FFI, safe vs unsafe

Simon Marlow simonmar at microsoft.com
Wed Mar 29 06:48:54 EST 2006 

I agree with what you say, but let me summarise it if I may, because
there's an assumption in what you're saying that's easy to miss.

  IF 
     the combination of 'blockable' and 'reentrant' is not
     required by the standard,
  THEN
     we should allow foreign calls to be annotated with
     one or the other, rather than requiring both.

I agree with this statement, but I don't necessarily agree that the
predicate should be true.  Indeed, given that it requires us to
complicate the language and puts a greater burden on FFI library
writers, there's a good argument not to.

Nevertheless, we're filling out the design space, and that's a good
thing.  I'll try to digest the stuff that has gone past recently on to
the wiki.

Cheers,
	Simon

On 29 March 2006 11:36, John Meacham wrote:

> On Wed, Mar 29, 2006 at 11:15:27AM +0100, Simon Marlow wrote:
>> On 29 March 2006 09:11, John Meacham wrote:
>> 
>>> It would be nice if we can deprecate the not very informative 
>>> 'safe' and 'unsafe' names and use more descriptive ones that tell
>>> you what is actually allowed. 
>>> 
>>> 'reentrant' - routine might call back into the haskell run-time
>>> 'blockable' - routine might block indefinitly
>> 
>> I've been meaning to bring this up.  First, I don't think
>> 'blockable' is the right term here.  This relates to Malcolm's point
>> too: 
> 
> yeah, I am not happy with that term either. 'blocking'? 'canblock'?
> 
>> 
>>> Another piece of terminology to clear up.  By "non-blocking foreign
>>> call", you actually mean a foreign call that *can* block.  As a
>>> consequence of the fairness policy, you wish to place the
>>> requirement on implementations that such a blocking foreign call
>>> _should_not_ block progress of other Haskell threads.  The
>>> thread-nature of the foreign call is "blocking".  The Haskell-API
>>> nature is desired to be "non-blocking".
>> 
>> Malcolm correctly notes that when I say "non-blocking" I'm referring
>> to the behaviour from Haskell's point of view, not a property of the
>> foreign code being invoked. 
>> 
>> In fact, whether the foreign code being invoked blocks or not is
>> largely immaterial.  The property we want to capture is just this:
>> 
>>   During execution of the foreign call, other Haskell threads
>>   should make progress as usual.
>> 
>> It doesn't matter whether the foreign call "blocks" or not (although
>> that is a common use for this feature).  I'd rather call it
>> 'concurrent', to indicate that the foreign call runs concurrently
>> with other Haskell threads.
> 
> 'concurrent' sounds fine to me, I have little preference. other than
> please not 'threadsafe', a word so overloaded as to be meaningless :)
> 
>> 
>> Back to 'reentrant' vs. 'blockable'.  I'm not convinced that
>> 'blockable unsafe' is that useful.  The reason is that if other
>> Haskell threads continue running during the call, at some point a GC
>> will be required, at which point the runtime needs to traverse the
>> stack of the thread involved in the foreign call, which means the
>> call is subject to the same requirements as a 'reentrant' call
>> anyway.  I don't think it's necessary to add this finer distinction.
>> Unless perhaps you have in mind an implementation that doesn't do GC
>> in the traditional way... but then I'm concerned that this is
>> requiring programmers to make a distinction in their code to improve
>> performance for a minority implementation technique, and that's not
>> good language design. 
> 
> it has nothing to do with performance, they are just fundamentally
> different concepts that just happen by coincidence to have the same
> solution in ghc. there is no fundamental relation between the two. 
> This is one of those things that I said was "GHC-centric even though
> no one realizes it" :)
> 
> in any cooperative/event loop based system, 'blockable unsafe' can be
> implemented by
> 
> 1 spawning a new system thread, calling the routine in it, having the
> routine write a value to a pipe when done. the pipe is integrated into
> the standard event loop of the run-time.
> 
> however, 'blockable safe' or 'blockable reentrant' now implies that a
> call may come back into the haskell run-time _on another OS level
> thread_ which implys we have to set up pthread_mutexes everywhere,
> perhaps switch to a completely different run-time or at least switch
> to a different incoming foreign calling boilerplate.
> 
> note that none of this has anything to do with the GC (though, likely
> implementations will have to do something special with their GC stack
> too) and there are a lot of other possible models of concurrency that
> we have not even thought of yet.
> 
> 
>> If 'reentrant' in its full glory is too hard to implement, then by
>> all means don't implement it, and emit a run-time error if someone
>> tries to use it.
> 
> but reentrant is perfectly fine, blocking is perfectly fine, the
> combination is not. giving up the ability to have haskell callbacks
> from C code is not so good.
> 
> 
> besides, for a language standard we should avoid any implementation
> details so specifying _exactly_ what we mean is a good thing. the fact
> that reentrant and blocking produce the same code in GHC is _very
> much_ an implementation detail.
> 
>         John

More information about the Haskell-prime mailing list