From owner-freebsd-current Mon Aug 7 17: 0:42 2000 Delivered-To: freebsd-current@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id 4F72C37B50C for ; Mon, 7 Aug 2000 17:00:39 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.3/8.9.3) with ESMTP id RAA03445; Mon, 7 Aug 2000 17:00:36 -0700 (PDT) (envelope-from jdp@polstra.com) From: John Polstra Received: (from jdp@localhost) by vashon.polstra.com (8.9.3/8.9.1) id RAA40298; Mon, 7 Aug 2000 17:00:36 -0700 (PDT) (envelope-from jdp@polstra.com) Date: Mon, 7 Aug 2000 17:00:36 -0700 (PDT) Message-Id: <200008080000.RAA40298@vashon.polstra.com> To: current@freebsd.org Reply-To: current@freebsd.org Cc: bright@wintelcom.net Subject: Re: Ugly, slow shutdown In-Reply-To: <20000807112612.V4854@fw.wintelcom.net> References: <200008071647.JAA36775@earth.backplane.com> <10026.965667788@critter.freebsd.dk> <20000807112612.V4854@fw.wintelcom.net> Organization: Polstra & Co., Seattle, WA Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article <20000807112612.V4854@fw.wintelcom.net>, Alfred Perlstein wrote: > * Poul-Henning Kamp [000807 10:03] wrote: > > > > Then this code should be changed to do the right thing, which is > > to *always* check the condition being slept on before proceeding. > > Can you give a reason why we'll have to now start coding defensively > because our arguments to tsleep() are just "advisory" now? > > I'm not really sure why for a single reader/writer situation we have > to have hysterics for a stray wakeup, it bloats code and is not needed > in all places. It is just basic good programming practice. In his classic paper, "An Introduction to Programming with Threads" [1] Andrew Birrell argues for the explicit test in his discussion of condition variables, which are very similar to the kernel's tsleep/wakeup constructs. After giving a couple of purely technical reasons, he goes on to say: But the main reason for advocating use of this pattern is to make your program more obviously, and more robustly, correct. With this style it is immediately clear that the "expression" is true before the following statements are executed. Without it, this fact could be verified only by looking at all the places that might signal the condition variable. In other words, this programming convention allows you to verify correctness by local inspection, which is always preferable to global inspection. I will add that this is the pattern that Kirk teaches in his kernel internals class. [1] http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-035.html John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message