RE: FFI, safe vs unsafe
I agree with what you say, but let me summarise it if I may, because there's an assumption in what you're saying that's easy to miss. IF the combination of 'blockable' and 'reentrant' is not required by the standard, THEN we should allow foreign calls to be annotated with one or the other, rather than requiring both. I agree with this statement, but I don't necessarily agree that the predicate should be true. Indeed, given that it requires us to complicate the language and puts a greater burden on FFI library writers, there's a good argument not to. Nevertheless, we're filling out the design space, and that's a good thing. I'll try to digest the stuff that has gone past recently on to the wiki. Cheers, Simon On 29 March 2006 11:36, John Meacham wrote:
On Wed, Mar 29, 2006 at 11:15:27AM +0100, Simon Marlow wrote:
On 29 March 2006 09:11, John Meacham wrote:
It would be nice if we can deprecate the not very informative 'safe' and 'unsafe' names and use more descriptive ones that tell you what is actually allowed.
'reentrant' - routine might call back into the haskell run-time 'blockable' - routine might block indefinitly
I've been meaning to bring this up. First, I don't think 'blockable' is the right term here. This relates to Malcolm's point too:
yeah, I am not happy with that term either. 'blocking'? 'canblock'?
Another piece of terminology to clear up. By "non-blocking foreign call", you actually mean a foreign call that *can* block. As a consequence of the fairness policy, you wish to place the requirement on implementations that such a blocking foreign call _should_not_ block progress of other Haskell threads. The thread-nature of the foreign call is "blocking". The Haskell-API nature is desired to be "non-blocking".
Malcolm correctly notes that when I say "non-blocking" I'm referring to the behaviour from Haskell's point of view, not a property of the foreign code being invoked.
In fact, whether the foreign code being invoked blocks or not is largely immaterial. The property we want to capture is just this:
During execution of the foreign call, other Haskell threads should make progress as usual.
It doesn't matter whether the foreign call "blocks" or not (although that is a common use for this feature). I'd rather call it 'concurrent', to indicate that the foreign call runs concurrently with other Haskell threads.
'concurrent' sounds fine to me, I have little preference. other than please not 'threadsafe', a word so overloaded as to be meaningless :)
Back to 'reentrant' vs. 'blockable'. I'm not convinced that 'blockable unsafe' is that useful. The reason is that if other Haskell threads continue running during the call, at some point a GC will be required, at which point the runtime needs to traverse the stack of the thread involved in the foreign call, which means the call is subject to the same requirements as a 'reentrant' call anyway. I don't think it's necessary to add this finer distinction. Unless perhaps you have in mind an implementation that doesn't do GC in the traditional way... but then I'm concerned that this is requiring programmers to make a distinction in their code to improve performance for a minority implementation technique, and that's not good language design.
it has nothing to do with performance, they are just fundamentally different concepts that just happen by coincidence to have the same solution in ghc. there is no fundamental relation between the two. This is one of those things that I said was "GHC-centric even though no one realizes it" :)
in any cooperative/event loop based system, 'blockable unsafe' can be implemented by
1 spawning a new system thread, calling the routine in it, having the routine write a value to a pipe when done. the pipe is integrated into the standard event loop of the run-time.
however, 'blockable safe' or 'blockable reentrant' now implies that a call may come back into the haskell run-time _on another OS level thread_ which implys we have to set up pthread_mutexes everywhere, perhaps switch to a completely different run-time or at least switch to a different incoming foreign calling boilerplate.
note that none of this has anything to do with the GC (though, likely implementations will have to do something special with their GC stack too) and there are a lot of other possible models of concurrency that we have not even thought of yet.
If 'reentrant' in its full glory is too hard to implement, then by all means don't implement it, and emit a run-time error if someone tries to use it.
but reentrant is perfectly fine, blocking is perfectly fine, the combination is not. giving up the ability to have haskell callbacks from C code is not so good.
besides, for a language standard we should avoid any implementation details so specifying _exactly_ what we mean is a good thing. the fact that reentrant and blocking produce the same code in GHC is _very much_ an implementation detail.
John
On Wed, Mar 29, 2006 at 12:48:54PM +0100, Simon Marlow wrote:
I agree with what you say, but let me summarise it if I may, because there's an assumption in what you're saying that's easy to miss.
IF the combination of 'blockable' and 'reentrant' is not required by the standard, THEN we should allow foreign calls to be annotated with one or the other, rather than requiring both.
I agree with this statement, but I don't necessarily agree that the predicate should be true. Indeed, given that it requires us to complicate the language and puts a greater burden on FFI library writers, there's a good argument not to.
it is just an implementation fact. In jhc (and likely yhc and hugs may find themselves in the same boat) unsafe blockable reentrant reentrant blockable will all have different concrete implementations and generate different code. for correctness reasons, not efficiency ones. though, it would not surprise me if many did not support "reentrant blockable" as it is a real pain to do properly. or, to put it another way, if they were not separate concepts then cooperative implementations would have no choice but to reject any program using 'safe' since there is a chance they might mean 'reentrant blockable' rather than just reentrant or just blockable. John -- John Meacham - ⑆repetae.net⑆john⑈
participants (2)
-
John Meacham -
Simon Marlow