From: "G.B." <rm-dash-bau-haus@dash.futureapps.de>
Subject: Re: Safety of unprotected concurrent operations on constant objects
Date: Tue, 06 May 2014 18:24:24 +0200
Date: 2014-05-06T18:24:24+02:00 [thread overview]
Message-ID: <53690cb8$0$6602$9b4e6d93@newsspool4.arcor-online.net> (raw)
In-Reply-To: <ye80u8yjop49.zttq1d7bi98f$.dlg@40tude.net>
On 06.05.14 17:00, Dmitry A. Kazakov wrote:
>>> 1. It is very simple to forget to place mutex in some operation and get a
>>> very nasty bug to find.
>>
>> OTOH, bugs within the task-safe implementation may, as always,
>> need fixing by the tool vendor;
>
> And bugs outside it need not?
They sure need that, too, nothing specific here.
>> you'd also ask the programmer
>> to accept that there is either black (not task safe) or white
>> (task safe), but if he chooses white, he has to suppress his
>> potential knowledge of a much better concurrency structure.
>
> I don't even understand what this is supposed to mean.
It means that in your model, as I understand it, a programmer
gets one of
- *no* operations of a container with sharing related add-ons
(Ada, as-is)
- *all* operations of a container with sharing related add-ons
(Ada, with "protected new")
See below for when "protected new" is too much wrap.
> I pointed out that manual wrapping of operations is tedious, error prone,
> and the potential damage is incredibly high as bugs may stay undetected in
> the production code for years and there is no way to write a test for such
> bugs.
Yes. Manual placement of locks etc. is tedious and prone to
error. Locking everything is an alternative, but is going
to annoy those who can show that they do not need everything
locked, or simply cannot afford the additional overhead.
>> How could an implementation of task-safe containers be the
>> most efficient choice for all goals?
>
> By deploying the most efficient method of interlocking available on the
> given platform for the given Ada profile.
So you ask programmers who *do* *know* that concurrent reads are
safe (because they can *show* that concurrent reads are safe)
to still use mutex and not just read concurrently even though
the locks are quite unnecessary?
>>> 3. The low-level approach breaks under inheritance especially when
>>> overriding must call to the parent type operations.
>>
>> Everything can break under inheritance,
>
> This is plain wrong. If everything would break,
("would" invokes the subjunctive conditional, and besides
incurring difficulties, is not "can".)
"everything will break" /= "everything can break"
Conversely,
"some things won't break" /= "some things can't break"
"Protected new" relates to "some things can't break".
"Tagged new" relates to "some things won't break".
You had redefined the meaning of "overriding" by stipulating
that it means "mutex-wrapping-inheritance". That's OK, though,
in real Ada, sadly we don't have that, and whatever a programmer
can access in overriding operations, he can use to break things.
("Can", not "would".) If, by analogy, we could have
"contract-wrapping-inheritance", then nothing could break
either, as long as the contract is good enough and the compiler
can supply the necessary contract-based wrapping.
> I explained how task-safe primitive operations can be overridden remaining
> safe.
Here we are: *every* operation of a so protected container
is run in mutex ways. The programmer does not have a choice.
It may be the best one, or it may be prohibitively slow.
See above.
>>> 4. The low-level approach breaks encapsulation. If you add new operations
>>> you must expose the mutex to them.
>>
>> Do you mean "add new operations to the Has-A type"?
>
> I mean adding an operation, period. This operation, in order to be
> task-safe, must use the locking mechanism of the parent type.
It could use the parent's locking, but it need not, and this
can even be trivially true. (In fact, Ravenscar programs may
require that each client call make use of its own lock, as
there are no queues.)
> E.g. mutex.
> It means that you must expose the mutex to make the type publicly
> extendable.
No, I don't think I need to expose anything. If the type is derived
from a parent whose private parts I cannot see, then my derived
type's operations can only call the allegedly task safe operations of
the parent type. (Which, by assumption, is my Has-A type, which
has a container component, and which itself calls container
operations.)
next prev parent reply other threads:[~2014-05-06 16:24 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-02 8:42 Safety of unprotected concurrent operations on constant objects Natasha Kerensikova
2014-05-03 13:43 ` sbelmont700
2014-05-03 20:54 ` Natasha Kerensikova
2014-05-03 21:40 ` Simon Wright
2014-05-04 0:28 ` Jeffrey Carter
2014-05-04 7:46 ` Natasha Kerensikova
2014-05-04 8:06 ` Dmitry A. Kazakov
2014-05-04 15:18 ` sbelmont700
2014-05-04 15:57 ` Natasha Kerensikova
2014-05-04 18:30 ` sbelmont700
2014-05-04 19:34 ` Dmitry A. Kazakov
2014-05-05 19:04 ` Brad Moore
2014-05-05 21:23 ` Brad Moore
2014-05-04 21:44 ` Shark8
2014-05-05 8:39 ` Simon Wright
2014-05-05 15:11 ` Brad Moore
2014-05-05 16:36 ` Dmitry A. Kazakov
2014-05-06 6:00 ` Brad Moore
2014-05-06 8:11 ` Dmitry A. Kazakov
2014-05-06 8:48 ` Alejandro R. Mosteo
2014-05-06 9:49 ` G.B.
2014-05-06 12:19 ` Dmitry A. Kazakov
2014-05-06 12:58 ` G.B.
2014-05-06 15:00 ` Dmitry A. Kazakov
2014-05-06 16:24 ` G.B. [this message]
2014-05-06 19:14 ` Dmitry A. Kazakov
2014-05-07 6:49 ` Georg Bauhaus
2014-05-07 7:40 ` Dmitry A. Kazakov
2014-05-07 11:25 ` G.B.
2014-05-07 12:14 ` Dmitry A. Kazakov
2014-05-07 13:45 ` G.B.
2014-05-07 14:08 ` Dmitry A. Kazakov
2014-05-07 17:45 ` Simon Wright
2014-05-07 18:28 ` Georg Bauhaus
2014-05-07 4:59 ` J-P. Rosen
2014-05-07 7:30 ` Dmitry A. Kazakov
2014-05-07 8:26 ` J-P. Rosen
2014-05-07 9:09 ` Dmitry A. Kazakov
2014-05-07 11:29 ` J-P. Rosen
2014-05-07 12:36 ` Safety of unprotected concurrent operations on constant objects (was: Safety of unprotected concurrent operations on constant objects) Dmitry A. Kazakov
2014-05-07 14:04 ` Safety of unprotected concurrent operations on constant objects G.B.
2014-05-08 4:12 ` Brad Moore
2014-05-08 8:20 ` Dmitry A. Kazakov
2014-05-08 10:30 ` G.B.
2014-05-09 13:14 ` Brad Moore
2014-05-09 19:00 ` Dmitry A. Kazakov
2014-05-10 12:30 ` Brad Moore
2014-05-10 20:27 ` Dmitry A. Kazakov
2014-05-11 6:56 ` Brad Moore
2014-05-11 18:01 ` Brad Moore
2014-05-12 8:13 ` Dmitry A. Kazakov
2014-05-13 4:50 ` Brad Moore
2014-05-13 8:56 ` Dmitry A. Kazakov
2014-05-13 15:01 ` Brad Moore
2014-05-13 15:38 ` Brad Moore
2014-05-13 16:46 ` Simon Wright
2014-05-13 19:15 ` Dmitry A. Kazakov
2014-05-13 16:08 ` Dmitry A. Kazakov
2014-05-13 20:27 ` Randy Brukardt
2014-05-14 4:30 ` Shark8
2014-05-14 21:37 ` Randy Brukardt
2014-05-14 21:56 ` Robert A Duff
2014-05-15 1:21 ` Shark8
2014-05-14 14:30 ` Brad Moore
2014-05-15 8:03 ` Dmitry A. Kazakov
2014-05-15 13:21 ` Robert A Duff
2014-05-15 14:27 ` Dmitry A. Kazakov
2014-05-15 15:53 ` Robert A Duff
2014-05-15 16:30 ` Dmitry A. Kazakov
2014-10-26 17:11 ` Jacob Sparre Andersen
2014-05-08 19:52 ` Randy Brukardt
2014-05-06 16:22 ` Robert A Duff
2014-05-06 19:07 ` Dmitry A. Kazakov
2014-05-08 5:03 ` Brad Moore
2014-05-08 12:03 ` Brad Moore
2014-05-08 19:57 ` Randy Brukardt
2014-05-09 2:58 ` Brad Moore
2014-05-05 20:29 ` Natasha Kerensikova
2014-05-08 3:41 ` Randy Brukardt
2014-05-08 9:07 ` Natasha Kerensikova
2014-05-08 19:35 ` Randy Brukardt
2014-05-08 3:12 ` Randy Brukardt
2014-05-05 22:30 ` Brad Moore
2014-05-04 16:04 ` Peter Chapin
2014-05-04 18:07 ` Natasha Kerensikova
2014-05-04 18:55 ` Jeffrey Carter
2014-05-04 19:36 ` Simon Wright
2014-05-04 20:29 ` Jeffrey Carter
2014-05-05 22:46 ` Brad Moore
2014-05-04 20:25 ` Shark8
2014-05-04 23:33 ` sbelmont700
2014-05-05 7:38 ` Dmitry A. Kazakov
2014-05-08 3:45 ` Randy Brukardt
2014-05-08 3:19 ` Randy Brukardt
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox