In article <[EMAIL PROTECTED]>,
Alfred Perlstein <[EMAIL PROTECTED]> wrote:
> * Poul-Henning Kamp <[EMAIL PROTECTED]> [000807 10:03] wrote:
> >
> > Then this code should be changed to do the right thing, which is
> > to *always* check the condition being slept on before proceeding.
>
> Can you give a reason why we'll have to now start coding defensively
> because our arguments to tsleep() are just "advisory" now?
>
> I'm not really sure why for a single reader/writer situation we have
> to have hysterics for a stray wakeup, it bloats code and is not needed
> in all places.
It is just basic good programming practice. In his classic paper, "An
Introduction to Programming with Threads" [1] Andrew Birrell argues
for the explicit test in his discussion of condition variables, which
are very similar to the kernel's tsleep/wakeup constructs. After
giving a couple of purely technical reasons, he goes on to say:
But the main reason for advocating use of this pattern is to
make your program more obviously, and more robustly, correct.
With this style it is immediately clear that the "expression" is
true before the following statements are executed. Without it,
this fact could be verified only by looking at all the places
that might signal the condition variable. In other words, this
programming convention allows you to verify correctness by local
inspection, which is always preferable to global inspection.
I will add that this is the pattern that Kirk teaches in his kernel
internals class.
[1] http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-035.html
John
--
John Polstra [EMAIL PROTECTED]
John D. Polstra & Co., Inc. Seattle, Washington USA
"Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
