I was put onto this video:
http://channel9.msdn.com/posts/C-and-Beyond-2012-Herb-Sutter-You-dont-know-blank-and-blank
By https://codereview.stackexchange.com/users/39810/glampert
Because I asked this question:
https://codereview.stackexchange.com/questions/82616/const-cast-of-stdmutex-in-get-member
Marking a class std::mutex
as mutable
is the right answer to my original question and the video is an excellent and enjoyable discussion around that. I am grateful to glampert.
However I disagree with the premise of the talk that “const
== thread-safe” (see time-point 16:00).
Below is my proposal for how we should interpret const
in a multi-threaded world. It’s not as simple as Herb’s proposal but (let’s face it) if you think any of the answers in multi-threading are simple you’ve completely failed to grasp the challenge of multi-threading.
Comments please. What do you think const
means for multi-threaded programs? Has its meaning fundamentally changed?
const
means logically unmodified by dereferences through theconst
reference in question.Multi-threading footnote #1: In objects that form part of the shared
state of a multi-threaded program “logically unmodified” will mean
“logicallyconst
member functions only perform reads on the object” and so any
implementation that actually performs writes (such as cached values,
instrumentation and even employs synchronization mutexes) needs to
adequately make them thread-safe to maintain the ‘logical’ appearance
of ‘only reads’.Single-threading footnote : Of course even in a single threaded
applicationconst
is by no means a guarantee that an object won’t
change during the lifetime of a givenconst
reference. There may be
non-const
references (aliases) and even a single threaded program
might use to modify an object which has one or moreconst
references.Multi-threaded footnote #2: That lack of guarantee that an object will
not be modified just because there is aconst
reference to it is true
in spades for multi-threaded applications. So in many senses – no
change there.
I think my greatest concern is that through I am sure Herb Sutter would confirm them as dreadful fallacies, I fear that reading const
as ‘thread-safe’ leads too easily to:
- The fallacy that adding
std::lock_guard guard(this->mutex)
to the start of all methods and the destructor of a class somehow make any use of it ‘thread-safe’. - The fallacy that if you only call
const
methods on a class your application has a thread-safe guarantee and you can complain to the implementer if not. - Finally, the fallacy that if you don’t modify any
mutable
members and don’t cast awayconst
anywhere you don’t need to worry about thread-safety because (apparently) “const
means thread-safe”.
Fallacy 1 is best exemplified by supposing you can get any sense iterating through a collection that is being modified by another thread just because you know the methods are lock-guarded.
Fallacy 2 pushes a potentially onerous (and even impossible) burden on to implementers who can (of course) add lock-guards to all their methods but may (at best) be wasting time and (at worst) just setting you up for fallacy 1.
Fallacy 3 is the fallacy that thread-safety is all about competing for simultaneous access. Memory caching however means that to obtain a coherent state within a const
method there may still be a requirement to ensure some kind of memory barrier has been performed (e.g. at least “acquire”).
2
Although const
as a language feature does not guarantee thread safetyness, lot of the constant functions, by their nature, happens to be threadsafe as they typically just read some constant variables, calculate a result and give it back. This is the bitwise constant mentioned in the video. The cases where internal synchronization is needed (I beleive) are in minority.
You see this by itself creates a (false) security feeling in a programmer who intuitively thinks a function is threadsafe because it is constant.
So I personally support the convention, that if a function is constant, but not bitwise constant, then synchronize inernally to make it threadsafe, because potential users will expect it to be.
This convention is followed in the STL as mentioned in the presentation, which further strengthens the expactation of the users.
The fallacy that if you only call const methods on a class your application has a thread-safe guarantee and you can complain to the implementer if not.
I beleive this is intended. As a user of a library, it does not cause any harm if you are careful about it, but as a library implementor you would better follow this convention.
Fallacy 3 is the fallacy that thread-safety is all about competing for simultaneous access. Memory caching however means that to obtain a coherent state within a const method there may still be a requirement to ensure some kind of memory barrier has been performed (e.g. at least “acquire”).
Maybe const == thread-safe would have been better written as const ==> thread-safe. I don’t think Herb Sutter’s intention was to state that const
is the ultimate silver bullet in thread safetyness. In my interpretation the message is no more, then that when you write a const
function, your intention should be to also make it threadsafe.
5
While it does not mean thread-safe per-se, for the standard-library it does:
17.6.5.9 Data race avoidance [res.on.data.races]
1 This section specifies requirements that implementations shall meet to prevent data races (1.10). Every standard library function shall meet each requirement unless otherwise specified. Implementations may prevent data races in cases other than those specified below.
2 A C++ standard library function shall not directly or indirectly access objects (1.10) accessible by threads other than the current thread unless the objects are accessed directly or indirectly via the function’s arguments, includingthis
.
3 A C++ standard library function shall not directly or indirectly modify objects (1.10) accessible by threads other than the current thread unless the objects are accessed directly or indirectly via the function’s non-const arguments, includingthis
.
[…]
And that’s the pattern user-defined types and functions should follow wherever reasonably possible.
1
In C++ for example, a const class or struct can have mutable members. Mutable members are typically used in situations where the logical value of an object doesn’t change, but the internal representation my change.
Changing mutable members is obviously not automatically thread safe. Therefore, accessing const objects is not automatically thread safe.
Another example would be a class holding a pointer to a file. I can read or write from that file, even if the instance is const. But these operations are unlikely to be thread safe.