Archive for February 6, 2019

Wednesday, February 6, 2019

Why Swift’s Copy-on-Write Is Safe

Drew McCormack:

I’ve been applying the Copy-on-Write pattern for structs in Swift for quite a while, but is it actually thread safe? Is there not a risk of a race condition between checking that the object is uniquely referenced, and returning the reference?

Joe Groff:

It’s thread safe to read and copy but not write (modulo bugs). It should be as thread safe as an int variable

Joe Groff:

The difference from an ObjC object would be that two threads can both copy from a common value and modify their local copy with a guarantee that the writes don’t race, so this is valid:

let x = [1, 2, 3]

q.async { var y = x; y[0] = 4 }
q.async { var y = x; y[0] = 4 }


If you implement your cow buffer the same way the standard library does, using isUniquelyReferenced to check whether copying is necessary before any modification, then you should get the same guarantee. The isUniquelyReferenced is itself threadsafe

Drew McCormack:

I wasn’t even particularly thinking of Apple’s types, but more just the way we are told to do it in our own. If I understand, it is possible for a CoW struct to change value unexpectedly without you doing anything. Seems like would be pretty serious violation of value semantics.

Joe Groff:

Retain, release, and isUnique are all atomic, and ARC ensures that the read will ensure an independent retain for each thread. There should be no “between”

Daniel Jalkut:

I think Drew is not concerned with isUnique’s atomicity, but with the atomicity of the return/copy code that follows.

Joe Groff:

isUnique takes its argument inout intentionally to ensure this isn't a problem. Swift's inout requires exclusive access to the memory passed in, so by the time you have a local copy, it must be in a separate memory location with its own strong reference

In other words, because of the inout exclusivity guarantee, isUnique returning true also implies that your thread is the only thread that can see the one outstanding reference

See also: ManagedBuffer.swift.

Helge Heß:

I guess they key thing to understand is that this is not thread safe and needs synchronization:

var x = [ 1, 2, 3 ]
q.async( x.append(4) )
q.async( x.append(5) )

Drew McCormack:

I’m afraid I am still not completely convinced. Contested writes are always a risk, but I can live with that. I am more worried that there could be violations of value semantics. Here is a sample which creates a let constant, which subsequently mutates.

Raphael Sebbe:

makes sense. From this code (image), unless I miss sth, the second reference can be created (2nd thread) after the atomic test (1st thread) but before the update. This would mean that the copied value would be changed too.

I think part of the confusion is that people are not talking about the same thing. The way I think about it, Swift’s CoW protects variables that are declared as let. Other code can take the value, put it in a var, and mutate it, and the original variable will be unchanged, even if it’s not protected by a lock or queue. The reason this works is that a mutating method can only be called if the value is already in a var. By the time that happens, the reference count will be at least 2 (the original let, plus the var). ARC-itself is thread-safe. So, at the time of the mutation, isKnownUniquelyReferenced() will return false, and it will have to make a copy.

In McCormack’s example, the original value is in a var, and then it goes into a let, and the object inside the struct changes after the struct has been copied in the let. This is unfortunate, but—as with primitive types—you aren’t supposed to be writing without synchronization. It’s not a goal of CoW to protect against this.


Update (2019-02-07): Drew McCormack:

Thanks for summarizing the CoW discussion. I think we are in agreement. I will say, first, that it did surprise me that a ‘let’ constant can mutate, although I accept the explanation. Second, on the question of whether CoW has a race condition, the answer is clearly “Yes”

If I had to summarize that whole exchange, it would be… Me: “Does CoW have a potential race condition?”. Swift Folk: “You shouldn’t be asking that question.” Effectively the question is irrelevant, because you shouldn’t share mutable value types. That is the lesson.

Update (2019-04-16): See also: Ole Begemann’s thread in the Swift forums.

Secure Erase and Mojave’s Disk Utility

Howard Oakley:

The snag is that Disk Utility won’t overwrite an SSD’s free space in the way that it does with hard disks. It pretends to offer the same three secure erase options, but in fact none of them does what the dialog says. Indeed, in Sierra they aren’t even available, which is perhaps a little more honest.

In Mojave, all three secure erase options offer is that the original APFS volume is completely deleted, with any Preboot and Recovery directories, and it is then added back as a new volume. This will destroy all APFS data about the original volume, but the file data for that volume will remain on the SSD. Although at present there appear to be no macOS utilities which can reconstruct such a removed volume, that situation will change in the future.

Howard Oakley:

To perform the secure erase which it describes, you have to use the diskutil command in Terminal instead, using a command of the form

diskutil secureErase freespace 2 /Volumes/volumeName

which is an even slower process.

Before using diskutil secureErase, you should read man diskutil, where Apple cautions:

This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be instantly “erased” by destroying (or losing) the key (password), because this renders your data irretrievable in practical terms. Consider using APFS encryption (FileVault).


It isn’t possible to encrypt an existing APFS volume non-destructively using Disk Utility, and in some cases when attempting to erase and reformat a volume, Disk Utility returns “an internal state error” and fails to perform the operation.


Considering Pulling Google News From Europe

Natalia Drozdiak:

The European Union’s Copyright Directive will give publishers the right to demand money from the Alphabet Inc. unit, Facebook Inc. and other web platforms when fragments of their articles show up in news search results, or are shared by users.


Lawmakers are still hashing out how to define small excerpts of stories and whether individual words should be covered by the copyright rules, according to an EU official who asked not to be identified.


The impact of a Google News withdrawal on publishers who rely on the search giant for traffic to their sites is unclear. Google shut its news service in Spain in 2014 after the country passed a law requiring Spanish publications to charge aggregators for displaying excerpts of stories. Publishers must claim compensation for the reuse of fragments of text whether they want to or not.

The Spanish law led to small publishers losing about 13 percent of their web traffic, according to a 2017 study released by the Spanish Association of Publishers of Periodical Publications.

Via Nick Heer:

An alternative could be to display search results without excerpts, photos, or titles.

Previously: EU Approves Controversial Copyright Directive.

eBay’s Changing Strategy

Spencer Soper (Hacker News):

Wall Street bought the story for a while, but with Amazon gaining and EBay atrophying, investors have been losing patience with Wenig’s slow-and-steady approach. That impatience came to a head on Tuesday, when Billionaire Paul Singer’s Elliott Management Corp. -- which owns more than 4 percent of the company -- published a letter outlining “urgently needed” steps that included assets sales and share buy-backs.

EBay’s growth was languishing even before Wenig took over in 2015 after the company split from faster-growing PayPal Holdings Inc. Many shoppers still think of EBay as the online rummage sale of yesteryear, where you could snag a deal on someone’s baseball card collection or video game console by bidding in an auction. In fact, EBay is much like any e-commerce site these days, replacing a trip to the mall by offering deals on new iPhones, Under Armour shirts and cordless drills from DeWalt.


As a shopper I hate a lot of the recent shifts in their strategy. The only thing interesting enough to make me want to deal with all the hassles of eBay are the interesting vintage or collectible one-of-a-kind items: coins, camera gear, art, etc. These things are more work to list and describe but make for an always entertaining browsing experience. I loved eBay back in the day when it was like one big never-ending garage sale.

The catalogization of eBay, moving toward SKU-based product pages with sellers providing fulfillment, ends up feeling like a weird me-too version of the Amazon FBA race to the bottom. Small sellers with interesting inventory have been bled to death with ever-increasing fees and seem ready to pack up the wagon and move on to greener pastures.

The featured products on the homepage have the same bland sameness as every other e-com site and as a shopper I don’t feel like I have much reason to ever go there these days. Right now I’m seeing a Patriots ballcap, some men’s sneakers, and a small grill. Might as well be shopping at Target.

Kirk McElhearn:

For many years, I have bought new iPhones and sold the previous models. As a tech journalist, it’s useful for me to have the latest technology – even though I don’t do this every year – and I don’t want to accumulate old devices, like many of my friends who have “boxes of phones.”

I used to do this on eBay, but, when I tried to sell my iPhone 8+ recently, the experience was so bad that I will never do it again.

Previously: eBay Is for Suckers.

Amazon and Fake Books and Filtered Reviews

Dave Mark (tweet):

The book had the same title, same author, and a similar cover. But it was not printed by No Starch Press and, presumably, none of the money will make its way to No Starch or the author.


Once they had the fake book in hand, they could print a fake and sell it, or add the fake PDF to a torrent web site. Happened to me with every book I ever wrote.

But this particular fake appears to be surfaced by Amazon, the number one bookseller in the world.

John Gordon:

Amazon reviews have long been helpful to me, and were once a big part of Amazon’s value proposition.

That is no longer true. Amazon is filtering out negative reviews.

See also: Reddit.


Update (2019-02-20): Sean Gallagher (Hacker News):

Bill Pollock, the founder of the tech how-to book publisher No Starch Press, called out Amazon on February 13 for selling what he says are counterfeit copies of his company’s book, The Art of Assembly Language—copies that Amazon apparently printed.