it can't block.
Supervisor should kill and spawn processes that it killed.
Group and assign processes to Job-s, so no child process can excape
termination.


Best regards,
Slobodan
 
hello, Slobodan!
you has perfectly well understood the idea. i wish to
control of supervisor by means of os. as i know explorer
of win98 should be terminated when hung and should be
restarted when terminated... it takes a smaller time to
terminate and restart one application than restart of os.
 
Andsin,
you has perfectly well understood the idea. i wish to
control of supervisor by means of os. as i know explorer
of win98 should be terminated when hung and should be
restarted when terminated... it takes a smaller time to
terminate and restart one application than restart of os.

You are programmer, right?

Make supervisor as service.
And make sure it is written flawlessly.
If it crashes then you must restart computer, this is only logical way to
do.

If you can not guarantee execution of program with few lines, then how can
you do that for more complex programs?

Think on what I have said:
Supervisor MUST NOT FAIL, and it must be guarded by WDT if it does.



Best regards,
Slobodan
 
all programms must sould be written with assumption of it
can hang! because it is neccesuary to use all means
preventing this phenomena. if it is impossible to protect
supervisor by os, of course it is the only way - to write
a supervisor "flawlessly".
 
all programms must sould be written with assumption of it
can hang!

Wrong there are programs (drivers) that must work flawlessly or system would
probably crash.
Your supervisor program is the hearth of system and it must not crash.
If it does then it is not your fault but hardware failure.

Look at example:

while(1)
{
Sanitycheckandprocessrestart();
ResetWDT();
}
because it is neccesuary to use all means
preventing this phenomena.

It this phenomena occurs then it happened nothing can help you, not even os.
if it is impossible to protect
supervisor by os, of course it is the only way - to write
a supervisor "flawlessly".

It depends on your concept of OS, how do you define OS.
I consider only kernel mode code as OS. Everything else are programs.
So if you want some MS program to protect and restart your supervisor, then
you don't have supervisor at all.

It is a matter of perception.

If you want you could make your supervisor as shell and let winlogon restart
it when it crashes. But like I said this is not a solution.


Best regards,
Slobodan
 
hello!
do you remember win98. if you do not then find the
computer with installed win98. by cad kill the explorer.
os will restart it.
by the way it is not acceptable to control the supervisor
with wdt. main scada application (and communication
driver) is controlled by wdt. i don't need restart
controller when supervisor was hung. i wish the next
scheme:
1. main application is controled by supervisor.
2. supervisor is controlled by os (like shell in win98).
3. main application is controlled by wdt.

wdt period is larger than the period of supervisor.

thus if the main application is hung or terminated the
supervisor will restart main application. if main
application is hung strongly (don't speak me what it's
impossible) wdt will restart system.
to control the supervisor by wdt is too high price because
the supervisor is not a scada.
this my stand point...
 
do you remember win98. if you do not then find the
computer with installed win98. by cad kill the explorer.
os will restart it.
If this is really what you want then search for AutoRestartShell in this
group and all groups for more info.

And yes I remember win98.
Also I can remember CP/M (although I was young) and many different versions
of DOS, Win 3.11, etc.
But this is all irrelevant to your problem.
by the way it is not acceptable to control the supervisor
with wdt. main scada application (and communication
driver) is controlled by wdt. i don't need restart
controller when supervisor was hung. i wish the next
scheme:
1. main application is controled by supervisor.
2. supervisor is controlled by os (like shell in win98).
3. main application is controlled by wdt.

wdt period is larger than the period of supervisor.

thus if the main application is hung or terminated the
supervisor will restart main application. if main
application is hung strongly (don't speak me what it's
impossible) wdt will restart system.
to control the supervisor by wdt is too high price because
the supervisor is not a scada.
this my stand point...


You may have your reasons to do this like you described.

I would make supervisor protected and impossible to hung (This can be done).
If it breaks then you have WDT.


Since Winlogon that is restarting shell is service that among other thing is
in charge of this operation, I would never want to put my neck on the line
and guarantee that it will work.



You should consider what you want to do.

Best regards,
Slobodan
 
Back
Top