[cap-talk] small notes re: waterken

David-Sarah Hopwood david-sarah at jacaranda.org
Sat Mar 5 18:49:02 PST 2011


On 2011-03-06 01:09, James A. Donald wrote:
> Suppose your code, your little procedure that runs for a few
> milliseconds in a gigantic program written by hundreds of
> people that runs for weeks at a time, grabs a mutex.  Then
> something unexpected and bad happens, possibly in a routine
> written by someone else years ago, which routine does all
> sorts of strange stuff unknown to you.  Whatever your code
> was doing is now aborted, so obviously the mutex has to be
> released.

No, not obviously!

Not releasing the mutex will cause a deadlock if any other code
tries to acquire that resource, which is a better failure mode
than releasing the mutex for a resource that is in an inconsistent
state. The mutex was there for a reason; attempting to use the
object after the failure may cause a much worse failure.

It is possible to do better than causing a deadlock, but silently
releasing the mutex is certainly the wrong thing.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20110306/0e29f899/attachment.bin 


More information about the cap-talk mailing list