Safe reference counting cannot be implemented as a library

Rikki Cattermole via Digitalmars-d digitalmars-d at puremagic.com
Tue Oct 27 04:50:16 PDT 2015 

On 28/10/15 12:41 AM, Andrei Alexandrescu wrote:
> (Title is borrowed from Hans Boehm's famous "Threads cannot be
> implemented as a library",
> http://www.hpl.hp.com/techreports/2004/HPL-2004-209.pdf.)
>
> We want to implement safe reference counting in D, and the sentiment
> that it can be done in a library (with no or minimal changes to the
> language) is often echoed in the newsgroup. This post explains that
> reference counting can be implemented as a library _only_ if safety is
> forgone. If safety is desired, reference counting must be built into
> language semantics.
>
> The crux of the matter is modular typechecking. Consider the following
> example:
>
> // module widget.d
> @safe class Widget {
>    void fun() {
>      g_widget = this;
>    }
> }
> static Widget g_widget;
> // end of module widget.d
>
> This is a perfect valid D class, and safe too. The typechecker assumes
> infinite lifetime for all Widget objects, and allows escaping the
> reference to this from foo() into the global.
>
> Numerous similar examples can be constructed involving more elaborate
> escaping patterns than this simple global assignment.
>
> Now, once the typechecker OKs module widget.d, the summary that all
> other typechecking "sees" is:
>
> @safe class Widget {
>    void fun();
> }
>
> A library reference counting wrapper a la RC!Widget needs to allow calls
> to fun(). Once that happens, the global will hold an alias to the
> respective Widget object indefinitely, which means as soon as the
> RC!Widget object is released by the reference counting protocol,
> g_widget will become a dangling reference.
>
> It follows that if we want safe reference counting, there must be
> language support for it. One possibility is to attach an attribute to
> the class definition:
>
> @safe @rc class Widget {
>    ...
> }
>
> Then the compiler is able to enforce more stringent typechecking on
> Widget (for example, address of fields are not allowed to escape) and
> also insert the appropriate reference counting logic. This will be a
> topic discussed on the lifetime list.
>
>
> Andrei

Thought: we have RTInfo where we can place anything we want for a type.
Perhaps we could explore this avenue a bit?

A library solution, but perhaps in druntime instead of e.g. Phobos.
Add in compiler hooks and wala. Language support for it.

Other random thoughts, a storage attribute cast(@rc)myRef;
On a class (as you shown) @rc class Widget {}

I think there is no one solution here. But similar behavior with 
slightly different semantics.

Anyway, the only wrong solution involves:

RefCount!T func(IAllocator alloc=theAllocator) {
	return RefCount!T(alloc.make!T, alloc);
}

Which I'm already doing.
And now I want to join that group... great.

More information about the Digitalmars-d mailing list