On 21/10/2018 10:41 PM, Manu wrote:
On Sun., 21 Oct. 2018, 2:05 am Walter Bright via Digitalmars-d,
<digitalmars-d@puremagic.com <mailto:digitalmars-d@puremagic.com>> wrote:
On 10/20/2018 11:30 AM, Manu wrote:
> You can write an invalid program in any imaginable number of ways;
> that's just not an interesting discussion.
What we're discussing is not an invalid program, but what guarantees
the type
system can provide.
D's current type system guarantees that a T* and a shared(T)* do not
point to
the same memory location in @safe code.
My proposal guarantees that too, but in a more interesting way, because
it opens the door to a whole working model. And it's totally @safe.
To get them to point to the same memory location, you've got to dip
into @system
code, where *you* become responsible for maintaining the guarantees.
My model preserves that property. Why do you think I'm running that
static guarantee?
It's all irrelevant if you don't express any mechanism to *do* anything.
Shared today does not have any use. It simply expresses that data *is*
shared, and says nothing about what you can do with it.
If you don't express a safe mechanism for interacting with shared data,
then simply expressing the distinction of shared data really is
completely uninteresting.
It's just a marker that's mixed up in a bunch of unsafe code. I'm no
more satisfied than I am with C++.
Shared needs to do something; I propose that it strictly models
operations that are threadsafe and semantic restrictions required to
support that, and then you have a *usage* scheme, which is safe, and API
conveys proper interaction.. not just an uninteresting marker.
I'm genuinely amazed that you're not intrigued by a @safe shared
proposition. Nobly likes @safe more than you.
I could run our entire SMP stack 100% @safe.
I am going to fork D with this feature one way or another. It's the most
meaningful and compelling opportunity I've seen in ever. If there's ever
been a single thing that could truly move a bunch of C++ programmers,
this is it. C++ can do a crappy job of modelling most stuff in D, but it
simply can't go anywhere near this, and I've been working on competing
C++ models for months.
SMP is the future, we're going all-in this generation. Almost every
function in our codebase runs in an SMP environment... And I was
staggered that I was able to work this definition through to such a
simple and elegant set of rules.
I can't get my head around why people aren't more excited about this...
fully @safe SMP is huge!
I'm excited, but you need to write a DIP even if preliminary which shows
both new semantics but also shows both working and current code to
compare them.
