Channels and synchronization - Contracts and edge cases

Platform spec article

Channels and synchronization - Contracts and edge cases

Back to Channels and synchronization ◎ Open feature in platform map

Missing owner or submitter in frontmatter for this article.

Current document

ADRs (3)

1. 0011-channel-only-cross-fiber-sharing Channels are the only cross-fiber data path Accepted

   Runtime enforces queue transfer; stack pointers must not cross fibers.

   Context

   Shared mutable stacks across fibers would break GC stack maps and the memory model. The runtime must align with language channel-only rules.

   Decision

   Rule	Detail
   Mechanism	Channels are the only approved cross-fiber data transfer at runtime
   Happens-before	Successful Send happens-before Receive that observes the value
   Values	Copied or heap handles with GC tracing — no stack pointer transfer
   Builtins	channel_*, mutex_*, wait_group_* implement queues and coordination
   Compiler	Must not lower cross-fiber stack sharing

   Corelib policy: D-CORE-CONC-0009.

   Consequences

   New sync primitives require spec + ABI + corelib trifecta before export.

   Verification anchors

   beskid_runtime channel tests; git 12ee673.

   Open full ADR page

2. 0012-hub-round-robin-fairness Hub WaitReceive uses round-robin fairness Accepted

   Per-hub cursor scans registered channels to avoid starvation.

   Context

   Multiplexing without language select needs deterministic fairness when one registered channel is always ready.

   Decision

   Rule	Detail
   Homogeneity	Hub<T> — homogeneous T only in v1
   Scan	Cursor starts at k; scan k, k+1, … modulo registration count for first ready channel
   After success	Cursor advances past chosen index (wrap)
   v1 scope	WaitSend out of scope; no language select
   Empty hub	WaitReceive with zero registrations → HubError::Empty

   Matches D-CORE-CONC-0003.

   Consequences

   Runtime hub_wait_receive_* implements rotation; corelib documents registration limits for hot paths.

   Verification anchors

   Hub builtins; corelib hub tests.

   Open full ADR page

3. 0013-result-at-builtin-boundary Channel builtins return Result not panic Accepted

   Closed, full, and cancelled operations surface as Result/Option at the FFI boundary.

   Context

   Panicking on backpressure or closed channels makes cooperative code fragile and inconsistent with corelib Result types.

   Decision

   Operation	Runtime behavior
   Send after Close	Closed in Result
   Receive on closed empty	Closed
   TrySend / TryReceive	Option for full/empty
   Cancel	Parked ops wake with Cancelled after child OnCancelled
   Join on cancelled child	FiberError::Cancelled
   Panic	Forbidden for ordinary channel/hub/mutex errors

   Aligns with D-CORE-CONC-0005.

   Consequences

   Builtin implementations and corelib wrappers must share error enums. Duplicate Close is idempotent-safe.

   Verification anchors

   Contracts and edge cases; concurrency runtime tests.

   Open full ADR page

Articles

• Channels and synchronization - Contracts and edge cases Runtime-level Send, Receive, Hub, and cancellation contracts. article Standard Reviewed Wed May 20

History

0 revisions (git unavailable at build; counts may be empty)

Open full history on GitHub

No commits recorded for this path.

Completeness

OKfeature · 7 SpecSection(s) · 2 H2 heading(s)

Section id	Required	Found
what-this-feature-specifies	yes	yes
implementation-anchors	yes	yes

Full tree: run pnpm verify:platform-spec-layout (writes src/generated/platform-spec-layout-report.json).

Related spec docs

• Feature
  Channels and synchronization

  Parent feature hub

Runtime must mirror corelib Result semantics at the builtin boundary (no panic for closed/cancelled channel ops).

Duplicate Close is safe. Receive on closed empty queue returns Closed. Send after Close returns Closed.

Hub.WaitReceive with zero registrations returns HubError::Empty. Hub uses round-robin readiness scan (normative).

Multiple fibers may Receive on the same channel; each message goes to one receiver (FIFO).

Cancellation wakes parked fibers with Cancelled after OnCancelled on the child fiber.

Pointer-payload channels (Phase B)

The runtime exposes pointer-payload channel ops at the ABI: channel_send_ptr, channel_try_send_ptr, channel_receive_ptr, channel_try_receive_ptr. These ops share the existing ChannelId table and the same FIFO semantics described above; only the payload moves a GC-managed pointer instead of a raw i64.

Implementations must:

• Register the in-flight pointer as an external GC handle before pushing the handle id onto the internal queue, and drop the registration on both the receiver side and on any error path. The pointer is reachable to the GC for the full duration it sits in the queue.
• Apply the Dijkstra insertion write barrier (gc_write_barrier) on both the send and the receive sides. The barrier is correct regardless of whether the runtime is in Phase A or Phase B; in Phase A it is effectively a no-op.
• Return Closed when no active mutator is registered, rather than leaking the external handle.
• When called from an OS thread that is not a Beskid fiber (a Phase B mutator registered via attach_phase_b_mutator), back-pressure on a bounded queue must not call into the fiber scheduler. The runtime instead falls back to try_send / try_receive polling with std::thread::yield_now.