From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,d676a4bf883e6826 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!news4.google.com!newsfeed2.dallas1.level3.net!news.level3.com!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail From: Robert A Duff Newsgroups: comp.lang.ada Subject: Re: task synchronization and activation Date: 22 Feb 2005 21:24:58 -0500 Organization: The World Public Access UNIX, Brookline, MA Message-ID: References: <5f59677c.0502190711.1d6d2492@posting.google.com> <3bmevc.5mi.ln@hunter.axlog.fr> NNTP-Posting-Host: shell01-e.theworld.com Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: pcls4.std.com 1109125499 5545 69.38.147.31 (23 Feb 2005 02:24:59 GMT) X-Complaints-To: abuse@TheWorld.com NNTP-Posting-Date: Wed, 23 Feb 2005 02:24:59 +0000 (UTC) User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Xref: g2news1.google.com comp.lang.ada:8464 Date: 2005-02-22T21:24:58-05:00 List-Id: Jean-Pierre Rosen writes: > Robert A Duff a �crit : > [...] > > I can believe that that was the reasoning of the Ada 83 designers. > > But I still don't quite agree with it. > > For one thing, if you want to handle exceptions in the decl part, > > just change this: > > task body T is > > ... -- possible exception here? > > begin > > ... > > end T; > > to this: > > task body T is > > begin > > declare > > ... -- possible exception here? > > begin > > ... > > end; > > exception > > ... > > end T; > > and now the task can handle it (because it's no longer in the task's > > declarative part). So it's a case of "Doctor, it hurts when I...." > > "So don't do that." ;-) > > It is not the same thing *at all*. Here, you are putting the > responsibility on the task's side, but the issue is to be safe from the > caller's point of view. > > Let's look at it differently. A program unit needs some subtasks to do > its job. If the subtasks cannot be started for any reason (including > storage_error), then the program unit cannot work, and it'd better be > noticed of that; most likely, the program unit will raise an exception > or find a fall-back strategy. Since asynchronous exceptions are horrible > (Java did that mistake, and had to back-up), this must happen > synchronously, and the logical point is just before executing any > statement. > > Now, you can argue that the subtasks may fail at any later time; Yes, I do argue exactly that. ;-) >... that's > true, and Tasking_Error may be raised for any interaction. However, > failing activation is basically not having the resources to start the > servers, and is a much more severe condition. Failing activation (i.e. raising an exception before "begin") could be due to lack of resources, or a bug, or any other cause of exceptions. Exceptions *after* "begin" can also be caused by any of these -- including running out of resources. So I don't see any reason to believe that exceptions before the begin are more severe, or deserve an automatic means of notification -- let the programmer decide which exceptions are severe, and how/who should be notified. Actually, I'd say exceptions in an exception handler are typically more severe than others, because they represent failure of a failure-recovery mechanism. But I still think the programmer, not the language designer, should make such decisions. Anyway, passing the "begin" is no indication that the task is ready to go. Putting code before and after "begin" is determined by all kinds of unrelated issues (like if you want to call a subprogram that creates a String, you normally have to use a function result, rather than an 'out' parameter, so it comes before "begin", whereas if you want to initialize a variable with a loop, that comes after "begin"). A task is ready to receive entry calls when it reaches an accept -- "begin" is irrelevant. - Bob