Temporally safe by default

Dukc ajieskola at gmail.com
Mon Apr 8 19:43:20 UTC 2024 

On Friday, 5 April 2024 at 10:34:24 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
>
> On 05/04/2024 11:24 PM, Dukc wrote:
>> On Friday, 5 April 2024 at 09:59:58 UTC, Richard (Rikki) 
>> Andrew Cattermole wrote:
>>> See all the examples of people having to cast on/off 
>>> ``shared`` to pass memory between threads.
>> 
>> That's what it's like if you try to share plain arrays. And 
>> that's how it should be. Manipulating a shared data structure 
>> in a temporally safe way is complicated, so to access `shared` 
>> data it makes sense that do that you need to explicitly give 
>> up temporal safety (cast) or do it the hard way 
>> (`core.atomic`).
>> 
>> But if you had the data structure struct, you wouldn't have to 
>> do either. It would have a `shared` constructor and `shared` 
>> member functions to manipulate all the data, all the ugly 
>> atomics and/or casting getting done in the struct 
>> implementation. It'd let you to copy part of itself to your 
>> thread local storage and inspect there at your leisure. It'd 
>> let you lock part of itself for a time when you wish to do an 
>> in-place update (during which the data in question would be 
>> typed as thread-local and guarded against escape with 
>> DIP1000). And so on.
>
> You are assuming the data structure is the problem.
>
> It isn't, the problem is who knows about the data structure, 
> its arguments and its return value. Across the entire program, 
> on every thread, in every global, in every function call frame.

Why would that be a problem? A `shared` variable does not have to 
be a global variable. You can instance the `shared` data 
structure with `new`, or even as a local variable, and then pass 
references to it only to those threads you want to know about it.

>
> ``shared`` does not offer any guarantees to references, how 
> many there are, on what threads its on. None of it. Its fully 
> up to the programmer to void it if they chose to do so in 
> normal ``@safe`` code.

My impression is you can't do that, unless the data structure 
you're using is flawed (well `dataStruct.tupleof` of the works to 
bypass `@safe`ty but I don't think it's relevant since it 
probably needs to be fixed anyway). Pseudocode example?

More information about the dip.ideas mailing list