From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 border2.nntp.dca.giganews.com!nntp.giganews.com!newsfeed.news.ucla.edu!usenet.stanford.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!newsswitch.lcs.mit.edu!nntp.TheWorld.com!.POSTED!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Safety of unprotected concurrent operations on constant objects
Date: Tue, 06 May 2014 12:22:59 -0400
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wcctx92ev18.fsf@shell01.TheWorld.com>
References: <slrnlm6mkg.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <7403d130-8b42-43cd-a0f1-53ba34b46141@googlegroups.com>
 <slrnlmals8.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <lya9aybkxc.fsf@pushface.org> <lk41jr$1vl$1@dont-email.me>
 <slrnlmbs1n.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <6c2cd5d4-a44c-4c18-81a3-a0e87d25cd9e@googlegroups.com>
 <slrnlmcoqd.i0l.lithiumcat@nat.rebma.instinctive.eu>
 <waw9v.109142$f85.65293@fx19.iad> <scy9v.1071029$2N5.142769@fx05.iad>
 <kxy9v.109149$f85.89664@fx19.iad> <lyzjiw7h6c.fsf@pushface.org>
 <fRN9v.204655$Ng5.180587@fx17.iad>
 <t7a0jcl05g1h.11jb75b2jg1l7.dlg@40tude.net> <eT_9v.574$dr.264@fx27.iad>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: pcls7.std.com 1399393377 24086 192.74.137.71 (6 May 2014 16:22:57
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Tue, 6 May 2014 16:22:57 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:gipnBjdub96efTeXT1yM/GHMH40=
Xref: number.nntp.dca.giganews.com comp.lang.ada:186270
Date: 2014-05-06T12:22:59-04:00
List-Id: <comp.lang.ada>

Brad Moore <brad.moore@shaw.ca> writes:

> However, it might make sense to specify certain primitive subprograms of
> a type as being task safe.

What exactly do you mean by "task safe", either for a type, or for
a subprogram?  E.g. if Element is task safe, does that mean calls
to Element are atomic with respect to each other?  If both Element
and Replace_Element are task safe, does that mean calls to Element
and Replace_Element are atomic; i.e. if one task calls Element,
and another calls Replace_Element, those two calls are serialized?

Why primitive subprograms?  What about class-wide subprograms
declared in the same package?

Does task safety imply absence of deadlock?

Suppose we have an atomic increment function (calls to it are
serialized), and Counter is initially 0, and one task does
"X := Incr (Counter);" and another task does "Y := Incr (Counter);".
A third task waits for those two to terminate, and then calls 
procedure P, which prints X followed by Y.  Is P task safe?

If the comment on P says "-- This prints 1 followed by 2.",
you've got a race condition.  But what if the comment says
"-- This prints 1 and 2, in either order." -- does that
make it task safe?

I understand task safety in an informal way, but I'm not sure
how to decribe it formally.  And if the definition depends on
the intent of the programmer (perhaps expressed in comments),
we can't expect a compiler to check it.  ;-)

- Bob