lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden Phase 2 async/await per adversarial review (io.sx)

Browse Source 
- await: add the one-awaiter-per-future guard `sched.Task.wait` has — a second
  concurrent `await` on the same pending future would overwrite the single
  `park` handle and orphan the first awaiter (silent deadlock). Now aborts
  loudly. (Fan-in over SEPARATE futures — `race` — registers one awaiter each,
  so it stays fine.)
- Document the Future/ThunkBox ALLOCATOR-LIFETIME contract: both are allocated
  from the `context.allocator` in force at `async`, which must outlive the
  future (the long-lived-container rule). Calling `async` inside a transient
  arena torn down before `run()` is a use-after-free; the common case (program
  GPA) is safe. A deeper own-allocator capture is deferred to convergence.
- Document that `cancel` does NOT stop an already-spawned worker (model (a) —
  the worker still runs; the sticky `canceled` atomic is the source of truth).
  True work-cancellation is Phase 3.
- Drop the dead `f.task = null` (immediately overwritten by spawn_raw).

The new `io_abort` extern shifts the prelude type table — 40 `.ir` snapshots
regenerated (behavior-preserving; no `.exit`/`.stdout`/`.stderr` changed).
Suite 829/0.
This commit is contained in:
agra
2026-06-27 08:13:57 +03:00
parent 967aed67d4
commit ada8d16256
41 changed files with 159 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
examples/basic/expected/0031-basic-local-fn-return.ir
View File

@@ -4470,6 +4470,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/basic/expected/0032-basic-ufcs-return-type.ir
View File

@@ -4392,6 +4392,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/basic/expected/0044-basic-default-arg-expansion.ir
View File

@@ -4308,6 +4308,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/closures/expected/0301-closures-fn-pointers.ir
View File

@@ -4317,6 +4317,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/concurrency/expected/1807-concurrency-fiber-context-switch.ir
View File

@@ -4469,6 +4469,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/concurrency/expected/1808-concurrency-fiber-switch-stress.ir
View File

@@ -4445,6 +4445,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/concurrency/expected/1809-concurrency-fiber-guard-stack.ir
View File

@@ -4444,6 +4444,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/errors/expected/1004-errors-try.ir
View File

@@ -4321,6 +4321,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/errors/expected/1006-errors-inferred-error-sets.ir
View File

@@ -4326,6 +4326,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/errors/expected/1009-errors-catch.ir
View File

@@ -4323,6 +4323,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1402-ffi-jni-call-03-methodid-sharing.ir
View File

@@ -4277,6 +4277,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1403-ffi-jni-call-04-jint-return.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1404-ffi-jni-call-05-jlong-return.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1405-ffi-jni-call-06-jdouble-return.ir
View File

@@ -4288,6 +4288,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1406-ffi-jni-call-07-jboolean-return.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1407-ffi-jni-call-08-jobject-return.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1408-ffi-jni-call-09-static.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1418-ffi-jni-class-08-call.ir
View File

@@ -4319,6 +4319,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1421-ffi-jni-env-02-lexical-direct.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-jni/expected/1425-ffi-jni-main-03-ctor.ir
View File

@@ -4283,6 +4283,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1309-ffi-objc-class-method-lowering.ir
View File

@@ -4318,6 +4318,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1314-ffi-objc-class-dealloc-roundtrip.ir
View File

@@ -4395,6 +4395,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1319-ffi-objc-property-sx-defined.ir
View File

@@ -4443,6 +4443,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1329-ffi-objc-call-03-selector-sharing.ir
View File

@@ -4275,6 +4275,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1332-ffi-objc-call-06-sret-return.ir
View File

@@ -4371,6 +4371,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi-objc/expected/1347-ffi-objc-dsl-07-mangling-table.ir
View File

@@ -4376,6 +4376,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/ffi/expected/1202-ffi-cc-c-large-aggregate.ir
View File

@@ -4302,6 +4302,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/generics/expected/0200-generics-generic.ir
View File

@@ -4312,6 +4312,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/generics/expected/0201-generics-generic-struct.ir
View File

@@ -4616,6 +4616,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/optionals/expected/0903-optionals-optional-roundtrip.ir
View File

@@ -4506,6 +4506,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/optionals/expected/0904-optionals-any-to-string-optional.ir
View File

@@ -4357,6 +4357,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/packs/expected/0507-packs-pack-mono-dedup.ir
View File

@@ -4323,6 +4323,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/packs/expected/0513-packs-pack-mixed-comptime.ir
View File

@@ -4296,6 +4296,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/packs/expected/0518-packs-pack-value-dispatch.ir
View File

@@ -4318,6 +4318,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/packs/expected/0528-packs-protocol-pack-methods.ir
View File

@@ -4472,6 +4472,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/protocols/expected/0400-protocols-impl-for-builtin.ir
View File

@@ -4425,6 +4425,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/protocols/expected/0413-protocols-parameterized-protocol-value.ir
View File

@@ -4522,6 +4522,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/protocols/expected/0414-protocols-generic-struct-protocol-erase.ir
View File

@@ -4538,6 +4538,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/protocols/expected/0416-protocols-auto-type-erasure.ir
View File

@@ -4631,6 +4631,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

3
examples/types/expected/0107-types-int-cmp-in-float-ternary.ir
View File

@@ -4311,6 +4311,9 @@ declare i64 @now_secs(ptr) #0
; Function Attrs: nounwind
declare i64 @mono_ms(ptr) #0
; Function Attrs: nounwind
declare void @abort() #0
; Function Attrs: nounwind
define internal ptr @CBlockingIo.spawn_raw(ptr %0, ptr %1, ptr %2, ptr %3, { i64 } %4) #0 {
entry:

49
library/modules/std/io.sx
View File

@@ -26,6 +26,9 @@
#import "modules/std/atomic.sx";
time :: #import "modules/std/time.sx";
// Loud-bail for the one-awaiter-per-future invariant (mirrors sched.sx).
io_abort :: () -> noreturn extern libc "abort";
// --- IoErr: the error channel async rides (cancellation = model (a)) ---
//
// A canceled future raises `.Canceled` out of `await`; a failed task
@@ -125,17 +128,28 @@ sx_run_boxed_closure :: (arg: *void) {
// (issue 0156 Part 2) — so any inputs are captured at the CALL SITE in the lambda
// (`context.io.async(() -> i64 => compute(a, b))`), exactly like `sched.go`.
//
// The Future is HEAP-allocated (not returned by value): under the fiber impl the
// worker fills it AFTER `async` returns, so the awaiter and the worker must share
// one stable object. Like `sched.go`'s Task, it currently leaks (bounded by the
// async count; invisible under the default GPA). Freeing it needs join-point
// ownership — deferred.
// The Future (and the completion-closure `ThunkBox`) are HEAP-allocated (not
// returned by value): under the fiber impl the worker fills the Future AFTER
// `async` returns, so the awaiter and the worker must share one stable object.
// Like `sched.go`'s Task, they currently leak (bounded by the async count;
// invisible under the default GPA). Freeing them needs join-point ownership —
// deferred.
//
// ALLOCATOR-LIFETIME CONTRACT: both are allocated from the `context.allocator`
// in force at the `async` CALL, and that allocator MUST outlive the future —
// i.e. survive until the worker has run and the result is consumed. This is the
// long-lived-container rule (CLAUDE.md): calling `async` inside a transient
// `push Context { allocator = arena }` that is torn down before `run()`/`await`
// drives the worker frees the Future while it is still live (use-after-free).
// The common case (the program-stable default GPA, or a scheduler set up under a
// long-lived allocator) is safe. A deeper fix — `async` capturing the scheduler's
// own long-lived allocator the way `sched.go` does — needs a protocol affordance
// to reach it and is deferred to the convergence phase.
async :: ufcs (io: Io, worker: Closure() -> $R) -> *Future($R) {
raw := context.allocator.alloc_bytes(size_of(Future($R)));
f : *Future($R) = xx raw;
f.state = .pending;
f.park = .{ handle = null };
f.task = null;
f.canceled = Atomic(bool).init(false);
// The completion closure: run the worker, publish the result, wake any parked
// awaiter. Heap-boxed so it survives until the worker actually runs (deferred
@@ -161,6 +175,17 @@ async :: ufcs (io: Io, worker: Closure() -> $R) -> *Future($R) {
await :: ufcs (f: *Future($R)) -> $R !IoErr {
if f.canceled.load(.acquire) { raise error.Canceled; }
if f.state == .pending {
// ONE awaiter per future (M:1): the single `park` slot records one parked
// fiber, so a second concurrent `await` on the same pending future would
// OVERWRITE the first awaiter's handle and orphan it forever (the worker's
// single `ready(f.park)` wakes only the last). Enforce loudly here, exactly
// as `sched.Task.wait` does — a non-null handle on a still-pending future
// means another fiber is already parked on it. (Fan-in over many futures —
// `race` — registers ONE awaiter across SEPARATE futures, so it is fine.)
if f.park.handle != null {
out("io: await — future already has an awaiter (one awaiter per future in the M:1 model)\n");
io_abort();
}
context.io.suspend_raw(@f.park) catch {}; // Phase 3 propagates Canceled
}
if f.canceled.load(.acquire) { raise error.Canceled; }
@@ -169,10 +194,14 @@ await :: ufcs (f: *Future($R)) -> $R !IoErr {
return f.value;
}
// `cancel(f)` — request cancellation. Sets the per-future cancel flag +
// marks the state so a subsequent `await` raises `.Canceled`. (In the
// blocking model the task already ran; cancel still rides the `!`
// channel — model (a).)
// `cancel(f)` — request cancellation. Sets the per-future cancel flag + marks the
// state so a subsequent `await` raises `.Canceled` (model (a) — cancel rides the
// `!` channel). DOES NOT STOP AN ALREADY-SPAWNED WORKER: under the fiber impl the
// worker fiber is already queued, so `run()` still executes it to completion (its
// side effects happen; it flips `.canceled -> .ready`). The sticky `canceled`
// atomic is the source of truth — subsequent awaits keep raising regardless of
// the state field. True work-cancellation (the worker's next suspend raising
// `Canceled` so it abandons its body) is Phase 3.
cancel :: ufcs (f: *Future($R)) {
f.canceled.store(true, .release);
f.state = .canceled;