| Thanks for clarifying that point. It's worth pointing out that the safety strategy doc[0] mentions that >A key subset of safety categories Carbon should address are: >[...] >Data race safety protects against racing memory access: when a thread accesses (read or write) a memory location concurrently with a different writing thread and without synchronizing But then later in the doc it says >It's possible to modify the Rust model several ways in order to reduce the burden on C++ developers: >Don't offer safety guarantees for data races, eliminating RefCell. >[...] >Overall, Carbon is making a compromise around safety in order to give a path for C++ to evolve. [...] One could read this as saying that guaranteed safety against data races is not a goal. Perhaps this doc could be reworded? Maybe something like "Carbon does not see guaranteed safety against data races as strictly necessary to achieve its security goals but we still currently aim for a model that will prevent them." [0] https://github.com/carbon-language/carbon-lang/blob/trunk/do... |