On Sun., 21 Oct. 2018, 2:05 am Walter Bright via Digitalmars-d, < [email protected]> wrote:
> On 10/20/2018 11:30 AM, Manu wrote: > > You can write an invalid program in any imaginable number of ways; > > that's just not an interesting discussion. > > What we're discussing is not an invalid program, but what guarantees the > type > system can provide. > > D's current type system guarantees that a T* and a shared(T)* do not point > to > the same memory location in @safe code. > My proposal guarantees that too, but in a more interesting way, because it opens the door to a whole working model. And it's totally @safe. To get them to point to the same memory location, you've got to dip into > @system > code, where *you* become responsible for maintaining the guarantees. > My model preserves that property. Why do you think I'm running that static guarantee? It's all irrelevant if you don't express any mechanism to *do* anything. Shared today does not have any use. It simply expresses that data *is* shared, and says nothing about what you can do with it. If you don't express a safe mechanism for interacting with shared data, then simply expressing the distinction of shared data really is completely uninteresting. It's just a marker that's mixed up in a bunch of unsafe code. I'm no more satisfied than I am with C++. Shared needs to do something; I propose that it strictly models operations that are threadsafe and semantic restrictions required to support that, and then you have a *usage* scheme, which is safe, and API conveys proper interaction.. not just an uninteresting marker. I'm genuinely amazed that you're not intrigued by a @safe shared proposition. Nobly likes @safe more than you. I could run our entire SMP stack 100% @safe. I am going to fork D with this feature one way or another. It's the most meaningful and compelling opportunity I've seen in ever. If there's ever been a single thing that could truly move a bunch of C++ programmers, this is it. C++ can do a crappy job of modelling most stuff in D, but it simply can't go anywhere near this, and I've been working on competing C++ models for months. SMP is the future, we're going all-in this generation. Almost every function in our codebase runs in an SMP environment... And I was staggered that I was able to work this definition through to such a simple and elegant set of rules. I can't get my head around why people aren't more excited about this... fully @safe SMP is huge! >
