Re: Advantages

[Jeffrey Carter <spam@spam.com>]

Brian May wrote:

> You want to send a message to a hardware device. The requirements
> specify that one message should be sent to the device, followed by a
> fixed delay, then another message. During this entire period of time,
> exclusive access is required to the device, because other threads
> could otherwise interfere.
> 
> Lets also assume that sending the message is a blocking function that
> will block until either an acknowledgement or error is returned by the
> device.
> 
> What is the safest way of implementing this under Ada?
> 
> You could have a protected type emulate a semaphore, but then we are
> back to using primitive operations (and related mistakes) that Ada was
> meant to avoid.

The problem is that protected objects are not general-purposes 
structures to provide mutual exclusion, as they appear on the surface. 
Rather, they are specialized to provide mutual exclusion for data. Hence 
the restrictions against calling potentially blocking operations.

This was probably a mistake, but that changes nothing. If you're 
creating your own language, you can avoid making this mistake.

Probably the safest way is the Ada-83 way: use a task. Tasks can block 
all they want.

If the measured overhead of an additional task and a rendezvous exceeds 
your requirement, Ada has some features that allow a semaphore to be 
used much more safely than in other languages:

A controlled type can be used to automatically seize (during Initialize) 
and release (during Finalize) a semaphore. This avoids the omission of 
such calls, especially the "missed path" problem in which there is an 
exit path (such as due to exceptions) without a release call.

The semaphore can be hidden; those who invoke the sequence of operations 
see them as a single atomic operation. This localizes the places where 
the semaphore is manipulated, and makes finding errors in its use easier.

-- 
Jeff Carter
"I'm a lumberjack and I'm OK."
Monty Python's Flying Circus
54