From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 Path: border2.nntp.dca.giganews.com!nntp.giganews.com!news.alt.net!sewer!news.mixmin.net!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Safety of unprotected concurrent operations on constant objects Date: Tue, 6 May 2014 17:00:04 +0200 Organization: cbb software GmbH Message-ID: References: <7403d130-8b42-43cd-a0f1-53ba34b46141@googlegroups.com> <6c2cd5d4-a44c-4c18-81a3-a0e87d25cd9e@googlegroups.com> <83ha6vuynrzs.1jk08faxb8mnl.dlg@40tude.net> <97a0996a-a593-4990-95e9-44f4e9070fd3@googlegroups.com> <5368b00d$0$6703$9b4e6d93@newsspool3.arcor-online.net> <5368dc70$0$6708$9b4e6d93@newsspool3.arcor-online.net> Reply-To: mailbox@dmitry-kazakov.de NNTP-Posting-Host: G+aXx1XI67D34t54ibhUPQ.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: 40tude_Dialog/2.0.15.1 X-Notice: Filtered by postfilter v. 0.8.2 Xref: number.nntp.dca.giganews.com comp.lang.ada:186268 Date: 2014-05-06T17:00:04+02:00 List-Id: On Tue, 06 May 2014 14:58:24 +0200, G.B. wrote: > On 06.05.14 14:19, Dmitry A. Kazakov wrote: >> On Tue, 06 May 2014 11:49:01 +0200, G.B. wrote: >> >>> If the program uses containers only to provide some internal >>> storage, then it will naturally shield them. Its own >>> data structures (tagged types, say) will only Have-A container, >>> and not emphasize the container operations. In this case, I think, >>> it is adequate to let the programmer place mutex as needed. >>> (Even re-entrant (owned) semaphores incur some overhead.) >> >> The issues with this low-level approach are multiple: > > OK, for the sake of a more complete list off issues with > either choice: > >> 1. It is very simple to forget to place mutex in some operation and get a >> very nasty bug to find. > > OTOH, bugs within the task-safe implementation may, as always, > need fixing by the tool vendor; And bugs outside it need not? > you'd also ask the programmer > to accept that there is either black (not task safe) or white > (task safe), but if he chooses white, he has to suppress his > potential knowledge of a much better concurrency structure. I don't even understand what this is supposed to mean. I pointed out that manual wrapping of operations is tedious, error prone, and the potential damage is incredibly high as bugs may stay undetected in the production code for years and there is no way to write a test for such bugs. >> 2. A language-supported mechanism does not dictate certain implementation. >> The compiler may choose monitor instead of mutex or scheduling technique to >> achieve the goal in most effective manner. > > How could an implementation of task-safe containers be the > most efficient choice for all goals? By deploying the most efficient method of interlocking available on the given platform for the given Ada profile. >> 3. The low-level approach breaks under inheritance especially when >> overriding must call to the parent type operations. > > Everything can break under inheritance, This is plain wrong. If everything would break, any program using inheritance would be broken. Yet there exist non-broken Ada programs that use inheritance. I explained how task-safe primitive operations can be overridden remaining safe. >> 4. The low-level approach breaks encapsulation. If you add new operations >> you must expose the mutex to them. > > Do you mean "add new operations to the Has-A type"? I mean adding an operation, period. This operation, in order to be task-safe, must use the locking mechanism of the parent type. E.g. mutex. It means that you must expose the mutex to make the type publicly extendable. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de