[M3devel] RC merge

Jay K jay.krell at cornell.edu
Sun Sep 13 19:11:59 CEST 2009 

Good point, previously I could say SetCurrentHandlers(MyFPState()) in safe code.
Now you can't.
There's still ADDRESS used in ThreadInternal.i3 requiring LOOPHOLE but it doesn't
appear easy to fix.

> Arguably, hanging other threads (with which one does not share mutexes etc)

Mutexes aren't the entire story there I think. Imagine some homegrown spinlock that is exported??
In either case, these functions are moved to an unsafe interface, at least until/unless
some safe code needs them.

Thanks,
 - Jay

> To: jay.krell at cornell.edu
> CC: m3devel at elegosoft.com
> Subject: Re: [M3devel] RC merge 
> Date: Sun, 13 Sep 2009 09:12:07 -0700
> From: mika at async.async.caltech.edu
> 
> Jay K writes:
> >--_11d51f7d-f47a-4693-89d2-6f3429314a09_
> >Content-Type: text/plain; charset="iso-8859-1"
> >Content-Transfer-Encoding: quoted-printable
> ...
> >Good point about passing in ADDRESSes..but I'm not entirely sure I understa=
> >nd/agree.
> >Can safe code ("directly") generate any ADDRESSes at all? Or only get them =
> >from
> >unsafe code in the first place?
> >ADDRESS only comes from ADR=2C right? And ADR isn't allowed in safe? I'll c=
> >heck.
> >
> >IF safe code CAN generate ADDRESSes=2C then this was a hole:
> >PROCEDURE SetCurrentHandlers(h: ADDRESS)=3B
> 
> 
> No safe code can't generate ADDRESSes without help.  But certainly 
> safe code can import TWO of these "quasi-unsafe" interfaces, and mix
> up which address came whence... so your example is probably still
> unsafe.
> 
> >
> >and perhaps these:
> >PROCEDURE SuspendOthers ()=3B
> >(* Suspend all threads except the caller's *)
> >
> >PROCEDURE ResumeOthers ()=3B
> >
> >Though probably not the second=2C since safe code can trivially hang/deadlo=
> >ck on its own.
> 
> Yes hanging is not a safety violation by the Modula-3 definition.
> Arguably, hanging other threads (with which one does not share mutexes etc)
> perhaps should be a safety violation, but can it be guaranteed?
> 
> ...
> >
> >> But in Modula-3 whether an interface is unsafe or not *is* a boolean.
> >
> >Understood=2C but I still think even in unsafe code=2C LOOPHOLE should be m=
> >inimized.
> >C and C++ programmers are often taught to minimize casts=2C esp. reinterpre=
> >t_cast.
> >I think that guidance carries over to Modula's LOOPHOLE=2C even if you are =
> >already unsafe
> >for other reasons.
> 
> Agreed!
>     
>     Mika
> 
> >
> > - Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://m3lists.elegosoft.com/pipermail/m3devel/attachments/20090913/43d1f734/attachment-0002.html>

More information about the M3devel mailing list