Assignment with Adjust and Task Safety

[Jeremiah <jeremiah.breeden@gmail.com>]

I've been playing around with shared/safe/smart pointer representations in Ada and have been trying to wrap my head around how task safety works with Adjustment.  I definitely get the concept of Atomic increment/decrement in order to allow to shared pointers in two separate task to work safely, but when two separate tasks work on the same shared pointer, I am having trouble using atomic increment/decrement to prevent the following issue:

Initial conditions:
1.  Task_A and Task_B both have access to Shared_Pointer_A
2.  Shared_Pointer_A currently is the only reference to Object_A (count = 1)
3.  Shared_Pointer_B currently points to a different Object_B (count = 1 or whatever).  Additionally, Shared_Pointer_B is only used by Task_B.
4.  Shared_Ponter_C is currently null and only used by Task_A

If I start an assignment in Task_A of Shared_Pointer_C := Shared_Pointer_A, but get interrupted by Task_B in between when the contents of Shared_Pointer_A are copied into Shared_Pointer_C and when Shared_Pointer_C is adjusted, if Task_B then does the assignment Shared_Pointer_A := Shared_Pointer_B, how do I prevent Shared_Pointer_C from working with a reference that is finalized by Task_B's assignment process?

An illustration:
Task_A:
Finalize(Shared_Pointer_C);
Copy Shared_Pointer_A into Shared_Pointer_C

Task_A is yielded and Task B Starts

Task_B:
Finalize(Shared_Pointer_A);  -- uh oh??
Copy Shared_Pointer_B into Shared_Pointer_A
Adjust Shared_Pointer_A
do some Task_B stuff until Task_B yields and Task_A starts up

Task_A:
Adjust(Shared_Pointer_A);  -- Contents invalid???


I don't think atomic increment/decrement will fix this as the task switch happens outside of both Adjust and Finalize.  Is there some other way to prevent this?  I know at the higher level I can wrap Shared_Pointer_A into a protected type to ensure the assignments and reads from it are protected, but that is something normally out of the scope of the Shared_Pointer_Type.

I've been looking at other implementations, but haven't found how this instance is protected against.  It may not be outside of forcing assignment through a protected type, but wanted to check.

Note that I am not accounting for the temporary objects for brevity in the example.  Additionally, this may just be bad design all around, but I am trying to look at the mechanics behind this as well and if it is even possible to do this safely.

Thank you.