Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > The threading specs in the standard: a new catastrophe

Reply
Thread Tools

The threading specs in the standard: a new catastrophe

 
 
jacob navia
Guest
Posts: n/a
 
      07-07-2011
The committee has decided, for reasons unknown to me (there is no
explanation why is this necessary anywhere) to go on with the flawed
Dinkum library specs and proclaim that library as the new standard specs
for the whole language, what will surely please Plauger but leaves the
rest of us with a pile of errors.

I posted in this group on June 8th, 2009, a detailed critique of that
library. Two years later all the original errors are there, together
with new ones. I will repost again then, the most glaring errors with
the hope that the committee corrects them before is too late and stops
this whole idea.

1) The specs use concepts from C++ without furnishing the slightest
explanation of how those concepts should be understood within the C
language.

Examples:
--------
7.25.1.3
TSS_DTOR_ITERATIONS
which expands to an integer constant expression representing the
maximum number of times that destructors will be called when a
thread terminates.

The committee thinks apparently that the term "destructors" is
common in C so that doesn't need any definition or explanation of what
that should be in the context of the C language. The term doesn't even
appear in the index nor is explained anywhere.


7.25.1.4
cnd_t
which is a complete object type that holds an identifier for a
condition variable;

How can a type "hold an identifier" ??? The committee defines in
6.4.2.1.2 an identifier as a sequence of letters that designates
one or more entities.
Now, we have the opposite: a type holds an identifier and nowhere
is explained what that should mean!

2) The proposed functions are absurd.

Take, for instance, nothing less than the thread creation function
thrd_create:

int thrd_create(thrd_t *thr, thrd_start_t func,void *arg);

As you can see, there are *no arguments that can be passed to the
underlying operating system* to further specify the newly created
thread. (The "args" arument is an argument for the thread).

The pthreads standard (POSIX) proposes an "attributes" argument. The
Microsoft threads propose a "security attributes" and a set of flags
that further specify the newly created thread. The C API proposes
NOTHING so it is impossible to use.

Since there is no way to specify the attributes, this function MUST
use the default attributes that are NOWHERE specified. This means
that two compiler systems could very well produce two different sets
of attributes to be passed to the underlying thread creation
functions so that we would have a differnt behavior for the same
source compiled in the same machine. This is completely ridiculous!

The mutex creation functions do not specify any security/ownership
specifications either.
Anybody can use anything. This will force all
developers that run in a security sensitive environment to reject
this specs. C stayed in the single user era.

The specifications are completely unusable in many other functions:
For instance:
The thrd_detach function tells the operating system to dispose of
any resources allocated to the thread identified by thr when that
thread terminates.

That's new to me. The OS should free all memory allocated by the
thread? Close all files? This is highly system dependent and
many systems could very well not do the cleanup until the process
that created those ressources stops.

3) New types are defined without any specification.
Example:
-------
The "xtime" data type is defined as
struct xtime { time_t sec; long nanoseconds; };

What is the epoch of the "sec" member? Nobody knows. When you call
a function using an "xtime" as argument with
(struct xtime) {5,0}
means:
A)
I call this function with a timeout of five seconds, i.e. the "sec"
epoch starts running at the instant of function call.

B)
I call it with a timeout of January first 1970 and five seconds,
i.e. since the "sec" member is a time_t and time_t variables are
used to store CALENDAR TIMES (as per difftime specs in 7.26.2.1)
I specify a timeout that has already expired.

Nowhere in the standard is the "xtime" explained or further described.
The committee supposes that it suffices to name a member "sec" for
its meaning to be crystal clear.

I fear that is not the case.


4) The new types aren't connected to the rest of the language.

How do you convert an "xtime" into a character string?
Does strftime accept the new type?
Note that nowhere was specified that time_t shuld be in seconds
since the creation of the language. Now, the committee decides
that time_t is in seconds without giving any second thoughts
to this change. There is a CLOCKS_PER_SEC macro defined in the
standard a few pages after this specs. Is that obsolete?
Should we divide the "sec" member by CLOCKS_PER_SECOND to
obtain the actual seconds?

Not a word of those problems, nothing. This would be comic
if it weren't so sad.


5) Error analysis is very difficult.

The proposed functions return the enum value "thrd_error" if
SOMETHING goes wrong. Impossible to know WHAT did go wrong since
nowhere is specified if errno should have a value set or how
to figure out WHAT HAPPENED!!! There is NO WAY that the running
program can communicate the reasons of failure so that we are
left in the dark as to why each error happens. The Microsoft API
specifies GetLastError() and pthreads have errno and other
mechanisms to further speicify what kind of error happened. This
specs ignore all that. It doesn't work, now go figure what happens
during HOURS of debugging!

I am repeating here in an expanded form the critique that I wrote
in comp.std.c in a message on June 8th 2009. There was no answer then,
and there has been no change since. ALl errors I pointed out then are
still in the specs.

I hope this time they will listen or at least justify what they are
doing. Copy/Paste of Plauger's library docs is not enough to specify
a change to the C language, excuse me.

 
Reply With Quote
 
 
 
 
Juha Niskanen
Guest
Posts: n/a
 
      07-07-2011
On 2011-07-07, jacob navia <(E-Mail Removed)> wrote:
> I am repeating here in an expanded form the critique that I wrote
> in comp.std.c in a message on June 8th 2009. There was no answer then,
> and there has been no change since. ALl errors I pointed out then are
> still in the specs.


Hello Jacob,

Have you reviewed committee document N1570?
Wikipedia says this is the latest draft:

http://www.open-std.org/jtc1/sc22/wg...docs/n1570.pdf

I think some of your critique has been answered already. See also

http://www.open-std.org/jtc1/sc22/wg...docs/n1571.pdf

where the committee "agreed in principle" to change struct xtime to
struct timespec and clarify its semantics to match POSIX more closely.
This change has been applied to N1570.

--
Juha Niskanen

 
Reply With Quote
 
 
 
 
Todd Carnes
Guest
Posts: n/a
 
      07-07-2011
On Thu, 07 Jul 2011 12:33:48 +0200, jacob navia wrote:

[snip]

> I posted in this group on June 8th, 2009, a detailed critique of that
> library. Two years later all the original errors are there, together
> with new ones. I will repost again then, the most glaring errors with
> the hope that the committee corrects them before is too late and stops
> this whole idea.


[snip]

I have no idea if you are right or wrong, and don't pretend to know, but
why would anyone on the standards committee care about one person's
postings on usenet? I doubt they read the newsgoups.

Todd
 
Reply With Quote
 
jacob navia
Guest
Posts: n/a
 
      07-07-2011
Le 07/07/11 16:36, christian.bau a écrit :
> Another rant.
>
> Just your point 2: C threads share memory. Since they share memory,
> you can just about ignore security (there is none).



Ahh, OK. Both pthreads and Microsoft allow for attributes in their
create functions. OK. They are both wrong because Mr Christian Bau
says so.

The security attributes in Microsoft's version concern the inheritance
of the newly created thread handles: are they inherited by child
processes?

You have just shown us your ignorance.

> For security, you
> would need separate processes, and at that point it is really outside
> the realm of C.


As far as I know "system()" creates a new process. But apparently you
think that is "outside the realm of C". OK then.

> So having no "attributes" for thread creation is Ok
> with me.


With you. Not with Microsoft windows or with pthreads.


> And C threads wouldn't pass "default attributes" to some
> underlying system, they just behave as defined by the C standard.


And you think they will not use the underlying operating system or
or what? The underlying OS implementations REQUIRE those parameters
so you HAVE to pass something in there.

> So
> if you encounter different behavior, then either one implementation is
> non-conforming, or your expectations of thread behavior are wrong.


The standard doesn't say if the new thread starts suspended or not,
Compiler "A" starts the thread in a suspended state, compiler "B"
starts without suspension. Which is right?

> Your comments on "thrd_detach" can only be interpreted as a deliberate
> misunderstanding. Allocated memory and opened files are _not_
> "resources allocated to the thread".


no? Then WHAT are those "ressources"? They aren't even specified!

> They are allocated _by_ some
> thread _to_ the whole application.


Depends on the OS.
 
Reply With Quote
 
jacob navia
Guest
Posts: n/a
 
      07-07-2011
Le 07/07/11 15:12, Todd Carnes a écrit :
> On Thu, 07 Jul 2011 12:33:48 +0200, jacob navia wrote:
>
> [snip]
>
>> I posted in this group on June 8th, 2009, a detailed critique of that
>> library. Two years later all the original errors are there, together
>> with new ones. I will repost again then, the most glaring errors with
>> the hope that the committee corrects them before is too late and stops
>> this whole idea.

>
> [snip]
>
> I have no idea if you are right or wrong, and don't pretend to know, but
> why would anyone on the standards committee care about one person's
> postings on usenet? I doubt they read the newsgoups.
>
> Todd


"They do not read anything, or care about anyone."

Is that what you want to say?

Maybe you are just wrong, and they do care about what the community
thinks or proposes.

Or maybe you are right, and they live in limbo. Time will tell.
 
Reply With Quote
 
Jens Gustedt
Guest
Posts: n/a
 
      07-07-2011
Am 07.07.2011 17:09, schrieb jacob navia:
> You have just shown us your ignorance.


I don't think that bashing on people will bring your issue forward.

>> And C threads wouldn't pass "default attributes" to some
>> underlying system, they just behave as defined by the C standard.

>
> And you think they will not use the underlying operating system or
> or what? The underlying OS implementations REQUIRE those parameters
> so you HAVE to pass something in there.


Yes, certainly. An implementation of the C1x stuff has to provide the
right arguments to the OS implementation of threads, e.g if the the
underlying implementation is pthread, it has to set the attribute
argument properly, if the default for pthread is not conforming to
C1x. I don't see a particular difficulty in that one, it is the C1x
thrd implementation that has to provide these arguments.

You would be right in saying that this model is kind of restrictive,
allowing for only one execution model. In particular it is a pity that
it doesn't allow to start threads in a detached state.

> The standard doesn't say if the new thread starts suspended or not,
> Compiler "A" starts the thread in a suspended state, compiler "B"
> starts without suspension. Which is right?


Hm, since it doesn't define the term "suspended state" and supension
of a thread is only done via a sleep function for a limited time, I
don't really understand your issue here.

>> Your comments on "thrd_detach" can only be interpreted as a deliberate
>> misunderstanding. Allocated memory and opened files are _not_
>> "resources allocated to the thread".

>
> no? Then WHAT are those "ressources"? They aren't even specified!


Here, a better wording would probably be appropriate. I think
injecting the word "specific" before "resources" would already be a
good disambiguation.


Jens
 
Reply With Quote
 
jacob navia
Guest
Posts: n/a
 
      07-07-2011
Le 07/07/11 18:00, Jens Gustedt a écrit :
> Am 07.07.2011 17:09, schrieb jacob navia:
>> You have just shown us your ignorance.

>
> I don't think that bashing on people will bring your issue forward.
>


Well, he started his message with

"Another rant"

That's OK?

My tone was appropiate for his tone.


>>> And C threads wouldn't pass "default attributes" to some
>>> underlying system, they just behave as defined by the C standard.

>>
>> And you think they will not use the underlying operating system or
>> or what? The underlying OS implementations REQUIRE those parameters
>> so you HAVE to pass something in there.

>
> Yes, certainly. An implementation of the C1x stuff has to provide the
> right arguments to the OS implementation of threads, e.g if the the
> underlying implementation is pthread, it has to set the attribute
> argument properly, if the default for pthread is not conforming to
> C1x. I don't see a particular difficulty in that one, it is the C1x
> thrd implementation that has to provide these arguments.
>
> You would be right in saying that this model is kind of restrictive,
> allowing for only one execution model. In particular it is a pity that
> it doesn't allow to start threads in a detached state.
>


Are the threads visible to child processes? Microsoft requires a
"security attributes" parameter that defines if the thread is inherited
to child process or not. Compilar "A" under windows decides that the
threads aren't visible, compiler "B" decides that they are. Which is
right?

>> The standard doesn't say if the new thread starts suspended or not,
>> Compiler "A" starts the thread in a suspended state, compiler "B"
>> starts without suspension. Which is right?

>
> Hm, since it doesn't define the term "suspended state" and supension
> of a thread is only done via a sleep function for a limited time, I
> don't really understand your issue here.
>


A thread is suspended when the OS doesn't run it and doesn't schedule
it.

>>> Your comments on "thrd_detach" can only be interpreted as a deliberate
>>> misunderstanding. Allocated memory and opened files are _not_
>>> "resources allocated to the thread".

>>
>> no? Then WHAT are those "ressources"? They aren't even specified!

>
> Here, a better wording would probably be appropriate. I think
> injecting the word "specific" before "resources" would already be a
> good disambiguation.
>


It should be clear from the specifications text what those ressources are.

 
Reply With Quote
 
Wojtek Lerch
Guest
Posts: n/a
 
      07-07-2011
On 07/07/2011 6:33 AM, jacob navia wrote:
....
> 2) The proposed functions are absurd.
>
> Take, for instance, nothing less than the thread creation function
> thrd_create:
>
> int thrd_create(thrd_t *thr, thrd_start_t func,void *arg);
>
> As you can see, there are *no arguments that can be passed to the
> underlying operating system* to further specify the newly created
> thread. (The "args" arument is an argument for the thread).
>
> The pthreads standard (POSIX) proposes an "attributes" argument. The
> Microsoft threads propose a "security attributes" and a set of flags
> that further specify the newly created thread. The C API proposes
> NOTHING so it is impossible to use.


Do you find fopen() absurd and impossible to use too? Or are file or
stream attributes (such as the POSIX permission bits, or O_EXCL) less
important to you than some of the thread attributes that POSIX or
Windows have?

 
Reply With Quote
 
Malcolm McLean
Guest
Posts: n/a
 
      07-07-2011
On Jul 7, 7:31*pm, Wojtek Lerch <(E-Mail Removed)> wrote:
>
> Do you find fopen() absurd and impossible to use too? *Or are file or
> stream attributes (such as the POSIX permission bits, or O_EXCL) less
> important to you than some of the thread attributes that POSIX or
> Windows have?
>

If it's the only interface to the file system, you may have problems.
For instance you can't tell the size of a file, you can't scan a
directory, you can't set read or write permissions or flag it as a
temporary. You can't lock it from other processes.

--
Visit my website
http://www.malcolmmclean.site11.com/www

 
Reply With Quote
 
Wojtek Lerch
Guest
Posts: n/a
 
      07-07-2011
On 07/07/2011 12:40 PM, Malcolm McLean wrote:
> On Jul 7, 7:31 pm, Wojtek Lerch<(E-Mail Removed)> wrote:
>>
>> Do you find fopen() absurd and impossible to use too? Or are file or
>> stream attributes (such as the POSIX permission bits, or O_EXCL) less
>> important to you than some of the thread attributes that POSIX or
>> Windows have?
>>

> If it's the only interface to the file system, you may have problems.


Or not, depending on what you're trying to do.

> For instance you can't tell the size of a file, you can't scan a
> directory, you can't set read or write permissions or flag it as a
> temporary. You can't lock it from other processes.


Right; but if you do need to do any of those things, then you can't rely
on C99 alone. You need to lose some portability and rely on something
like POSIX or the Windows API or whatever. But that doesn't make
fopen() absurd or impossible to use -- a lot of code has been written
that happily uses fopen() without worrying about any of the fancy
OS-specific stuff.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: threading in PyQt vs threading in standard library Steven Woody Python 0 01-09-2009 07:48 AM
threading in PyQt vs threading in standard library Steven Woody Python 0 01-09-2009 07:15 AM
REVIEW: "Confronting Catastrophe: A GIS Handbook", R. W. Greene Rob Slade, doting grandpa of Ryan and Trevor Computer Security 0 11-17-2008 10:49 PM
Cooperative threading preemptive threading - a bit confused failure_to@yahoo.co.uk Java 9 12-29-2007 01:10 AM
New Computer Specs Question Nik Schlein Computer Support 9 11-15-2004 06:57 PM



Advertisments