shared - i need it to be useful

Walter Bright newshound2 at digitalmars.com
Sun Oct 21 09:50:09 UTC 2018 

On 10/20/2018 11:24 AM, Manu wrote:
> This is an unfair dismissal.

It has nothing at all to do with fairness. It is about what the type system 
guarantees in @safe code. To repeat, the current type system guarantees in @safe 
code that T* and shared(T)* do not point to the same memory location.

Does your proposal maintain that or not? It's a binary question.

> I'm not sure you've understood the proposal.
> This is the reason for the implicit conversion. It provides safe
> transition.

I don't see any way to make an implicit T* to shared(T)* safe, or vice versa. 
The T* code can create more aliases that the conversion doesn't know about, and 
the shared(T)* code can hand out aliases to other threads. So it all falls to 
pieces. Using a 'scope' qualifier won't work, because 'scope' isn't transitive, 
while shared is, i.e. U** and shared(U*)*.

 > I'm not sure how to clarify it, what can I give you?

Write a piece of code that does such an implicit conversion that you argue is 
@safe. Make the code as small as possible. Your example:

 > int* a;
 > shared(int)* b = a;

This is not safe.

---- Manu's Proposal ---
@safe:
int i;
int* a = &i;
StartNewThread(a); // Compiles! Coder has no idea!

... in the new thread ...
void StartOfNewThread(shared(int)* b) {

     ... we have two threads accessing 'i',
     one thinks it is shared, the other unshared,
     and StartOfNewThread() has no idea and anyone
     writing code for StartOfNewThread() has no way
     to know anything is wrong ...

     lockedIncrement(b);  // Data Race!
}
--- Current D ---
@safe:
int i;
int* a = &i;
StartNewThread(a);   // Danger, Will Robinson! Does Not Compile!
StartNewThread(cast(shared(int)*) a) // Danger, Will Robinson!
                                      // Unsafe Cast! Does Not Compile!
---

Your proposal means that the person writing the lockedIncrement(), which is a 
perfectly reasonable thing to do, simply cannot write it in a way that has a 
@safe interface, because the person writing the lockedIncrement() library 
function has no way to know that the data it receives is actually unshared data.

I.e. @trusted code is obliged to proved a safe interface. Your proposal makes 
that impossible because the compiler would allow unshared data to be implicitly 
typed as shared.

More information about the Digitalmars-d mailing list