CppCon 2018: Geoffrey Romer “What do you mean 'thread-safe'?”

preview_player
Показать описание


How can we communicate with other developers about the safety of our C++ code against the hazards of concurrency? Terms like "thread-safe" don't always have a clear meaning, and more precise terms like "data race" and "race condition" often operate at the wrong level of abstraction. In order to communicate effectively about these issues, we need straightforward ways to talk about the safety requirements that APIs impose, and what goes wrong if you violate them.

In this talk, I will present the simple yet precise vocabulary we use for talking about these issues at Google: an "API race" happens when two operations access the same object concurrently, in violation of its contract. For most C++ types, that contract can be classified as "thread-safe" or "thread-compatible" depending on what combinations of operations can cause an API race (the remainder are called "thread-unsafe"), and that two-word classification usually tells you everything you need to know to avoid API races on the object. This is significant because if you can avoid API races, you can avoid not only all data races but also many race conditions.

Geoffrey Romer, Google
Software Engineer

I'm a Staff Software Engineer on the C++ Library Team at Google, and the lead author of Google's C++ concurrent programming guide. My work focuses on improving the C++ programming experience at Google and beyond, which has led me to focus on problem areas such as concurrent programming, error handling, hashing, and memory management. I'm a co-owner of Google's C++ style guide, and have been active on the C++ Standards committee since 2014, including a stint as editor of the Library Fundamentals TS. Currently, I'm leading Google's efforts to adopt coroutines in C++, and working on API designs for mitigating speculation attacks such as Spectre Variant 1.


*-----*
*-----*
  1. CppCon
  2. Geoffrey Romer
  3. CppCon 2018
  4. Computer Science (Field)
  5. C (Programming Language)
  6. Bash Films
Рекомендации по теме
CppCon 2018: Geoffrey 0:53:43

CppCon 2018: Geoffrey Romer “What do you mean 'thread-safe'?”

CppCon 2018: Simon 1:01:00

CppCon 2018: Simon Brand “How C++ Debuggers Work”

CppCon 2018: Damien 0:31:52

CppCon 2018: Damien Buhl “C++ Everywhere with WebAssembly”

CppCon 2018: Jason 1:03:19

CppCon 2018: Jason Turner “Applied Best Practices”

CppCon 2018: Gabor 0:37:17

CppCon 2018: Gabor Horvath “Dealing with aliasing using contracts”

Talks and Highlights 0:40:35

Talks and Highlights From CppCon 2018!

CppCon 2018: “Grill 1:27:05

CppCon 2018: “Grill the Committee”

CppCon 2018: Andrew 1:11:06

CppCon 2018: Andrew Sutton “Concepts in 60: Everything you need to know and nothing you don't”...

CppCon 2018: Mike 0:29:31

CppCon 2018: Mike Shah “Let's Intercept OpenGL Function Calls...for Logging!”

CppCon 2018: Vincent 0:55:20

CppCon 2018: Vincent Reverdy “Custom Overload Sets and Inline SFINAE for Truly Generic Interfaces”...

CppCon 2018: Titus 1:00:47

CppCon 2018: Titus Winters “Standard Library Compatibility Guidelines (SD-8)”

CppCon 2018: “Secure 1:02:31

CppCon 2018: “Secure Coding Best Practices: Your First Line Is The Last Line Of Defense (2 of 2)”...

CppCon 2018: Kate 1:01:14

CppCon 2018: Kate Gregory “What Do We Mean When We Say Nothing At All?”

CppCon 2018: Jon 0:58:21

CppCon 2018: Jon Cohen “Ensuring Exception Safety Through Testing'

CppCon 2018: John 0:35:49

CppCon 2018: John Woolverton “Interfaces Matter”

CppCon 2018:H. Wright 1:00:16

CppCon 2018:H. Wright “Large-Scale Changes at Google: Lessons Learned From 5 Yrs of Mass Migrations”...

CppCon 2018: Jeff 0:04:43

CppCon 2018: Jeff Trull “Qt Signals and the Coroutines TS”

CppCon 2018: Peter 0:49:03

CppCon 2018: Peter Bindels “Build Systems: a Simple Solution to a Complicated Problem”

CppCon 2018: Nimrod 0:05:07

CppCon 2018: Nimrod Sapir “The perfect job interview (well, maybe)”

CppCon 2018: Panel 1:01:13

CppCon 2018: Panel “Software Security”

CppCon 2017: Ansel 0:46:52

CppCon 2017: Ansel Sermersheim “Multithreading is the answer. What is the question? (part 1 of 2)”...

CppCon 2018: “Implementing 1:08:05

CppCon 2018: “Implementing the C++ Core Guidelines’ Lifetime Safety Profile in Clang”

Feedback on practical 0:04:20

Feedback on practical use of C++17 std::recursive_directory_iterator - Noel Tchidjo [ CppCon 2018 ]

CppCon 2018: Valentin 0:49:01

CppCon 2018: Valentin Galea “Rapid Prototyping of Graphics Shaders in Modern C++”

Комментарии
Автор

Definitely a talk that has to be watched more than once...

tourdesource
Автор

18:11 std::function is like a pointer. Just because the std::function object is const does not mean the wrapped call is a const call. It is like a const pointer to a non-const object.
I'm surprised this example is worth mentioning.

sanjuuyonsai
Автор

Please don't lean your laptop on the microphone shaft. Every movement causes rumble on the mic.

cppmsg
Автор

If you decide to fix std::function and make it const correct, then make it "noexcept correct" as well.

KarelDonk
Автор

Also vector<bool> example explanation is too complicated. Problem is that vector<bool> stores bools using 1 bit/bool(as bitmasks) and CPUs can not atomically access specific bit.

Voy
Автор

At 25:50 presenter makes a small but important mistake. [] for maps and sets does not behave like that.

Voy
Автор

Does he reads a text on his laptop ? That makes the tone of the presentation so much less lively.

ennio
Автор

1:30 how are concurrent writes of the same data to the same address unsafe? The order of writes is indeterminate, but isn't the result the same?

Wren
Автор

At 13:50, how is there no API race? "Whatever" can read "shared_int" while "Thingy" writes to it. There's no guarantee that int write operation is thread-safe on all architectures.

yanzhuowang
Автор

At 4:59 that definitely is a data race. I don't know why he would doubt that. std::string isn't synchronized and in this case is likely going to reallocate while being accessed. That's literally a data race

TheMrKeksLp
Автор

I'd argue that memcpy is still safe in both those cases because you can still use it in two places, whether it's safe to use it in the same buffer is up to the caller.

arsen
Автор

Guy is only engineer not a sr engineer at google?

agnesakne
Автор

So basically C++ type system is trash and cannot guarantee anything. The biggest problem is that "const" is not transitive. I switched to Rust a few years ago and don't miss C++ a tiny bit.

bytefu
Автор

Been a C++ programmer for 15 years. I don't like the way C++ is going. I'll start using Rust where ever I could

xreln
Автор

Things learned: if you are going for multithreading, you better be data-oriented rather than object-oriented.

tommasobonvicini