Re: How to avoid unreferenced objects (mutexes etc)

["Nick Roberts" <nickroberts@adaos.worldonline.co.uk>]

"Dmitry A. Kazakov" <dmitry@elros.cbb-automation.de> wrote in message
news:3c3ee8c8.105408250@News.CIS.DFN.DE...

> protected type Mutex is
>    entry Seize;
>    procedure Release;
> private
>    Owned : Boolean := False;
> end Mutex;
>
> type Lock (Resource : access Mutex) is new
>    Ada.Finalization.Limited_Controlled with null record;

> procedure Initialize (Object : in out Lock) is
> begin
>    Object.Resource.Seize;
> end Initialize;

> procedure Finalize (Object : in out Lock) is
> begin
>    Object.Resource.Release;
> end Finalize;
>
> The idea is to write critical sections as follows:
>
>    Temp : Lock (Mutex_of_a_resource'Access);
> begin
>    ...  -- Safe access to the resource
> end; -- Mutex is released even if an exception propagates


This may well be simply my own taste, but I would much prefer the critical
section to be written thus:


  type Indirect_Mutex is access all Mutex;

  The_Lock: aliased Mutex;

  ...

    Lock: [constant] Indirect_Mutex := The_Lock'Access;
  begin
    -- here we can do any non-critical pre-processing
    Lock.Seize;
    begin
      -- critical code goes here
    exception
      when others =>
        -- reset resource state to something stable
    end;
    Lock.Release;
    -- here we can do any non-critical post-processing
  end;


This way, no mucking about with finalisation or unreferenced objects is
required, and you have natural places to put pre- and post-processing code.
More importantly, this scheme ensures that if some critical processing
(presumably messing about with the state of the resource) does go wrong, the
resource is 'cleaned up' before any other innocent task can try using it.

However, really, a much better design is like this:


  protected type My_Resource_Type is
    procedure Do_Something_Critical;
  private
    ... -- resource state
  end;

  ...

  protected body My_Resource_Type is

    procedure Do_Something_Critical is
    begin
      -- critical code here
    exception
      when others =>
        -- reset resource state to something stable
    end;

  end My_Resource_Type;

  ...

  The_Resource: My_Resource_Type;

  ...

  begin
    -- pre-processing
    The_Resource.Do_Something_Critical;
    -- post-processing
  end;


The general idea is that a mutex is a low-level synchronisation construct,
and Ada provides a higher-level construct (protected objects) that takes
away much of the pain and danger of using mutexes directly.

--
Best wishes,
Nick Roberts