8bacb2b01c
A cancelled async worker now abandons its body at its next suspend instead
of running to completion.
- Cancel-flag back-ref (D4): SpawnOpts.cancel_flag (core.sx) + Fiber.cancel_flag
(sched.sx), set from opts.cancel_flag in Scheduler.spawn_raw; async passes
xx @f.canceled (the Future.canceled Atomic(bool) erased to *void).
- Delivery: Scheduler.suspend_raw consults fiber_canceled(self.current) PRE-park
(raise without parking — no deadlock if cancel landed before the worker ran)
and POST-resume (cancel landed while parked), raising error.Canceled.
cancel(f) flips the sticky flag, marks .canceled, and wakes the worker.
- async worker is failable Closure() -> ($R, !); the completion closure
f.value = worker() catch {…} marks .canceled/.failed and wakes the awaiter,
so post-suspend side effects never run. New failable io.sleep(ms) is the
cancellation point.
- Compiler: a -> ! fn whose only error source is try-ing a protocol method
(io.suspend_raw) was wrongly flagged 'declared ! but never errors';
collectErrorSites now marks a try of a non-identifier callee as a dynamic
(opaque) error source, suppressing the warning.
- Two UAFs found by adversarial review and fixed: (1) cancel-before-park
orphaned io.sleep's armed timer — suspend_raw's pre-park raise now evicts the
current fiber's timer/waiter first; (2) cancel(f) could wake a reaped worker —
now only wakes when was_pending.
Migrated 1805/1806/1824 to failable workers. Lock: example 1825 (seq: 1 -99,
post-suspend line never runs); byte-identical on aarch64-macOS + aarch64-linux.
.ir churn is the SpawnOpts layout change (type-table string renumbering).
32 lines
1.4 KiB
Plaintext
32 lines
1.4 KiB
Plaintext
// B1.2 / B2 — the async ergonomic layer over the `Io` capability, blocking
|
|
// default. `context.io.async(worker)` submits a NULLARY `worker: Closure() -> $R`
|
|
// and returns a `*Future($R)` handle; under the blocking `CBlockingIo` the worker
|
|
// runs to completion inline, so the Future is born `.ready`. `f.await()` yields
|
|
// the result (a value-failable `($R, !IoErr)`, handled with `or`).
|
|
// `context.io.now_ms()` reads the clock through the same capability.
|
|
//
|
|
// Worker form: a nullary lambda capturing any inputs at the CALL SITE
|
|
// (`() -> i64 => compute(a, b)`) — the colorblind shape that also works when the
|
|
// worker is deferred onto a fiber (a captured variadic pack can't cross the fiber
|
|
// boundary), mirroring `sched.go`.
|
|
#import "modules/std.sx";
|
|
|
|
main :: () {
|
|
// Inputs captured at the call site. The worker is FAILABLE
|
|
// (`Closure() -> ($R, !)`) — the unified Phase 3 shape; a body that never
|
|
// raises is a degenerate failable that always succeeds.
|
|
s := context.io.async(() -> (i64, !) => 40 + 2);
|
|
print("sum: {}\n", s.await() or { -1 });
|
|
|
|
d := context.io.async(() -> (i64, !) => 21 * 2);
|
|
print("double: {}\n", d.await() or { -1 });
|
|
|
|
// A worker that closes over a local.
|
|
base := 42;
|
|
n := context.io.async(() -> (i64, !) => base);
|
|
print("nullary: {}\n", n.await() or { -1 });
|
|
|
|
// The Io capability also carries a clock.
|
|
if context.io.now_ms() >= 0 { print("clock ok\n"); }
|
|
}
|