shared - i need it to be useful

Timon Gehr timon.gehr at gmx.ch
Mon Oct 22 21:16:05 UTC 2018 

On 22.10.18 21:29, Manu wrote:
> On Mon, Oct 22, 2018 at 7:10 AM Simen Kjærås via Digitalmars-d
> <digitalmars-d at puremagic.com> wrote:
>>
>> On Monday, 22 October 2018 at 13:40:39 UTC, Timon Gehr wrote:
>>> module reborked;
>>> import atomic;
>>>
>>> void main()@safe{
>>>      auto a=new Atomic!int;
>>>      import std.concurrency;
>>>      spawn((shared(Atomic!int)* a){ ++*a; }, a);
>>>      ++a.tupleof[0];
>>> }
>>
>> Finally! Proof that MP is impossible. On the other hand, why the
>> hell is that @safe? It breaks all sorts of guarantees about
>> @safety. At a minimum, that should be un- at safe.
>>
>> Filed in bugzilla: https://issues.dlang.org/show_bug.cgi?id=19326
> 
> Yeah, that's shockingly dangerous for all sorts of reasons!
> I mean, is this really an argument to destroy my proposal,

It was a way to satisfy Simen's (imho, arbitrary) constraint that the 
@safe code should be in a different module.

> or are you just destroying @safe in general?
> 

It is likely that there is @trusted code in the wild that is currently 
broken because of the assumption that private data cannot be modified by 
untrusted actors. I think if we can have e.g. @trusted data that cannot 
be manipulated at all from @safe code (including taking addresses), a 
lot more is possible. shared on variables/fields could then imply @trusted.

It is then however still not clear that it makes sense to allow implicit 
conversion from unshared to shared. It may still be error prone, or even 
impossible to realize. For example, it could hypothetically be the case 
that each processor has its own address space and there is additionally 
some shared address space, in which case allocation would differ for 
data that is shared and data that is unshared.

So I would again like to ask: why can't classes that want to be able to 
have their references implicitly converted to shared and then be sent to 
other threads not just make all members 'shared'? Under your proposal, 
they can never know that they have not already been implicitly converted 
to 'shared' anyway, so any unshared code already needs to take into 
account the possibility that there are other, concurrent accesses.

More information about the Digitalmars-d mailing list