Re: Global Varibles!! - Norman H. Cohen

comp.lang.ada
 help / color / mirror / Atom feed

From: "Norman H. Cohen" <ncohen@watson.ibm.com>
Subject: Re: Global Varibles!!
Date: 1997/02/25
Date: 1997-02-25T00:00:00+00:00	[thread overview]
Message-ID: <3313153F.15CB@watson.ibm.com> (raw)
In-Reply-To: dewar.856748645@merv

Robert Dewar wrote:
> 
> Norman said
> 
> << package Serial_Numbers is
>    procedure Get_Next (Number: out Natural);
> end Serial_Numbers;
> 
> package body Serial_Numbers is
>    Next: Natural := 0:
>    procedure Get_Next (Number: out Natural) is
>    begin
>       Number := Next;
>       if Number = Natural'Last then
>          Number := 0;
>       else
>          Number := Number + 1;
>       end if;
>    end Get_Next;
> end Serial_Numbers;
> >>

Oops!  What I meant to write, of course, is:

   if Next = Natural'Last then
      Next := 0;
   else
      Next := Next + 1;
   end if;

> Of course in general this kind of hiding is quite appropriate. Note however
> a danger, here we have an unexposed global variable that is not protected
> against task switches. If the global is in the spec, you are at least
> clearly publishing a warning that you have an unprotected global.

Robert correctly points out that this version of Serial_Numbers is not
task-safe.  If the intent is that the package be task-safe, it can be
made so in any of a number of ways (at the cost of performance and/or
simplicity of the interface), including:

1. using a protected object in the package body

2. replacing Next by a per-task attribute (see "The Package
Task_Attributes", RM C.7.2)

3. replacing the global variable with a parameter carrying private
per-task state, which might be considered overkill in the Serial_Numbers
case, but is essentially the role that type Generator plays in the
predefined random-numbers packages (RM A.5.2).

If the intent is that the package not be task-safe, this should indeed
be documented, but I would prefer to do this with a comment rather then
by exposing the global variable in the package spec.  

Alternatively, if approach #1 is used to make the package task safe,
this could be documented by declaring the protected object in the
package spec rather than declaring a procedure in the spec, declaring
the protected object in the body, and implementing the visible procedure
with a call on a corresponding protected procedure.

This gives rise to the following question:  In the absence of any
documentation to the contrary, should a package be assumed to be
task-safe or task-unsafe?  A purist view is that all packages should be
assumed by default to be task-safe, and that the author of a task-unsafe
package should document the fact that the package is not task-safe.  In
reality, many programmers implicitly regard a single-task program as the
"normal" case and a multitask program as an exotic special case.

-- 
Norman H. Cohen
mailto:ncohen@watson.ibm.com
http://www.research.ibm.com/people/n/ncohen

next prev parent reply	other threads:[~1997-02-25  0:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1997-02-19  0:00 Global Varibles!! Richard Pearce
1997-02-20  0:00 ` Matthew Heaney
1997-02-21  0:00   ` Norman H. Cohen
1997-02-23  0:00     ` Robert Dewar
1997-02-25  0:00       ` Norman H. Cohen [this message]
1997-02-25  0:00         ` Robert Dewar

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox