On 10/20/2018 11:30 AM, Manu wrote:
> You can write an invalid program in any imaginable number of ways;
> that's just not an interesting discussion.
What we're discussing is not an invalid program, but what guarantees the type
system can provide.
D's current type system guarantees that a T* and a shared(T)* do not point to
the same memory location in @safe code.
My proposal guarantees that too, but in a more interesting way, because it opens the door to a whole working model. And it's totally @safe.
To get them to point to the same memory location, you've got to dip into @system
code, where *you* become responsible for maintaining the guarantees.
My model preserves that property. Why do you think I'm running that static guarantee?
It's all irrelevant if you don't express any mechanism to *do* anything. Shared today does not have any use. It simply expresses that data *is* shared, and says nothing about what you can do with it.
If you don't express a safe mechanism for interacting with shared data, then simply expressing the distinction of shared data really is completely uninteresting.
It's just a marker that's mixed up in a bunch of unsafe code. I'm no more satisfied than I am with C++.
Shared needs to do something; I propose that it strictly models operations that are threadsafe and semantic restrictions required to support that, and then you have a *usage* scheme, which is safe, and API conveys proper interaction.. not just an uninteresting marker.
I'm genuinely amazed that you're not intrigued by a @safe shared proposition. Nobly likes @safe more than you.
I could run our entire SMP stack 100% @safe.
I am going to fork D with this feature one way or another. It's the most meaningful and compelling opportunity I've seen in ever. If there's ever been a single thing that could truly move a bunch of C++ programmers, this is it. C++ can do a crappy job of modelling most stuff in D, but it simply can't go anywhere near this, and I've been working on competing C++ models for months.
SMP is the future, we're going all-in this generation. Almost every function in our codebase runs in an SMP environment... And I was staggered that I was able to work this definition through to such a simple and elegant set of rules.
I can't get my head around why people aren't more excited about this... fully @safe SMP is huge!