What I would like is a way to make this more robust. I have very strong threading primitives, I want a way to make sure that I use them! In particular, I want to be able to mark certain structs as only touchable when a critsec is locked or whatever.
I think that a lot of this could be done with Win32 memory page protections. So far as I know there's no way to associate protections per-thread, (eg. to make a page read/write for thread A but no-access for thread B). If I could do that it would be super sweet.
One idea is to make the page no access and then install my own exception handler that checks what thread it is, but that might be too much overhead (and not sure if that would fail for other reasons).
The main usage is not for protected crit-sec'ed structs, that is really the easiest case to maintain because it's very obvious right there in the code that you need to take the critsec to touch the variables. The hard case to maintain is the ad hoc "I know this is safe to touch without protection". In particular I have a lot of code that runs like this :
Phase 1 : I know no threads are touching shared data item A main thread does lots of writing in A Phase 2 : fire up threads. They only read from A and do so without protection. They each write to unique areas B,C,D. Phase 3 : spin down threads. Now main thread can write A and read B,C,D.So what I would really like to do is :
Phase 1 : I know no threads are touching shared data item A main thread does lots of writing in A -- set A memory to be read-only ! -- set B,C,D memory to be read/write only for their own thread Phase 2 : fire up threads. They only read from A and do so without protection. They each write to unique areas B,C,D. -- make A,B,C,D read/write only for main thread ! Phase 3 : spin down threads. Now main thread can write A and read B,C,D.
The thing that this saves me from is when I'm tinkering in DoComplicatedStuff() which is some function called deep inside Phase 2 somewhere and I change it to no longer follow the memory access rule that it is supposed to be following. This is just my hate for having rules for code correctness that are not enforced by the compiler or at least by run-time asserts.