On Tue, Apr 01, 2014 at 05:32:12PM -0400, Ehsan Akhgari wrote:
> The subject of this post is intentionally chosen to make you want to read
> this. :-)
>
> The summary is that I think the mozilla::Atomic API which is modeled after
> std::atomic is harmful in that it makes it very non-obvious that you're
> dealing with atomic integers. Basically the existing interface makes
> mozilla::Atomic look like a normal integer, so that if you see code like:
>
> --mRefCnt;
> if (mRefCnt == 0) {
> delete this;
> }
>
> You won't immediately think about checking the type of mRefCnt (the
> refcount case being just an example here of course), which makes it hard to
> spot that there is a thread safety bug in this code.
Actually, the thread safety bug in this code is largely the same whether the
type of mRefCnt is mozilla::Atomic or not. Compiler optimizations may
remove the bug, but it's there to begin with.
As I said in the bug, all this is saying is that thread safety is hard,
and atomics are merely one of the tools to achieve thread safety. They
are not a magic wand that fixes thread safety.
I also think that making their API not have operators like std::atomic
has would bring a false sense of security to people writing code using
them, because it would supposedly be less confusing when it really
wouldn't.
Mike
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
