On Tue, Apr 01, 2014 at 05:32:12PM -0400, Ehsan Akhgari wrote: > The subject of this post is intentionally chosen to make you want to read > this. :-) > > The summary is that I think the mozilla::Atomic API which is modeled after > std::atomic is harmful in that it makes it very non-obvious that you're > dealing with atomic integers. Basically the existing interface makes > mozilla::Atomic look like a normal integer, so that if you see code like: > > --mRefCnt; > if (mRefCnt == 0) { > delete this; > } > > You won't immediately think about checking the type of mRefCnt (the > refcount case being just an example here of course), which makes it hard to > spot that there is a thread safety bug in this code.
Actually, the thread safety bug in this code is largely the same whether the type of mRefCnt is mozilla::Atomic or not. Compiler optimizations may remove the bug, but it's there to begin with. As I said in the bug, all this is saying is that thread safety is hard, and atomics are merely one of the tools to achieve thread safety. They are not a magic wand that fixes thread safety. I also think that making their API not have operators like std::atomic has would bring a false sense of security to people writing code using them, because it would supposedly be less confusing when it really wouldn't. Mike _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform