Version 1.1 of ai12s/ai12-0114-1.txt

Unformatted version of ai12s/ai12-0114-1.txt version 1.1
Other versions for file ai12s/ai12-0114-1.txt

!standard A(3/2)          14-06-08 AI12-00XXX-1
!class binding interpretation 15-06-08
!status work item 14-06-08
!status received 14-06-08
!priority Low
!difficulty Easy
!subject overlapping objects designated by access parameters are not thread-safe
!summary
A(3) not only applies to nonoverlapping objects denoted by parameters passed by reference but also to nonoverlapping objects designed by parameters of access type.
!question
A(3) mandates that "The implementation shall ensure that each language-defined subprogram is reentrant in the sense that concurrent calls on {any language-defined}[the same] subprogram perform as specified, so long as all parameters that could be passed by reference denote nonoverlapping objects."
The rule does not apply when overlapping objects designated by access parameters overlap. Hence such calls would need to be made reentrant, i.e. thread-safe, in all cases. Is this intended? [No.]
!recommendation
A possible solution is to extend A(3) to read
The implementation shall ensure that each language-defined subprogram is reentrant in the sense that concurrent calls on {any language-defined}[the same] subprogram perform as specified, so long as all parameters that could be passed by reference denote nonoverlapping objects {and all parameters of access type designate nonoverlapping objects}.
This solution is preferable to special-case rules that deal with each problematic interface individually. Luckily the rule is written such that in practice it will not impact any subprograms in which access parameters can access nonoverlapping objects safely.
!wording
Extend A(3) to read (inclusive of AI12-00052 changes):
The implementation shall ensure that each language-defined subprogram is reentrant in the sense that concurrent calls on {any language-defined}[the same] subprogram perform as specified, so long as all parameters that could be passed by reference denote nonoverlapping objects {and all parameters of access type designate nonoverlapping objects}.
!discussion
Unfortunately, the issues that surround A(3), e.g., the alteration of file handles as part of IO operations, not only apply to parameters passed by reference, but also to parameters of access types passed by copy or copy-in/copy-out.
Most notably, 'Read, 'Write, 'Input and 'Output operate on access Ada.Streams.Root_Stream_Type'Class, causing the very same issues that accompany file handles in IO operations.
Other examples in predefined packages include: The types System.Storage_Pools.Subpools.Subpool_Handle, Interfaces.C.Strings.char_array_access and Interfaces.C.Pointers.Pointer used for parameters of subprograms, or the declaration of the parameter Interfaces.C.Pointers.Do_RPC.Result as an IN parameter.
The likelihood of the user encountering the problem in user code is demonstrated in the RM by the procedure Tapes.Copy using access parameters of mode IN with the clear intent to alter the object designed by one of the parameters.
While potential data races in user-written code are the responsibility of the user, the above examples show that the predefined packages also include interfaces that would be affected by data races when the same object is designated by access parameters of concurrent calls.
!ASIS
No ASIS effect.
!ACATS test
An ACATS C-Test ought to ensure that no redispatching occurs in statically bound calls.
!appendix

***************************************************************

Questions? Ask the ACAA Technical Agent