Temporally safe by default
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Fri Apr 5 09:59:58 UTC 2024
On 05/04/2024 10:11 PM, Dukc wrote:
> Temporal safety is about making sure one thread doesn't stomp all
> over memory that another thread also knows about.
>
> So this is locking, ensuring only one thread has a reference to it,
> atomics ext.
>
> Moving us over to this without the edition system would break
> everyone's code. So it has to be based upon this.
>
> So the question of this thread is all about how do we annotate our
> code to indicate its temporally safe and how does it map into older
> editions view of what safe is. There is at least three different
> solutions to this that I have come up with.
>
> Isn't |shared| just for this? As far as I can tell, you can define a
> data structure struct that, when |shared|, allows multiple threads to
> access it, works from 100% |@safe| client code and doesn't allow any
> data races to happen.
>
> Of course, actually implementing the data structure is challenging, just
> as it is for a dip1000-using reference counted data structure.
``shared`` doesn't provide any guarantees.
At best it gives us a story that makes us think that we have it solved.
A very comforting story in fact. So much so people want to use it.
Which also happens to make it a very bad language feature that I want to
see removed. Lies like this do not improve the D experience. They do not
allow optimizations to occur.
See all the examples of people having to cast on/off ``shared`` to pass
memory between threads. With temporal safety we'd have some sort of
immutable reference that enables us to transfer ownership of an object
across the function/threads. With guarantee that it isn't accessible by
somebody else.
There should also be some determination if a function is temporally safe
if it only accesses atomics, has been synchronized, only uses immutable
references, or immutable data.
Note: immutable reference does not refer to the ``immutable`` type
qualifier, but of a language feature where the reference to memory is
limited to a single location.
More information about the dip.ideas
mailing list