Comment by adonovan

Comment by adonovan 10 days ago

3 replies

View on Hacker News

> They aren't going to somehow magically fix this problem in Go, it's part of the design.

I wouldn't be entirely pessimistic.

Russ's post https://research.swtch.com/gorace mentions a conservative representation for Go's data structures (essentially: more indirection) that would make it possible to implement them in a way that was robust to races, at an obvious large performance cost.

More recently others have been investigating the possibility of using 128-bit atomic writes (on ARM and x86) to reduce the cost. Go's strings and interfaces are both 2-word structures. Slices are three words but by changing the field order atomicity can be achieved with 2-word writes. Of course it would break a lot of code that assumes the representation or the ABI.

wbl 10 days ago

That code is usually internal.

Reply View 0 replies
kaba0 9 days ago

I mean, C is also memory safe when run within valgrind.. at an obvious large performance cost.

Reply View 1 reply
  • tialaramex 9 days ago

    To make this work you need to re-define "memory safety" to the point where it loses any value in a discussion about programming

    Valgrind has no way to detect trivial global or local array bounds misses so long as they don't stray out of the defined memory. It can't spot this because the resulting executable (the only thing Valgrind sees) is not doing anything that's prohibited - it's nonsense because you used a non-MSL, but the actual executable has some defined behaviour.

    Reply View 0 replies