all OS functions should be "nothrow @trusted @nogc"
Moritz Maxeiner via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 25 08:29:55 PDT 2017
On Tuesday, 25 July 2017 at 14:39:15 UTC, Shachar Shemesh wrote:
> On 25/07/17 17:24, Moritz Maxeiner wrote:
>> On Tuesday, 25 July 2017 at 13:50:16 UTC, Shachar Shemesh
>> wrote:
>>> The title really does says it all.
>>
>> Since you explicitly state *all* OS functions:
>> nothrow: Should be OK (only callbacks could violate this and
>> they should be nothrow, anyway).
> Technically, any system call that is a pthreads cancellation
> point may throw a C++ exception.
Good to know, then since D is supposed to be able to catch C++
exceptions (and can on 64bit Linux [1]) none of those may be
attributed as `nothrow`, because C++ exceptions don't derive from
`Error`.
>
> If we go down that route, however, calling system calls from
> nothrow becomes completely impossible, which is another way of
> saying that decorating just about anything with nothrow becomes
> impossible.
No. `nothrow` functions can call throwing ones, as long as they
catch any exceptions not derived from Error thrown by them.
>
>> @trusted: This can only be done for those functions that don't
>> take arguments open to memory corruption. Take a look at POSIX
>> read, it can never be trusted (same as any C function taking
>> pointer+length of pointed to).
>> @nogc: This can only be done for those functions that are
>> statically known to never call a D callback that's not also
>> @nogc. Take a look at pthread_create vor pthread_join, they
>> can never be @nogc, because that would mean threads may never
>> allocate with the GC.
>
> The decoration's situation with callbacks is pretty horrible
> throughout D.
Do you mean throughout druntime and phobos?
> I'm not sure this is the most compelling argument, however. The
> function passed to pthread_create does not, logically, run in
> the pthread_create function. As such, I don't think this logic
> holds.
Then the @nogc definition would need to be updated from: "or
indirectly through functions it may call" to reflect this,
because that can be interpreted both ways.
>
> As for pthread_join, I have no idea what you meant by it.
> Please elaborate why you think it is a problem.
Possible scenario on single core (no hyperthreading) system:
- thread 1 spawns thread 2
- thread 1 enters @nogc function `foo` and calls `pthread_join`
on thread 2 before its own timeslice is over (and thus enters
blocked state)
- thread 2 does work allocating via the GC, then terminates
- thread 1 wakes up and leaves @nogc function `foo`
Because @nogc (in contrast to nothrow) is explicitly designed as
transitive, logically speaking, `foo` violated its @nogc
constraint (it *caused* the GC allocations in thread 2).
>
>>
>> ---
>> auto result = () @trusted { return systemFunction(...) }();
>> ---
>
> Care to explain how to adapt that neat trick for "nothrow" and
> "@nogc"?
nothrow: assumeWontThrow [2]
@nogc: assumeNoGC [3]
[1] http://forum.dlang.org/thread/n7jorc$1ied$1@digitalmars.com
[2] https://dlang.org/library/std/exception/assume_wont_throw.html
[3] https://p0nce.github.io/d-idioms/#Bypassing-@nogc
More information about the Digitalmars-d
mailing list