Temporally safe by default

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Fri Apr 5 09:59:58 UTC 2024 

On 05/04/2024 10:11 PM, Dukc wrote:
>     Temporal safety is about making sure one thread doesn't stomp all
>     over memory that another thread also knows about.
> 
>     So this is locking, ensuring only one thread has a reference to it,
>     atomics ext.
> 
>     Moving us over to this without the edition system would break
>     everyone's code. So it has to be based upon this.
> 
>     So the question of this thread is all about how do we annotate our
>     code to indicate its temporally safe and how does it map into older
>     editions view of what safe is. There is at least three different
>     solutions to this that I have come up with.
> 
> Isn't |shared| just for this? As far as I can tell, you can define a 
> data structure struct that, when |shared|, allows multiple threads to 
> access it, works from 100% |@safe| client code and doesn't allow any 
> data races to happen.
> 
> Of course, actually implementing the data structure is challenging, just 
> as it is for a dip1000-using reference counted data structure.

``shared`` doesn't provide any guarantees.

At best it gives us a story that makes us think that we have it solved. 
A very comforting story in fact. So much so people want to use it.

Which also happens to make it a very bad language feature that I want to 
see removed. Lies like this do not improve the D experience. They do not 
allow optimizations to occur.

See all the examples of people having to cast on/off ``shared`` to pass 
memory between threads. With temporal safety we'd have some sort of 
immutable reference that enables us to transfer ownership of an object 
across the function/threads. With guarantee that it isn't accessible by 
somebody else.

There should also be some determination if a function is temporally safe 
if it only accesses atomics, has been synchronized, only uses immutable 
references, or immutable data.

Note: immutable reference does not refer to the ``immutable`` type 
qualifier, but of a language feature where the reference to memory is 
limited to a single location.

More information about the dip.ideas mailing list