Sent from my iPad
> On Aug 19, 2017, at 3:29 PM, Michel Fortin <michel.for...@michelf.ca> wrote:
>
>
>> Le 19 août 2017 à 11:38, Matthew Johnson <matt...@anandabits.com> a écrit :
>>
>>
>>
>> Sent from my iPad
>>
>> On Aug 19, 2017, at 8:16 AM, Michel Fortin via swift-evolution
>> <swift-evolution@swift.org> wrote:
>>
>>>>> For instance, has Array<UIView> value semantics?
>>>>
>>>> By the commonly accepted definition, Array<UIView> does not provide value
>>>> semantics.
>>>>
>>>>> You might be tempted to say that it does not because it contains class
>>>>> references, but in reality that depends on what you do with those UIViews.
>>>>
>>>> An aspect of the type (“does it have value semantics or not”) should not
>>>> depend on the clients. By your definition, every type has value semantics
>>>> if none of the mutating operations are called :-)
>>>
>>> No, not mutating operations. Access to mutable memory shared by multiple
>>> "values" is what breaks value semantics. You can get into this situation
>>> using pointers, object references, or global variables. It's all the same
>>> thing in the end: shared memory that can mutate.
>>>
>>> For demonstration's sake, here's a silly example of how you can give
>>> Array<Int> literally the same semantics as Array<UIView>:
>>>
>>> // shared UIView instances in global memory
>>> var instances: [UIView] = []
>>>
>>> extension Array where Element == Int {
>>>
>>> // append a new integer to the array pointing to our UIView
>>> instance
>>> func append(view: UIView) {
>>> self.append(instances.count)
>>> instances.append(newValue)
>>> }
>>>
>>> // access views pointed to by the integers in the array
>>> subscript(viewAt index: Int) -> UIView {
>>> get {
>>> return instances[self[index]]
>>> }
>>> set {
>>> self[index] = instances.count
>>> instances.append(newValue)
>>> }
>>> }
>>> }
>>>
>>> And now you need to worry about passing Array<Int> to other thread. ;-)
>>>
>>> It does not really matter whether the array contains pointers or wether it
>>> contains indices into a global table: in both cases access to the same
>>> mutable memory is accessible through multiple copies of an array, and this
>>> is what breaks value semantics.
>>>
>>> Types cannot enforce value semantics. Its the functions you choose to call
>>> that matters. This is especially important to realize in a language with
>>> extensions where you can't restrict what functions gets attached to a type.
>>
>> This gets deeper into the territory of the conversation Dave A and I had a
>> while ago. I think this conflates value semantics with pure functions,
>> which I think is a mistake.
>>
>> I agree that if you assume away reference counting a function that takes
>> Array<UIView> but never dereferences the pointers can still be a pure
>> function. However, I disagree that Array<UIView> has value semantics.
>>
>
>> The relationship of value semantics to purity is that value semantics can be
>> defined in terms of the purity of the "salient operations" of the type -
>> those which represent the meaning of the value represented by the type. The
>> purity of these operations is what gives the value independence from copies
>> in terms of its meaning. If somebody chooses to add a new impure operation
>> in an extension of a type with value semantics it does not mean that the
>> type itself no longer has value semantics. The operation in the extension
>> is not "salient".
>>
>> This still begs the question: what operations are "salient"? I think
>> everyone can agree that those used in the definition of equality absolutely
>> must be included. If two values don't compare equal they clearly do not
>> have the same meaning. Thread safety is also usually implied for practical
>> reasons as is the case in Chris's manifesto. These properties are generally
>> considered necessary for value semantics.
>>
>> While these conditions are *necessary* for value semantics I do not believe
>> they are *sufficient* for value semantics. Independence of the value is
>> also required. When a reference type defines equality in terms of object
>> identity copies of the reference are not truly independent.
>>
>> This is especially true in a language like Swift where dereference is
>> implicit. I argue that when equality is defined in terms of object identity
>> copies of the reference are *not* independent. The meaning of the reference
>> is inherently tied up with the resource it references. The resource has to
>> be considered "salient" for the independence to be a useful property. On
>> the other hand, if all you really care about is the identity and not the
>> resource, ObjectIdentifier is available and does have value semantics.
>> There is a very good reason this type exists.
>
> The reason we're discussing value semantics here is because they are useful
> making concurrency safer. If we define the meaning of value semantics as "a
> type where a subset of the member functions (the important ones) can be used
> with concurrency" then that definition of value semantics lose quite a bit of
> its value for solving the problem at hand. It's too vague.
>
> I'm not actually that interested in the meaning of value semantics here. I'm
> debating the appropriateness of determining whether something can be done in
> another thread based on the type a function is attached to. Because that's
> what the ValueSemantical protocol wants to do. ValueSemantical, as a
> protocol, is whitelisting the whole type while in reality it should only
> vouch for a specific set of safe functions on that type.
This is making some assumptions about the semantics of `ValueSemantical` and
the compiler verification behind it, but I see what you're saying. It sounds
to me like you're looking for a level of safety beyond what Chris is trying to
tackle in his manifesto. My impression is that his goal is to make a pragmatic
set of tradeoffs.
As an example to consider, we could write an extension method on `Int` that
accesses some global state. It may use the value of the `Int` as an index into
a global array. The existence and use of this method is completely orthogonal
to whether or not it is safe to pass the `Int` as part of a message to an
actor. The danger is in the use of the operation, not the source of the `Int`.
As I understand it, the intent of `ValueSemantical` is to avoid passing
*access* to shared mutable state as part of a message to an actor. Passing an
`Int` value does not give the actor any access it didn't already have. On the
other hand, passing a `UIView` gives it access to shared mutable state it did
not have before receiving the message.
Achieving the kind of safety you're looking for would require verification that
an actor has exclusive access to all mutable state it uses (including state
that is used by all functions it calls). This would be wonderful, but would
also preclude a lot of very useful things, most importantly C-interop. Here is
the relevant portion of Chris's manifesto regarding global mutable state and
the tradeoffs he believes will be pragmatic and effective in practice:
Since we're friends, I'll be straight with you: there are no great answers
here. Swift and C already support global mutable state, so the best we can do
is discourage the use of it. We cannot automatically detect a problem because
actors need to be able to transitively use random code that isn't defined on
the actor. For example:
func calculate(thing : Int) -> Int { ... }
actor Foo {
actor func exampleOperation() {
let x = calculate(thing: 42)
...
}
}
There is no practical way to know whether 'calculate' is thread-safe or not.
The only solution is to scatter tons of annotations everywhere, including in
headers for C code. I think that would be a non-starter.
In practice, this isn't as bad as it sounds, because the most common operations
that people use (e.g. print) are already internally synchronizing, largely
because people are already writing multithreaded code. While it would be nice
to magically solve this long standing problem with legacy systems, I think it
is better to just completely ignore it and tell developers not to define or use
global variables (global lets are safe).
All hope is not lost though: Perhaps we could consider deprecating global vars
from Swift to further nudge people away from them. Also, any accesses to unsafe
global global mutable state from an actor context can and should be warned
about. Taking some steps like this should eliminate the most obvious bugs.
>
>
> --
> Michel Fortin
> https://michelf.ca
>
_______________________________________________
swift-evolution mailing list
swift-evolution@swift.org
https://lists.swift.org/mailman/listinfo/swift-evolution
