On 10/18/18 9:35 AM, Steven Schveighoffer wrote:
struct NotThreadsafe
{
private int x;
void local()
{
++x; // <- invalidates the method below, you violate the other
function's `shared` promise
}
void notThreadsafe() shared
{
atomicIncrement(&x);
}
}
[snip]
But on top of that, if I can't implicitly cast mutable to shared, then
this ACTUALLY IS thread safe, as long as all the casting in the module
is sound (easy to search and verify), and hopefully all the casting is
encapsulated in primitives like you have written. Because someone on the
outside would have to cast a mutable item into a shared item, and this
puts the responsibility on them to make sure it works.
Another thing to point out -- I can make x public (not private), and
it's STILL THREAD SAFE.
-Steve
