![]() |
Boost-Commit : |
Subject: [Boost-commit] svn:boost r51165 - sandbox/synchro/libs/synchro/doc/tutorial
From: vicente.botet_at_[hidden]
Date: 2009-02-09 18:39:42
Author: viboes
Date: 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
New Revision: 51165
URL: http://svn.boost.org/trac/boost/changeset/51165
Boost.Synchro V0.0.0
sandbox/synchro/libs/synchro/doc/tutorial/external_locking.qbk (contents, props changed)
sandbox/synchro/libs/synchro/doc/tutorial/internal_locking.qbk (contents, props changed)
sandbox/synchro/libs/synchro/doc/tutorial/lockable.qbk (contents, props changed)
sandbox/synchro/libs/synchro/doc/tutorial/rendezvous.qbk (contents, props changed)
sandbox/synchro/libs/synchro/doc/tutorial/volatile_locking_ptr.qbk (contents, props changed)
Added: sandbox/synchro/libs/synchro/doc/tutorial/external_locking.qbk
--- (empty file)
+++ sandbox/synchro/libs/synchro/doc/tutorial/external_locking.qbk 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
@@ -0,0 +1,491 @@
+ / Copyright (c) 2008 Vicente J. Botet Escriba
+ /
+ / Distributed under the Boost Software License, Version 1.0. (See accompanying
+ / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+ /]
+[section External Locking -- `strict_locker` and `externally_locked` classes]
+This tutorial is an adaptation of the article of Andrei Alexandrescu "Multithreading and the C++ Type System"
+to the Boost library.
+[section Internall locking]
+Consider, for example, modeling a bank account class that supports
+simultaneous deposits and withdrawals from multiple locations (arguably
+the "Hello, World" of multithreaded programming). In the code below, guard's
+constructor locks the passed-in object this, and guard's destructor unlocks this.
+The object-level locking idiom doesn't cover the entire richness of a threading model. For example,
+the model above is quite deadlock-prone when you try to coordinate multi-object transactions.
+Nonetheless, object-level locking is useful in many cases, and in combination with other mechanisms
+can provide a satisfactory solution to many threaded access problems in object-oriented programs.
+[section Internal and external locking]
+The BankAccount class above uses internal locking. Basically, a class that uses internal locking
+guarantees that any concurrent calls to its public member functions don't corrupt an instance of that
+class. This is typically ensured by having each public member function acquire a lock on the object
+upon entry. This way, for any given object of that class, there can be only one member function call
+active at any moment, so the operations are nicely serialized.
+This approach is reasonably easy to implement and has an attractive simplicity. Unfortunately,
+"simple" might sometimes morph into "simplistic."
+Internal locking is insufficient for many real-world synchronization tasks. Imagine that you want to
+implement an ATM withdrawal transaction with the BankAccount class. The requirements are simple.
+The ATM transaction consists of two withdrawals-one for the actual money and one for the $2 commission.
+The two withdrawals must appear in strict sequence; that is, no other transaction can exist between them.
+The obvious implementation is erratic:
+The problem is that between the two calls above, another thread can perform another operation on the
+account, thus breaking the second design requirement.
+In an attempt to solve this problem, let's lock the account from the outside during the two operations:
+Notice that the code above do not compiles, the `mtx_` field is private.
+We have two possibilities:
+* make `mtx_` public which seams odd
+* make the `BankAccount` lockable by adding the lock/unlock functions
+We can add these functions explicitly
+or inheriting from a class which add these lockable functions.
+The `make_exclusive_lockable` class
+The `BankAccount` class result now in
+and the code that do not comiles becomes
+Notice that now acct is being locked by Withdraw after it has already been locked by guard. When running
+such code, one of two things happens.
+* Your mutex implementation might support the so-called recursive mutex semantics. This means that
+ the same thread can lock the same mutex several times successfully. In this case, the implementation
+ works but has a performance overhead due to unnecessary locking. (The locking/unlocking sequence in
+ the two Withdraw calls is not needed but performed anyway-and that costs time.)
+* Your mutex implementation might not support recursive locking, which means that as soon as you try
+ to acquire it the second time, it blocks-so the ATMWithdrawal function enters the dreaded deadlock.
+As `boost::mutex` is not recursive, we need to use its recursive version `boost::recursive_mutex`.
+The caller-ensured locking approach is more flexible and the most efficient, but very dangerous. In an
+implementation using caller-ensured locking, BankAccount still holds a mutex, but its member functions
+don't manipulate it at all. Deposit and Withdraw are not thread-safe anymore. Instead, the client code
+is responsible for locking BankAccount properly.
+ class BankAccount
+ : public make_exclusive_lockable<boost:mutex> {
+ int balance_;
+ public:
+ void Deposit(int amount) {
+ balance_ += amount;
+ }
+ void Withdraw(int amount) {
+ balance_ -= amount;
+ }
+ };
+Obviously, the caller-ensured locking approach has a safety problem. BankAccount's implementation code
+is finite, and easy to reach and maintain, but there's an unbounded amount of client code that manipulates
+BankAccount objects. In designing applications, it's important to differentiate between requirements
+imposed on bounded code and unbounded code. If your class makes undue requirements on unbounded code,
+that's usually a sign that encapsulation is out the window.
+To conclude, if in designing a multithreaded class you settle on internal locking, you expose yourself to
+inefficiency or deadlocks. On the other hand, if you rely on caller-provided locking, you make your class
+error-prone and difficult to use. Finally, external locking completely avoids the issue by leaving it all
+to the client code.
+[section Locks as Permits]
+So what to do? Ideally, the BankAccount class should do the following:
+* Support both locking models (internal and external).
+* Be efficient; that is, use no unnecessary locking.
+* Be safe; that is, BankAccount objects cannot be manipulated without appropriate locking.
+Let's make a worthwhile observation: Whenever you lock a BankAccount, you do so by using a
+`lock_guard<BankAccount>` object. Turning this statement around, wherever there's a `lock_guard<BankAccount>`,
+there's also a locked `BankAccount` somewhere. Thus, you can think of-and use-a `lock_guard<BankAccount>`
+object as a permit. Owning a `lock_guard<BankAccount>` gives you rights to do certain things.
+The `lock_guard<BankAccount>` object should not be copied or aliased (it's not a transmissible permit).
+# As long as a permit is still alive, the `BankAccount` object stays locked.
+# When the `lock_guard<BankAccount>` is destroyed, the `BankAccount`'s mutex is released.
+The net effect is that at any point in your code, having access to a `lock_guard<BankAccount>` object
+guarantees that a `BankAccount` is locked. (You don't know exactly which `BankAccount` is locked,
+however-an issue that we'll address soon.)
+For now, let's make a couple of enhancements to the `lock_guard` class template defined in Boost.Thread.
+We'll call the enhanced version `strict_locker`. Essentially, a `strict_locker`'s role is only to live on the
+stack as an automatic variable. `strict_locker` must adhere to a non-copy and non-alias policy.
+`strict_locker` disables copying by making the copy constructor and the assignment operator private.
+While we're at it, let's disable operator new and operator delete; `strict_locker` are not intended to be
+allocated on the heap. `strict_locker` avoids aliasing by using a slightly less orthodox and less well-known
+technique: disable address taking.
+[/ template <typename Lockable>
+ class strict_locker : private boost::noncopyable {
+ public:
+ typedef Lockable lockable_type;
+ typedef typename lock_traits<lockable_type>::lock_error bad_lock;
+ explicit strict_locker(lockable_type& obj) : obj_(obj) {
+ obj.lock();
+ }
+ ~strict_locker() { obj_.unlock(); }
+ typedef bool (strict_locker::*bool_type)();
+ operator bool_type() const
+ {
+ return &strict_locker::owns_lock;
+ }
+ bool operator!() const { return false; }
+ bool owns_lock() const { return true; }
+ private:
+ lockable_type& obj_;
+ private:
+ /// disable default constructor
+ strict_locker();
+ /// disable aliasing
+ BOOST_NON_ALIAS(strict_locker);
+ /// disable heap allocation
+ };
+Silence can be sometimes louder than words-what's forbidden to do with a `strict_locker` is as important as
+what you can do. Let's see what you can and what you cannot do with a `strict_locker` instantiation:
+* You can create a `strict_locker<T>` only starting from a valid T object. Notice that there is no
+ other way you can create a `strict_locker<T>`.
+ BankAccount myAccount("John Doe", "123-45-6789");
+ strict_locerk<BankAccount> myLock(myAccount); // ok
+* You cannot copy `strict_locker`s to one another. In particular, you cannot pass `strict_locker`s by value
+ to functions or have them returned by functions:
+ extern strict_locker<BankAccount> Foo(); // compile-time error
+ extern void Bar(strict_locker<BankAccount>); // compile-time error
+* However, you still can pass `strict_locker`s by reference to and from functions:
+ // ok, Foo returns a reference to strict_locker<BankAccount>
+ extern strict_locker<BankAccount>& Foo();
+ // ok, Bar takes a reference to strict_locker<BankAccount>
+ extern void Bar(strict_locker<BankAccount>&);
+* You cannot allocate a `strict_locker` on the heap. However, you still can put `strict_locker`s on the heap
+ if they're members of a class.
+ strict_locker<BankAccount>* pL =
+ new strict_locker<BankAccount>(myAcount); //error!
+ // operator new is not accessible
+ class Wrapper {
+ strict_locker memberLock_;
+ ...
+ };
+ Wrapper* pW = new Wrapper; // ok
+(Making `strict_locker` a member variable of a class is not recommended. Fortunately, disabling copying
+ and default construction makes `strict_locker` quite an unfriendly member variable.)
+* You cannot take the address of a `strict_locker` object. This interesting feature, implemented by
+ disabling unary operator&, makes it very unlikely to alias a `strict_locker` object. Aliasing is still
+ possible by taking references to a `strict_locker`:
+ strict_locker<BankAccount> myLock(myAccount); // ok
+ strict_locker<BankAccount>* pAlias = &myLock; // error!
+ // strict_locker<BankAccount>::operator& is not accessible
+ strict_locker<BankAccount>& rAlias = myLock; // ok
+Fortunately, references don't engender as bad aliasing as pointers because they're much less
+ versatile (references cannot be copied or reseated).
+* You can even make `strict_locker` final; that is, impossible to derive from. This task is left in the
+ form of an exercise to the reader.
+All these rules were put in place with one purpose-enforcing that owning a `strict_locker<T>` is a reasonably
+strong guarantee that
+# you locked a T object, and
+# that object will be unlocked at a later point.
+Now that we have such a strict `strict_locker`, how do we harness its power in defining a safe, flexible
+interface for BankAccount? The idea is as follows:
+* Each of BankAccount's interface functions (in our case, Deposit and Withdraw) comes in two
+ overloaded variants.
+* One version keeps the same signature as before, and the other takes an additional argument of
+ type `strict_locker<BankAccount>`. The first version is internally locked; the second one requires
+ external locking. External locking is enforced at compile time by requiring client code to create
+ a `strict_locker<BankAccount>` object.
+* BankAccount avoids code bloating by having the internal locked functions forward to the external
+ locked functions, which do the actual job.
+A little code is worth 1,000 words, a (hacked into) saying goes, so here's the new BankAccount class:
+ class BankAccount
+ : public make_exclusive_lockable<boost:recursive_mutex>
+ {
+ int balance_;
+ public:
+ void Deposit(int amount, strict_locker<BankAccount>&) {
+ // Externally locked
+ balance_ += amount;
+ }
+ void Deposit(int amount) {
+ strict_locker<boost:mutex> guard(*this); // Internally locked
+ Deposit(amount, guard);
+ }
+ void Withdraw(int amount, strict_locker<BankAccount>&) {
+ // Externally locked
+ balance_ -= amount;
+ }
+ void Withdraw(int amount) {
+ strict_locker<boost:mutex> guard(*this); // Internally locked
+ Withdraw(amount, guard);
+ }
+ };
+Now, if you want the benefit of internal locking, you simply call Deposit(int) and Withdraw(int).
+If you want to use external locking, you lock the object by constructing a `strict_locker<BankAccount>` and
+then you call `Deposit(int, strict_locker<BankAccount>&)` and `Withdraw(int, strict_locker<BankAccount>&)`. For
+example, here's the `ATMWithdrawal` function implemented correctly:
+ void ATMWithdrawal(BankAccount& acct, int sum) {
+ strict_locker<BankAccount> guard(acct);
+ acct.Withdraw(sum, guard);
+ acct.Withdraw(2, guard);
+ }
+This function has the best of both worlds-it's reasonably safe and efficient at the same time.
+It's worth noting that `strict_locker` being a template gives extra safety compared to a straight
+polymorphic approach. In such a design, BankAccount would derive from a Lockable interface.
+`strict_locker` would manipulate Lockable references so there's no need for templates. This approach is
+sound; however, it provides fewer compile-time guarantees. Having a `strict_locker` object would only tell
+that some object derived from Lockable is currently locked. In the templated approach, having a
+`strict_locker<BankAccount>` gives a stronger guarantee-it's a `BankAccount` that stays locked.
+There's a weasel word in there-I mentioned that ATMWithdrawal is reasonably safe. It's not really
+safe because there's no enforcement that the `strict_locker<BankAccount>` object locks the appropriate
+BankAccount object. The type system only ensures that some BankAccount object is locked. For example,
+consider the following phony implementation of ATMWithdrawal:
+ void ATMWithdrawal(BankAccount& acct, int sum) {
+ BankAccount fakeAcct("John Doe", "123-45-6789");
+ strict_locker<BankAccount> guard(fakeAcct);
+ acct.Withdraw(sum, guard);
+ acct.Withdraw(2, guard);
+ }
+This code compiles warning-free but obviously doesn't do the right thing-it locks one account and
+uses another.
+It's important to understand what can be enforced within the realm of the C++ type system and what
+needs to be enforced at runtime. The mechanism we've put in place so far ensures that some BankAccount
+object is locked during the call to `BankAccount::Withdraw(int, strict_locker<BankAccount>&)`. We must
+enforce at runtime exactly what object is locked.
+If our scheme still needs runtime checks, how is it useful? An unwary or malicious programmer can
+easily lock the wrong object and manipulate any BankAccount without actually locking it.
+First, let's get the malice issue out of the way. C is a language that requires a lot of attention
+and discipline from the programmer. C++ made some progress by asking a little less of those, while
+still fundamentally trusting the programmer. These languages are not concerned with malice (as Java
+is, for example). After all, you can break any C/C++ design simply by using casts "appropriately"
+(if appropriately is an, er, appropriate word in this context).
+The scheme is useful because the likelihood of a programmer forgetting about any locking whatsoever
+is much greater than the likelihood of a programmer who does remember about locking, but locks the
+wrong object.
+Using `strict_locker` permits compile-time checking of the most common source of errors, and runtime
+checking of the less frequent problem.
+Let's see how to enforce that the appropriate BankAccount object is locked. First, we need to add
+a member function to the `strict_locker` class template. The `strict_locker<T>::get_lockable` function returns
+a reference to the locked object.
+ template <class T> class strict_locker {
+ ... as before ...
+ public:
+ T* get_lockable() const { return &obj_; }
+ };
+Second, BankAccount needs to compare the locked object against this:
+ class BankAccount {
+ : public make_exclusive_lockable<boost::recursive_mutex>
+ int balance_;
+ public:
+ void Deposit(int amount, strict_locker<BankAccount>& guard) {
+ // Externally locked
+ if (!guard.is_locking(*this))
+ throw "Locking Error: Wrong Object Locked";
+ balance_ += amount;
+ }
+ ...
+ };
+The overhead incurred by the test above is much lower than locking a recursive mutex for the second time.
+[section Improving External Locking]
+Now let's assume that BankAccount doesn't use its own locking at all, and has only a thread-neutral
+ class BankAccount {
+ int balance_;
+ public:
+ void Deposit(int amount) {
+ balance_ += amount;
+ }
+ void Withdraw(int amount) {
+ balance_ -= amount;
+ }
+ };
+Now you can use BankAccount in single-threaded and multi-threaded applications alike, but you need to
+provide your own synchronization in the latter case.
+Say we have an AccountManager class that holds and manipulates a BankAccount object:
+ class AccountManager
+ : public make_exclusive_lockable<boost::mutex>
+ {
+ BankAccount checkingAcct_;
+ BankAccount savingsAcct_;
+ ...
+ };
+Let's also assume that, by design, AccountManager must stay locked while accessing its BankAccount members.
+The question is, how can we express this design constraint using the C++ type system? How can we state
+"You have access to this BankAccount object only after locking its parent AccountManager object"?
+The solution is to use a little bridge template `externally_locked` that controls access to a BankAccount.
+`externally_locked` cloaks an object of type T, and actually provides full access to that object through
+the get and set member functions, provided you pass a reference to a `strict_locker<Owner>` object.
+Instead of making `checkingAcct_` and `savingsAcct_` of type `BankAccount`, `AccountManager` holds objects of
+type `externally_locked<BankAccount, AccountManager>`:
+The pattern is the same as before-to access the BankAccount object cloaked by `checkingAcct_`, you need
+to call `get`. To call `get`, you need to pass it a `strict_locker<AccountManager>`. The one thing you have to
+take care of is to not hold pointers or references you obtained by calling `get`. If you do that, make sure
+that you don't use them after the strict_locker has been destroyed. That is, if you alias the cloaked objects,
+you're back from "the compiler takes care of that" mode to "you must pay attention" mode.
+Typically, you use `externally_locked` as shown below. Suppose you want to execute an atomic transfer
+from your checking account to your savings account:
+We achieved two important goals. First, the declaration of `checkingAcct_` and `savingsAcct_` makes it
+clear to the code reader that that variable is protected by a lock on an AccountManager. Second,
+the design makes it impossible to manipulate the two accounts without actually locking a BankAccount.
+`externally_locked` is what could be called active documentation.
+[section Allowing other strict lockers]
+Now imagine that the AccountManager function needs to take a `unique_lock` in order to reduce the critical regions.
+And at some time it needs to access to the `checkingAcct_`. As `unique_lock` is not a strict lock the following code do not compiles:
+We need a way to transfer the ownership from the `unique_lock` to a `strict_locker` the time we are working with `savingsAcct_`
+and then restore the ownership on `unique_lock`.
+In order to make this code compilable we need to store either a Lockable or a `unique_lock<Lockable>` reference depending on the constructor.
+Store which kind of reference we have stored,and in the destructor call either to the Lockable `unlock` or restore the ownership.
+This seams too complicated to me. Another possibility is to define a nested strict locker class.
+The drawback is that instead of having only one strict locker we have two and we need either
+to duplicate every function taking a `strict\_lock`
+or make these function templates functions.
+The problem with template functions is that we don't profit anymore of
+the C++ type system. We must add some static metafunction that check that the Locker parameter is a strict locker.
+The problem is that we can not really check this or can we?. The `is_strict_locker` metafunction must be specialized by the strict locker
+developer. We need to belive it "sur parolle".
+The advantage is that now we can manage with more than two strict lockers without changing our code. Ths is really nice.
+Now we need to state that both classes are `strict_locker`s.
+ template <typename Locker>
+ struct is_strict_locker : mpl::false_ {};
+ template <typename Lockable>
+ struct is_strict_locker<strict_locker<Lockable> > : mpl::true_ {}
+ template <typename Locker>
+ struct is_strict_locker<nested_strict_locker<Locker> > : mpl::true_ {}
+Well let me show how this `nested_strict_locker` class looks like
+and the impacts on the `externally_locked` class and the `AccountManager::AMoreComplicatedFunction` function.
+First `nested_strict_locker` class will store on a temporary lock the `Locker`, and transfer the lock ownership
+on the constructor. On destruction he will restore the ownership. Note also that the Locker needs to have
+already a reference to the mutex otherwise an exception is thrown and the use of the `locker_traits`.
+The `externally_locked` get function is now a template function taking a Locker as parameters instead of a
+`strict_locker`. We can add test in debug mode that ensure that the Lockable object is locked.
+The `AccountManager::AMoreComplicatedFunction` function needs only to replace the `strict_locker` by a
Added: sandbox/synchro/libs/synchro/doc/tutorial/internal_locking.qbk
--- (empty file)
+++ sandbox/synchro/libs/synchro/doc/tutorial/internal_locking.qbk 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
@@ -0,0 +1,197 @@
+ / Copyright (c) 2008 Vicente J. Botet Escriba
+ /
+ / Distributed under the Boost Software License, Version 1.0. (See accompanying
+ / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+ /]
+[section Internal Locking--Monitors]
+[section Concurrent threads of execution]
+Consider, for example, modeling a bank account class that supports
+simultaneous deposits and withdrawals from multiple locations (arguably
+the "Hello, World" of multithreaded programming).
+From here a component is a model of the `Callable` concept.
+On C++0X (Boost) concurrent execution of a component is obtained by means of the `std::thread`(`boost::thread`):
+ boost::thread thread1(S);
+where `S` is a model of `Callable`. The meaning of this expression is that execution
+of `S()` will take place concurrently with the current thread of execution executing the expression.
+The following example includes a bank account of a person (Joe) and two
+components, one corresponding to a bank agent depositing money in Joe's
+account, and one representing Joe. Joe will only be withdrawing money from
+the account:
+From time to time, the `bankAgent` will deposit $500 in `JoesAccount`.
+Joe will similarly withdraw $100 from his account. These sentences describe that
+the bankAgent and Joe are executed concurrently.
+The above example works well as long as the bankAgent and Joe do not
+access JoesAccount at the same time. There is, however, no guarantee that
+this will not happen. We may use a mutex to guarantee exclusive access to each bank.
+Execution of the Deposit and Withdraw operations will no longer be able
+to make simultaneous access to balance.
+Mutex is a simple and basic mechanism for obtaining synchronization.
+In the above example it is relatively easy to be convinced that the
+synchronization works correctly (in the absence of exception). In a system with several concurrent objects
+and several shared objects, it may be difficult to describe synchronization by
+means of mutexes. Programs that make heavy use of mutexes may be
+difficult to read and write. Instead, we shall introduce a number of generic
+classes for handling more complicated forms of synchronization and communication.
+With the RAII idion we can simplify a lot this using the scoped locks. In the code
+below, guard's constructor locks the passed-in object this, and guard's destructor
+unlocks this.
+The object-level locking idiom doesn't cover the entire richness of a threading model. For example,
+the model above is quite deadlock-prone when you try to coordinate multi-object transactions.
+Nonetheless, object-level locking is useful in many cases, and in combination with other mechanisms
+can provide a satisfactory solution to many threaded access problems in object-oriented programs.
+The BankAccount class above uses internal locking. Basically, a class that uses internal locking
+guarantees that any concurrent calls to its public member functions don't corrupt an instance of that
+class. This is typically ensured by having each public member function acquire a lock on the object
+upon entry. This way, for any given object of that class, there can be only one member function call
+active at any moment, so the operations are nicely serialized.
+This approach is reasonably easy to implement and has an attractive simplicity. Unfortunately,
+"simple" might sometimes morph into "simplistic."
+Internal locking is insufficient for many real-world synchronization tasks. Imagine that you want to
+implement an ATM withdrawal transaction with the BankAccount class. The requirements are simple.
+The ATM transaction consists of two withdrawals-one for the actual money and one for the $2 commission.
+The two withdrawals must appear in strict sequence; that is, no other transaction can exist between them.
+The obvious implementation is erratic:
+The problem is that between the two calls above, another thread can perform another operation on the
+account, thus breaking the second design requirement.
+In an attempt to solve this problem, let's lock the account from the outside during the two operations:
+Notice that the code above do not compiles, the `mtx_` field is private.
+We have two possibilities:
+* make `mtx_` public which seams odd
+* make the `BankAccount` lockable by adding the lock/unlock functions
+We can add these functions explicitly
+or inheriting from a class which add these lockable functions.
+The `make_exclusive_lockable` class
+The `BankAccount` class result now in
+and the code that do not comiles becomes
+Notice that now acct is being locked by Withdraw after it has already been locked by guard. When running
+such code, one of two things happens.
+* Your mutex implementation might support the so-called recursive mutex semantics. This means that
+ the same thread can lock the same mutex several times successfully. In this case, the implementation
+ works but has a performance overhead due to unnecessary locking. (The locking/unlocking sequence in
+ the two Withdraw calls is not needed but performed anyway-and that costs time.)
+* Your mutex implementation might not support recursive locking, which means that as soon as you try
+ to acquire it the second time, it blocks-so the ATMWithdrawal function enters the dreaded deadlock.
+As `boost::mutex` is not recursive, we need to use its recursive version `boost::recursive_mutex`.
+[section Monitors]
+The use of `mutex` and `lockers`, as in `BankAccount`, is a common way of defining objects
+shared by two or more concurrent components. The make_exclusive_lockable class was a first step.
+We shall therefore introduce an abstraction that makes it easier to define such objects. The following class
+describes a so-called monitor pattern.
+A monitor object behaves like a `ExclusiveLockable` object but only for the inheriting classes.
+Protected inheritance from make_exclusive_lockable provide to all the derived classes all ExclusiveLockable operations.
+In addition has a protected nested class,
+synchroronizer, used when defining the monitor operations to synchronize the access critical regions.
+The BankAccount may be described using Monitor in the following way:
+In the following, a monitor means some sub-class of monitor. A synchroronized operation means an operation
+using the synchroronizer guard defined within some monitor. Monitor is one example of a high-level concurrency abstraction
+that can be defined by means of mutexes.
+[section Monitor Conditions]
+It may happen that a component executing an entry operation of a monitor is
+unable to continue execution due to some condition not being fulfilled. Consider,
+for instance, a bounded buffer of characters. Such a buffer may be implemented
+as a monitor with two operations Push and Pull: the Puss operation
+cannot be executed if the buffer is full, and the Pull operation cannot be executed
+if the buffer is empty. A sketch of such a buffer monitor may look as
+The meaning of a wait is that the calling component is delayed until the condition
+becomes true. We can do that using Boost.Thread condition variables like:
+The Monitor class replace the nested synchroronizer unique_lock with the class `condition_locker`
+for this purpose:
+We may now give the complete version of the buffer class. The content
+of the buffer is: `data_[out_+1], data_[out_+2], ... data_R[in_-1]`
+where all the indexes are modulo size. The buffer is full if `in_=out_` and it
+is empty if `in_=(out_+1)%size`.
+Monitors and conditions are useful for describing simple cases of shared objects
+(by simple we mean a limited use of conditions). If the conditions for
+delaying a calling component become complicated, the monitor may similarly
+become difficult to program and read.
Added: sandbox/synchro/libs/synchro/doc/tutorial/lockable.qbk
--- (empty file)
+++ sandbox/synchro/libs/synchro/doc/tutorial/lockable.qbk 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
@@ -0,0 +1,217 @@
+ / Copyright (c) 2008 Vicente J. Botet Escriba
+ /
+ / Distributed under the Boost Software License, Version 1.0. (See accompanying
+ / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+ /]
+[section Lockables]
+The following is an adaptation of the article "C++ Threading - A Generic-Programming Approach" by Kevin Henney.
+[*Lock substitutability]
+The Boost (C++0x) mutexes have associated a category which form a subtyping hierarchy:
+ExclusiveLock <- SharableLock <- UpgradableLock
+ exclusive_lock <- sharable_lock <- upgradable_lock
+Locking behaviour can be further cathegorized as:
+* Re-entrancy: recursive or not
+ non_recursive <- recursive
+* Scope: whether the lock is usable with a mono-threaded, multi-threaded or multi-process context
+ mono_threaded <- multi_threaded <- multi_process
+* Lifetime: The lifetime of a lock coudl be associated to the process, the kernel or the filesystem
+ process_lifetime <- kernel_lifetime <- filesystem_lifetime
+* Timed interface: has or not a timed interfaces
+ hasnt_timed_interface <- has_timed_interface
+Substitutability applies both to the degree of syntactic support and to the locking semantics
+* A recursive mutex and binary semaphore are substitutable in code written against a exclusive mutex
+* A null mutex is substitutable for all others in a single-threaded environment
+We can see these axes of variation expressed against some
+Boost synchronisation mechanisms (from now bip stands for boost::interprocess):
+* boost::mutex: ExclusiveLock, non-recursive, has-not-timed-interface, multi-threaded
+* boost::shared_mutex: UpgradableLock, non-recursive, has-timed-interface, multi-threaded
+* bip::synchro::null_mutex: UpgradableLock, recursive, has-timed-interface, mono-threaded
+* bip::synchro::interprocess_recursive_mutex ExclusiveLock, recursive, has-timed-interface, multi_process.
+[*Lock traits]
+Generic programming (writing code which works with any data type meeting a set of requirements) has become
+the method of choice for providing reusable code.
+However, there are times in generic programming when "generic" just isn't good enough - sometimes the
+differences between types are too large for an efficient generic implementation. This is when the traits
+technique becomes important - by encapsulating those properties that need to be considered on a type by
+type basis inside a traits class, we can minimize the amount of code that has to differ from one type to
+another, and maximize the amount of generic code.
+Consider an example:
+Boost.Synchro follow the design of Boost.TypeTraits, and contains a set of very specific traits classes, each
+of which encapsulate a single trait from the Localble or Loker concepts; for example, is the lock
+recursive? Or does the lock have a timed interface?
+The Boost.Synchro traits classes share a unified design: each class inherits from a the type true_type if the type
+has the specified property and inherits from false_type otherwise. As we will show, these classes can be used
+in generic programming to determine the properties of a given lock type and introduce optimizations that are
+appropriate for that case.
+The type-traits library also contains a set of classes that perform a specific transformation on a type; for
+example, they can remove a top-level const or volatile qualifier from a type. Each class that performs a
+transformation defines a single typedef-member type that is the result of the transformation. All of the
+type-traits classes are defined inside namespace boost; for brevity, namespace-qualification is omitted in
+most of the code samples given.
+Most of the implementation is fairly repetitive anyway, so here we will just give you a flavor for how some of the classes are implemented. See the reference section for the full details
+A lockable implementer must specialize the scope_tag template class. By default the scope_tag forward to a nested type scope.
+So the implementer can either have a nested type scope or inherit from the helper lock_traits_base.
+which defines the correct types. The lock_traits_base has a lot of parameters, and the defaults are the ones from boost::mutex. So Boost.Thread could use it as follows
+ class mutex : public lock_traits_base<> {
+ // ...
+ };
+Waiting for that Boost.Synchro specialize the scope_tag in the synchro/thread/mutex.hpp file.
+ template<>
+ struct scope_tag<boost::mutex> {
+ typedef multi_threaded_tag type;
+ };
+So the user must include this file to make boost::mutex a model of Locakble for Boost.Synchro.
+For example the trait is_multi_threaded is defined as : If Lockable has a scope_tag that inherits from multi_threaded_tag then inherits from true_type,
+otherwise inherits from false_type.
+[*Finding the best lock]
+Inverse traits can match a lockable type based on specific traits, for a given family of lock types.
+It is also possible to specify characteristics to perform a reverse lookup to find a primitive lock type, either by
+exact match or by substitutable match.
+ find_best_lock<>::type == boost::mutex
+ find_best_lock<mono_threaded_tag>::type == bsync::null_mutex
+ find_best_lock<multi_threaded_tag>::type == bsync::thread_mutex
+ find_best_lock<multi_process_tag>::type == bsync::interprocess_mutex
+The user can also find a lock using mpl constraints as follows
+ typedef find_best_lock_between<Lockables,
+ mpl::and<is_multi_threaded<_>, is_recursive<_> > >::type best;
+[*Synchrohronization familly]
+A class that will do internal locking can be parameterized by the type of synchronization familly needed to achieve
+the desired level of concurrency control. This could depends of the usage scope of this class, and this can be
+mono_threaded, multi_threaded, multi_process.
+For example the thread_synchronization_familly can be used to instantiate a message_queue class in a multi_threaded
+environment, all public methods will be thread-safe, with the corresponding overhead that implies. In contrast, if a
+null_synchronization_policy class is used to instantiate message_queue, all public methods will not be thread-safe,
+and there will be no additional overhead. A synchronization family must define typedef as for example
+[*Lockable concept]
+For the main category clasification, the library provides concept classes that can be used with Boost.ConceptCheck.
+For example LockableConcept object supports the basic features required to delimit a critical region.
+Supports the basic lock, unlock and try_lock functions and defines the lock traits.
+The user can now check staticaly that the template parameter is a model of Locable as follows
+ #include "boost/synchro/lockable_concepts.hpp"
+ template <typename Lockable>
+ class my_class {
+ BOOST_CONCEPT_ASSERT((LockableConcept<Lockable>));
+ // ...
+ };
+The same can be done for TimedLockableConcept, ShareLockableConcept and UpgradeLockableConcept
+(See the reference section for more details).
+[*Syntactic lock traits]
+The locks on Boost.Thread and Boost::Interprocess do not follow the same interface.
+Most of the differences can be handled through traits, but other are better handled by adapting the interface.
+* The scoped locks live in a different namespace and some have different names with the same semantic.
+So instead of using directly the locker of the respective libraries, use these traits.
+ bsync::shared_lock_type<Lockable>::type lock(mutex_);
+* The exception thrown lives in a different name space and different names with the same semantic.
+So instead of using directly the exception type of the respective libraries, use these traits.
+ try {
+ // ...
+ } catch (bsync::lock_error_type<Lockable>::type& ex) {
+ // ...
+ }
+* The move semantics (&&) are expressed with a class named differently.
+* The scoped locks can be initialized with static const variables in order to overload the constructor for lock
+adoption, lock deferral or try to lock. Even if the name of these variables is the same, these variables live in
+different namespace.
+So instead of using directly the variables of the respective libraries, use these traits.
+ bsync::shared_lock_type<Lockable>::type lock(mutex_, bsync::try_to_lock_type::value());
Added: sandbox/synchro/libs/synchro/doc/tutorial/rendezvous.qbk
--- (empty file)
+++ sandbox/synchro/libs/synchro/doc/tutorial/rendezvous.qbk 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
@@ -0,0 +1,213 @@
+ / Copyright (c) 2008 Vicente J. Botet Escriba
+ /
+ / Distributed under the Boost Software License, Version 1.0. (See accompanying
+ / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+ /]
+[section Concurrent components]
+[section Direct communication between components]
+In the previous section we have described a mechanism for concurrent components
+to communicate through shared objects. In many cases it appears more
+natural for concurrent components to communicate directly instead of using
+shared objects. Consider the following example:
+Here the concurrent components `S` and `R` call operations on each other. The
+state of `S` may, however, not be meaningful when `R` executes `m`, and vice versa.
+In the following sections we will introduce abstractions for making it possible
+to synchronize such communication.
+[section Synchrohronized communication between components]
+In this section we will introduce the notion of synchronized execution of objects.
+A component `S` may request execution of a member function of a component
+`R`. The component `R` must accept that the request can be fulfilled.
+Synchrohronized communication is described in a generic class concurrent_component.
+A `concurrent_component` defines the notion of a `port` for controlling the communication. A
+`port` has a nested `synchroronizer` class for defining operations controlled by the
+`port`; it also has an accept operation for signaling that an operation associated
+with the `port` can be executed. The `concurrent_component` has the following structure:
+The following object illustrates two communicating `concurrent_component`s:
+The concurrent_component `S` may execute a request, which is a normal remote procedure call:
+ e2 = r_.m(e1);
+Since `m` is a synchroronized port operation, the execution of M has to be accepted
+by R before it is executed.
+For M to be accepted, R must execute an accept, which has the following
+ port::accept(p);
+The communication is carried out when `S` is executing `r\_.m` and `R` is executing
+`port::accept(p)`. Both `S` and `R` are blocked until the communication takes place. A
+communication has the effect that `S` and `R` together execute the evaluation: `e2 = r\_.m(e1);`
+This takes place as follows:
+# When S executes `e2 = r\_.m(e1)`, `S` is now ready to execute the
+internals of the `R::m`.
+# When `R` executes `port::accept(p)`, `R` has signaled that the internals of a function
+protected with `port::synchronizer \_(p)`; may be executed. `R` will wait until such an
+execution has taken place.
+# When both `R` and `S` are ready, the internals of `R::m` can be executed.
+# When the internals of `R::m` has been executed, `R` will continue execution. In
+addition, a possible return of `R::m` is assigned to `e2`.
+The object `S` executing `r\_.m()` is called the sender, and the object `R` having `m` as
+an operation is called the receiver.
+In the following example, two systems `Prod` and `Cons` communicate via
+a single element buffer represented by a `SingleBuf` concurrent_component. The `SingleBuf`
+concurrent_component alternates between accepting a `Push` and a `Pull`:
+[section Ports controlling several operations]
+It is possible to associate more than one operation with a port.
+The `Master`-concurrent_component transmits a sequence of values to the two
+`Slave`-systems, and each Slave-concurrent_component computes the sum of the values being
+received. Each value is received and accumulated by a synchronous execution
+of `Add`. A Slave object can be used according to the following protocol:
+# The `Clear` operation must be used to initiate a new sequence of summations.
+A `Clear` thus terminates any ongoing summation.
+# The `Add` operation accumulates a new value.
+# The `Result` operation returns the current sum.
+In the example, positive numbers are transmitted to `Slave1` and negative numbers
+are transmitted to `Slave2`.
+[section Restricted acceptance]
+An accept operation on a port signals that any object is allowed to execute
+an operation associated with the port. Sometimes it is desirable to restrict the
+possible objects that are allowed to execute a port operation. The restriction
+may specify that one specific object is allowed to execute a port operation, or
+it may specify that instances of a specific class are allowed to execute a port
+operation. These two types of restrictions are described in the following two
+[*Object restriction]
+It is possible to restrict the sender of an operation by declaring the port as an
+instance of the `object_port` class. The `accept` operation of an `object_port`
+has a parameter which is a reference to the object that is allowed to
+execute a port operation. As C++ do not allows to recover the sender of an operation
+we need pass it as parameter.
+The syntax for this is:
+ T S; //some component reference
+ object_port request_;
+ void Close(const concurrent_component_base* snd) {
+ object_port::synchronizer _(request_, snd);
+ // ...
+ }
+ //...
+ object_port::accept(request_, sender_); // sender_ has been stored previously
+The example describes an abstract pattern for handling reservations
+of some kind. The reservations are supposed to be stored in some
+register. The actual way this is done is supposed to be described in subpatterns
+of ReservationHandler. At most, one person at a time is allowed to
+make reservations. An agent making a reservation must perform the following
+# The register must be locked by executing the Lock operation.
+# The agent may then perform one or more reservations using Reserve.
+# The agent terminates the reservation session by executing Close.
+The example includes a sketch of a handler for hotel reservations. The concurrent_component
+P describes a scenario of an agent making two hotel reservations.
+[*Qualified restriction]
+The object_port described above makes it possible to ensure that only one
+specific concurrent_component may execute a port operation. It is often desirable to specify
+that a port operation may be executed by a restricted set of `concurrent_component`s. By using a
+port instantiated from `qualified_port`, it is possible to define port operations
+that may be executed by objects of a given class. The syntax for
+this is:
+Port operations associated with P may now be executed by an object which is
+an instance of T or inherits from T.
+The following example illustrates the use of a qualified port. The
+single buffer example is modified such that Push can only be executed by
+Producer objects and Pull can only be executed by Consumer objects.
+[section Compound concurrent components]
+[section Indirect communication between internal concurrent components]
+Composition is a fundamental means for organizing objects. We have several
+examples of defining an object as compositions of other objects using part
+objects, references and block structure. We have also seen how the action part of
+an object may be composed of other objects. In this section we shall show how
+to construct compound systems that are concurrent_component objects consisting of several
+internal multiple action sequences.
+In Boost.Synchro the actions to be performed by a concurrent_component may be distributed
+among several internal systems. The internal systems may be more or less
+independent, and they may access common data (items in an enclosing concurrent_component),
+communicate with each other, communicate with external systems or
+control communication between external systems, and the enclosing concurrent_component.
+In the following, examples of such compound systems are described.
+For compound systems consisting of several internal concurrent systems,
+we are often interested in describing that execution of the outermost concurrent_component
+cannot terminate before execution of all inner systems have terminated. The
+outermost concurrent_component may have to do some initialization before executing the inner
+concurrent_component, and it may have to do some finalization (clean-up) when they
+have finished execution. The concurrent_component class has a concurrent_execution nested class that can
+be used for this purpose. concurrent_component can be used in the following way:
+ concurrent_execution<S1,S2, S3)> conc(s1,s2, s3);
+ conc();
+ conc.join();
Added: sandbox/synchro/libs/synchro/doc/tutorial/volatile_locking_ptr.qbk
--- (empty file)
+++ sandbox/synchro/libs/synchro/doc/tutorial/volatile_locking_ptr.qbk 2009-02-09 18:39:41 EST (Mon, 09 Feb 2009)
@@ -0,0 +1,367 @@
+ / Copyright (c) 2008 Vicente J. Botet Escriba
+ /
+ / Distributed under the Boost Software License, Version 1.0. (See accompanying
+ / file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+ /]
+[section `volatile ` and `locking_ptr`]
+This tutorial is an adaptation of the article of Andrei Alexandrescu "`volatile` - Multithreaded
+Programmer's Best Friend" to the Boost library.
+[section Just a Little Keyword]
+Although both C and C++ Standards are conspicuously silent when it comes to threads, they do make a
+little concession to multithreading, in the form of the volatile keyword.
+Just like its better-known counterpart const, volatile is a type modifier. It's intended to be used
+in conjunction with variables that are accessed and modified in different threads. Basically, without
+volatile, either writing multithreaded programs becomes impossible, or the compiler wastes vast
+optimization opportunities. An explanation is in order.
+Consider the following code:
+ class Gadget
+ {
+ public:
+ void Wait()
+ {
+ while (!flag_)
+ {
+ sleep(1000); // sleeps for 1000 milliseconds
+ }
+ }
+ void Wakeup()
+ {
+ flag_ = true;
+ }
+ ...
+ private:
+ bool flag_;
+ };
+The purpose of `Gadget::Wait` above is to check the `flag_` member variable every second and return when that
+variable has been set to true by another thread. At least that's what its programmer intended, but, alas,
+Wait is incorrect. Suppose the compiler figures out that `sleep(1000)` is a call into an external library
+that cannot possibly modify the member variable `flag_`. Then the compiler concludes that it can cache `flag_`
+in a register and use that register instead of accessing the slower on-board memory. This is an excellent
+optimization for single-threaded code, but in this case, it harms correctness: after you call Wait for some
+`Gadget` object, although another thread calls Wakeup, Wait will loop forever. This is because the change of
+`flag_` will not be reflected in the register that caches `flag_`. The optimization is too ... optimistic.
+Caching variables in registers is a very valuable optimization that applies most of the time, so it would
+be a pity to waste it. C and C++ give you the chance to explicitly disable such caching. If you use the
+volatile modifier on a variable, the compiler won't cache that variable in registers -- each access will
+hit the actual memory location of that variable. So all you have to do to make Gadget's Wait/Wakeup combo
+work is to qualify `flag_` appropriately:
+ class Gadget
+ {
+ public:
+ ... as above ...
+ private:
+ volatile bool flag_;
+ };
+Most explanations of the rationale and usage of `volatile` stop here and advise you to volatile-qualify the
+primitive types that you use in multiple threads. However, there is much more you can do with `volatile`,
+because it is part of C++'s wonderful type system.
+[section Using `volatile` with User-Defined Types]
+You can volatile-qualify not only primitive types, but also user-defined types. In that case, `volatile`
+modifies the type in a way similar to const. (You can also apply const and `volatile` to the same type
+simultaneously.) Unlike `const`, `volatile` discriminates between primitive types and user-defined types.
+Namely, unlike classes, primitive types still support all of their operations (addition, multiplication,
+assignment, etc.) when volatile-qualified. For example, you can assign a non-volatile `int` to a `volatile` `int`,
+but you cannot assign a non-volatile object to a `volatile` object. Let's illustrate how `volatile` works on
+user-defined types on an example.
+ class Gadget
+ {
+ public:
+ void Foo() volatile;
+ void Bar();
+ ...
+ private:
+ std::tring name_;
+ int state_;
+ };
+ ...
+ Gadget regularGadget;
+ volatile Gadget volatileGadget;
+If you think `volatile` is not that useful with objects, prepare for some surprise.
+ volatileGadget.Foo(); // ok, volatile fun called for
+ // volatile object
+ regularGadget.Foo(); // ok, volatile fun called for
+ // non-volatile object
+ volatileGadget.Bar(); // error! Non-volatile function called for
+ // volatile object!
+The conversion from a non-qualified type to its `volatile` counterpart is trivial. However, just as with
+const, you cannot make the trip back from `volatile` to non-qualified. You must use a cast:
+ Gadget& ref = const_cast<Gadget&>(volatileGadget);
+ ref.Bar(); // ok
+A volatile-qualified class gives access only to a subset of its interface, a subset that is under the
+control of the class implementer. Users can gain full access to that type's interface only by using a
+`const_cast`. In addition, just like constness, volatileness propagates from the class to its members
+(for example, `volatileGadget.name_` and `volatileGadget.state_` are `volatile` variables).
+[section `volatile`, Critical Sections, and Race Conditions]
+The simplest and the most often-used synchronization device in multithreaded programs is the mutex.
+[/A mutex
+exposes the `lock` and `unlock` primitives. Once you call `lock` in some thread, any other thread calling
+`lock` will block. Later, when that thread calls `unlock`, precisely one thread blocked in an `lock` call
+will be released. In other words, for a given mutex, only one thread can get processor time in between a
+call to `lock` and a call to `unlock`. The executing code between a call to `lock` and a call to `unlock`
+is called a critical section. (Windows terminology is a bit confusing because it calls the mutex itself a
+critical section, while "mutex" is actually an inter-process mutex. It would have been nice if they were
+called thread mutex and process mutex.)
+Mutexes are used to protect data against race conditions. By
+definition, a race condition occurs when the effect of more threads on data depends on how threads are
+scheduled. Race conditions appear when two or more threads compete for using the same data. Because threads
+can interrupt each other at arbitrary moments in time, data can be corrupted or misinterpreted. Consequently,
+changes and sometimes accesses to data must be carefully protected with critical sections. In
+object-oriented programming, this usually means that you store a mutex in a class as a member variable and
+use it whenever you access that class' state. Experienced multithreaded programmers might have yawned
+reading the two paragraphs above, but their purpose is to provide an intellectual workout, because now we
+will link with the `volatile` connection. We do this by drawing a parallel between the C++ types' world and
+the threading semantics world.
+* Outside a critical section, any thread might interrupt any other at any time; there is no control, so
+ consequently variables accessible from multiple threads are `volatile`. This is in keeping with the
+ original intent of `volatile` -- that of preventing the compiler from unwittingly caching values used by
+ multiple threads at once.
+* Inside a critical section defined by a mutex, only one thread has access. Consequently, inside a
+ critical section, the executing code has single-threaded semantics. The controlled variable is not
+ `volatile` anymore -- you can remove the `volatile` qualifier.
+In short, data shared between threads is conceptually `volatile` outside a critical section, and non-volatile
+inside a critical section. You enter a critical section by locking a mutex. You remove the `volatile`
+qualifier from a type by applying a `const_cast`. If we manage to put these two operations together, we
+create a connection between C++'s type system and an application's threading semantics. We can make the
+compiler check race conditions for us.
+[section `locking_ptr`]
+We need a tool that collects a mutex acquisition and a `const_cast`. Let's develop a `locking_ptr` class template
+that you initialize with a volatile object obj and a mutex mtx. During its lifetime, a `locking_ptr` keeps mtx
+acquired. Also, `locking_ptr` offers access to the volatile-stripped obj. The access is offered in a smart
+pointer fashion, through operator-> and operator*. The `const_cast` is performed inside `locking_ptr`. The cast
+is semantically valid because `locking_ptr` keeps the mutex acquired for its lifetime. First, let's define the
+skeleton of a class `mutex` with which `locking_ptr` will work:
+ class mutex
+ {
+ public:
+ void lock();
+ void unlock();
+ ...
+ };
+`locking_ptr` is templated with the type of the controlled variable and the exclusive lockable type.
+For example, if you want to
+control a Widget, you use a `locking_ptr<Widget> that you initialize with a variable of type `volatile` Widget.
+`locking_ptr` is very simple. `locking_ptr` implements an unsophisticated smart pointer. It focuses
+solely on collecting a `const_cast` and a critical section.
+ template <typename T>
+ class locking_ptr {
+ public:
+ // Constructors/destructors
+ locking_ptr(volatile T& obj, mutex& mtx)
+ : obj_(*const_cast<T*>(&obj)),
+ mtx_(mtx)
+ { mtx_.lock(); }
+ ~locking_ptr()
+ { mtx_->unlock(); }
+ // Pointer behavior
+ T& operator*()
+ { return obj_; }
+ T* operator->()
+ { return &obj_; }
+ private:
+ T& obj_;
+ mutex& mtx_;
+ locking_ptr(const locking_ptr&);
+ locking_ptr& operator=(const locking_ptr&);
+ };
+In spite of its simplicity, `locking_ptr` is a very useful aid in writing correct multithreaded code. You
+should define objects that are shared between threads as volatile and never use `const_cast` with them --
+always use `locking_ptr` automatic objects. Let's illustrate this with an example. Say you have two threads
+that share a vector<char> object:
+ class SynchroBuf {
+ public:
+ void Thread1();
+ void Thread2();
+ private:
+ typedef vector<char> BufT;
+ volatile BufT buffer_;
+ mutex mtx_; // controls access to buffer_
+ };
+Inside a thread function, you simply use a `locking_ptr<BufT>` to get controlled access to the `buffer_`
+member variable:
+ void SynchroBuf::Thread1() {
+ locking_ptr<BufT> lpBuf(buffer_, mtx_);
+ BufT::iterator i = lpBuf->begin();
+ for (; i != lpBuf->end(); ++i) {
+ ... use *i ...
+ }
+ }
+The code is very easy to write and understand -- whenever you need to use `buffer_`, you must create a
+`locking_ptr<BufT>` pointing to it. Once you do that, you have access to vector's entire interface. The nice
+part is that if you make a mistake, the compiler will point it out:
+ void SynchroBuf::Thread2() {
+ // Error! Cannot access 'begin' for a volatile object
+ BufT::iterator i = buffer_.begin();
+ // Error! Cannot access 'end' for a volatile object
+ for (; i != lpBuf->end(); ++i) {
+ ... use *i ...
+ }
+ }
+You cannot access any function of `buffer_` until you either apply a `const_cast` or use `locking_ptr`. The
+difference is that `locking_ptr` offers an ordered way of applying `const_cast` to volatile variables.
+`locking_ptr` is remarkably expressive. If you only need to call one function, you can create an unnamed
+temporary `locking_ptr` object and use it directly:
+ unsigned int SynchroBuf::Size() {
+ return locking_ptr<BufT>(buffer_, mtx_)->size();
+ }
+[section Back to Primitive Types]
+We saw how nicely `volatile` protects objects against uncontrolled access and how `locking_ptr` provides a
+simple and effective way of writing thread-safe code. Let's now return to primitive types, which are
+treated differently by `volatile`. Let's consider an example where multiple threads share a variable of
+type int.
+ class Counter
+ {
+ public:
+ ...
+ void Increment() { ++ctr_; }
+ void Decrement() { --ctr_; }
+ private:
+ int ctr_;
+ };
+If Increment and Decrement are to be called from different threads, the fragment above is buggy. First,
+`ctr_` must be volatile. Second, even a seemingly atomic operation such as `++ctr_` is actually a
+three-stage operation. Memory itself has no arithmetic capabilities. When incrementing a variable, the
+* Reads that variable in a register
+* Increments the value in the register
+* Writes the result back to memory
+This three-step operation is called RMW (Read-Modify-Write). During the Modify part of an RMW operation,
+most processors free the memory bus in order to give other processors access to the memory. If at that
+time another processor performs a RMW operation on the same variable, we have a race condition: the second
+write overwrites the effect of the first. To avoid that, you can rely, again, on `locking_ptr`:
+ class Counter
+ {
+ public:
+ ...
+ void Increment() { ++*locking_ptr<int, boost::mutex>(ctr_, mtx_); }
+ void Decrement() { --*locking_ptr<int, boost::mutex>(ctr_, mtx_); }
+ private:
+ volatile int ctr_;
+ boost::mutex mtx_;
+ };
+Now the code is correct, but its quality is inferior when compared to SynchroBuf's code. Why? Because with
+Counter, the compiler will not warn you if you mistakenly access `ctr_` directly (without locking it). The
+compiler compiles `++ctr_` if `ctr_` is volatile, although the generated code is simply incorrect. The compiler
+is not your ally anymore, and only your attention can help you avoid race conditions. What should you do
+then? Simply encapsulate the primitive data that you use in higher-level structures and use `volatile` with
+those structures. Paradoxically, it's worse to use `volatile` directly with built-ins, in spite of the fact
+that initially this was the usage intent of `volatile`!
+[section `volatile` Member Functions]
+So far, we've had classes that aggregate `volatile` data members; now let's think of designing classes that
+in turn will be part of larger objects and shared between threads. Here is where `volatile` member functions
+can be of great help. When designing your class, you volatile-qualify only those member functions that are
+thread safe. You must assume that code from the outside will call the volatile functions from any code at
+any time. Don't forget: `volatile` equals free multithreaded code and no critical section; non-volatile
+equals single-threaded scenario or inside a critical section. For example, you define a class Widget that
+implements an operation in two variants -- a thread-safe one and a fast, unprotected one.
+ class Widget
+ {
+ public:
+ void Operation() volatile;
+ void Operation();
+ ...
+ private:
+ boost::mutex mtx_;
+ };
+Notice the use of overloading. Now Widget's user can invoke Operation using a uniform syntax either for
+volatile objects and get thread safety, or for regular objects and get speed. The user must be careful
+about defining the shared Widget objects as `volatile`. When implementing a `volatile` member function, the
+first operation is usually to lock this with a `locking_ptr`. Then the work is done by using the non-volatile sibling:
+ void Widget::Operation() volatile
+ {
+ locking_ptr<Widget,boost::mutex> lpThis(*this, mtx_);
+ lpThis->Operation(); // invokes the non-volatile function
+ }
+[section Generic `locking_ptr`]
+The `locking_ptr` works with a mutex class. How to use it with other mutexes?
+We can make a more generic `locking_ptr` adding a Lockable template parameter.
+[/As the more common use will be `boos::mutex` this will be the default value]
+Every model of the ExclusiveLockable concept can be used as parameter.
+[section Specific `locking_ptr` for lockable value types]
+When the value type is itself lockable we can simplify the `locking_ptr` as follows:
Boost-Commit list run by bdawes at acm.org, david.abrahams at rcn.com, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk