|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fully isolate routines from their arguments.
I still need exceptions for containers that are *designed* to be
shared between routines. The primary such case is channels; we need some
way to share them between routines, and if we deep-copy them that
defeats their entire purpose.
A milder case is the use of fake file-systems in tests, though that's a
hint that there'll be more of these as the OS gets more fleshed out. The
pattern seems to be that we need to not deep-copy containers that
contain lock fields, and so their operations internally do their own
locking.
We may have to stop hard-coding the list of exceptions and allow people
to define new ones. Perhaps don't deep-copy any container with metadata
of 'shared', and then ensure that get-location is only ever called on
shared containers.
This still isn't absolutely ironclad. People can now store something
into a channel and then pass it into a routine to share arbitrary data.
But perhaps the goal isn't to be ironclad, just to avoid easy mistakes.
I'd still want an automated check for this, though. Some way to
highlight it as an unsafe pattern.
This completes step 1 in the plan of commit 3992 for making
continuations safe.
|