From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 backlog3.nntp.dca3.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!newsfeed.datemas.de!rt.uk.eu.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Safety of unprotected concurrent operations on constant objects
Date: Sat, 10 May 2014 22:27:08 +0200
Organization: cbb software GmbH
Message-ID: <10pk27v48vhcb$.1qkf6roq2yzjn$.dlg@40tude.net>
References: <slrnlm6mkg.i0l.lithiumcat@nat.rebma.instinctive.eu>
	<7403d130-8b42-43cd-a0f1-53ba34b46141@googlegroups.com>
	<slrnlmals8.i0l.lithiumcat@nat.rebma.instinctive.eu>
	<lya9aybkxc.fsf@pushface.org>
 <lk41jr$1vl$1@dont-email.me>
	<slrnlmbs1n.i0l.lithiumcat@nat.rebma.instinctive.eu>
	<6c2cd5d4-a44c-4c18-81a3-a0e87d25cd9e@googlegroups.com>
	<slrnlmcoqd.i0l.lithiumcat@nat.rebma.instinctive.eu>
	<waw9v.109142$f85.65293@fx19.iad>
 <scy9v.1071029$2N5.142769@fx05.iad>	<kxy9v.109149$f85.89664@fx19.iad>
 <lyzjiw7h6c.fsf@pushface.org> <fRN9v.204655$Ng5.180587@fx17.iad>
 <t7a0jcl05g1h.11jb75b2jg1l7.dlg@40tude.net> <eT_9v.574$dr.264@fx27.iad>
 <83ha6vuynrzs.1jk08faxb8mnl.dlg@40tude.net> <xtDav.68151$7X2.15124@fx19.iad>
 <1jebi7cf92ak4.1trmstj8qi3wm.dlg@40tude.net> <zv4bv.5236$pa5.5140@fx23.iad>
 <1i6pyg077xlrv.vnwotzzgb0ut$.dlg@40tude.net> <nYobv.8538$116.7932@fx21.iad>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: AuYlnUSfTZrfhAkRjyySpQ.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: number.nntp.dca.giganews.com comp.lang.ada:186345
Date: 2014-05-10T22:27:08+02:00
List-Id: <comp.lang.ada>

On Sat, 10 May 2014 06:30:14 -0600, Brad Moore wrote:

> On 09/05/2014 1:00 PM, Dmitry A. Kazakov wrote:
>> On Fri, 09 May 2014 07:14:09 -0600, Brad Moore wrote:
>>
>>> On 08/05/2014 2:20 AM, Dmitry A. Kazakov wrote:
>>
>>>> To me description that does not prescribe is a lie.
>>>
>>> It is true that the Task_Safe aspect would be prescribing some
>>> restrictions that are meant to enforce the intent as best as possible,
>>> but it also documents the intent of the programmer. So to be more
>>> precise, the Task_Safe mechanism doesn't prescribe a specific
>>> implementation for the programmer. It only prescribes that whatever
>>> implementation the programmer chooses, it should be task safe.
>>
>> In other words is a comment. I prefer old -- -style comments.
> 
> It'd be far, far better than a comment, in my mind. A comment doesn't 
> cause compilations to fail.

Neither the aspect should, because, as I said, neither task-safety nor
unsafety follows from safety of called operations.

> If Foo calls Bar, and both Foo and Bar have the Task_Safe aspect, but 
> some time later the maintainer of Bar decides to change its 
> implementation to refer to some global variable or call some other 
> subprogram that doesn't have the Task_Safe aspect, the compiler would 
> force the programmer to remove the Task_Safe aspect from Bar.

But this rule is just wrong. Calling unsafe operation from a safe one will
be pretty much safe in most cases. The reverse is likely wrong.

Compare it with protected actions. It is safe to call an operation which
itself is not protected from a protected operation on the context of a
protected action.

There is no reasonable rules to verify. Safety of an operation is *not*
related to the safety of called operations, not transitive nor
antitransitive.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de