[cap-talk] small notes re: waterken
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Mar 5 18:49:02 PST 2011
On 2011-03-06 01:09, James A. Donald wrote:
> Suppose your code, your little procedure that runs for a few
> milliseconds in a gigantic program written by hundreds of
> people that runs for weeks at a time, grabs a mutex. Then
> something unexpected and bad happens, possibly in a routine
> written by someone else years ago, which routine does all
> sorts of strange stuff unknown to you. Whatever your code
> was doing is now aborted, so obviously the mutex has to be
> released.
No, not obviously!
Not releasing the mutex will cause a deadlock if any other code
tries to acquire that resource, which is a better failure mode
than releasing the mutex for a resource that is in an inconsistent
state. The mutex was there for a reason; attempting to use the
object after the failure may cause a much worse failure.
It is possible to do better than causing a deadlock, but silently
releasing the mutex is certainly the wrong thing.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20110306/0e29f899/attachment.bin
More information about the cap-talk
mailing list