From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!gandalf.srv.welterde.de!news.jacob-sparre.dk!franka.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail
From: "Randy Brukardt" <randy@rrsoftware.com>
Newsgroups: comp.lang.ada
Subject: Re: Portable memory barrier?
Date: Tue, 9 May 2017 15:10:17 -0500
Organization: JSA Research & Innovation
Message-ID: <oet7n9$5p0$1@franka.jacob-sparre.dk>
References: <e8d229c0-317e-4f5a-8d54-cf56c3aede7a@googlegroups.com>
 <0fc56bf7-1cfa-4776-9c47-a573db315c5f@googlegroups.com>
 <oep7mj$1g3f$1@gioia.aioe.org>
 <e87ac3c3-8390-4d1d-979d-0bcc7e4d3dde@googlegroups.com>
 <oeq60s$18c1$1@gioia.aioe.org> <enc2orF3oloU1@mid.individual.net>
NNTP-Posting-Host: rrsoftware.com
X-Trace: franka.jacob-sparre.dk 1494360617 5920 24.196.82.226 (9 May 2017
 20:10:17 GMT)
X-Complaints-To: news@jacob-sparre.dk
NNTP-Posting-Date: Tue, 9 May 2017 20:10:17 +0000 (UTC)
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Xref: news.eternal-september.org comp.lang.ada:46737
Date: 2017-05-09T15:10:17-05:00
List-Id: <comp.lang.ada>

"Niklas Holsti" <niklas.holsti@tidorum.invalid> wrote in message 
news:enc2orF3oloU1@mid.individual.net...
...
>> Yet the question stands. In particular, which Ada primitives may ensure
>> safe implementations of lock-free structures when no protected objects
>> used.
>
> Pragma Volatile + RM C.6 (16/3)? If these are not sufficient, why not?

It's very subtle, but you need something atomic involved, else the rule for 
volatile is meaningless. It took a long discussion by a (now former) AdaCore 
person for me to understand it. Essentially, all shared object accesses 
(that is, from different tasks) is erroneous unless something makes the 
accesses "sequential" as defined in 9.10. Atomic makes acccesses 
"sequential" (thus requiring "fences" on some CPUs), volatile does not.

The second sentence of C.6(16/3) is trying to point this out.

Since not everything can be atomic, you usually have to use some sort of 
mixed atomic and volatile coding.

Again, as I've warned multiple times, this is untestable by the ACATS, so 
you have to go totally on trust that the vendor has implemented it right.

Eachus's lengthy discussion might be interesting if you are implementing an 
Ada compiler, but otherwise, just use the Ada tools provided and trust that 
your vendor gets them right. There's really no other choice because the odds 
of your getting it right when the vendor didn't is very low (as this stuff 
is at the edge of human understanding).

                                   Randy.