On Sunday, 21 October 2018 at 09:50:09 UTC, Walter Bright wrote:
On 10/20/2018 11:24 AM, Manu wrote:
This is an unfair dismissal.
It has nothing at all to do with fairness. It is about what the
type system guarantees in @safe code. To repeat, the current
type system guarantees in @safe code that T* and shared(T)* do
not point to the same memory location.
Does your proposal maintain that or not? It's a binary question.
No. Instead, it proposes something more useful: once cast to
shared(T)*, only thread-safe operations may be performed on it.
> int* a;
> shared(int)* b = a;
This is not safe.
Under MP, this is perfectly safe - you can do nothing with a
shared(int)*, except call un-@safe, non-thread-safe functions on
it, which will *fail to compile* under @safe.
---- Manu's Proposal ---
@safe:
int i;
int* a = &i;
StartNewThread(a); // Compiles! Coder has no idea!
... in the new thread ...
void StartOfNewThread(shared(int)* b) {
... we have two threads accessing 'i',
one thinks it is shared, the other unshared,
and StartOfNewThread() has no idea and anyone
writing code for StartOfNewThread() has no way
to know anything is wrong ...
lockedIncrement(b); // Data Race!
}
Someone's messed up if they've marked lockedIncrement @safe -
under MP, it shouldn't be. lockedIncrement is a very low-level
piece of functionality, and should be @system. It also shouldn't
take a shared(int)*, but a int*, forcing an unsafe cast and
making it obvious the code is un@safe.
--
Simen
