Date: Fri, 13 Feb 2026 18:04:07 +0100
Sure, but that is a detail rather than key to the principle.
(If there were a way to restrict based on not having a lock object, then
it could be even neater.)
David
On 13/02/2026 17:36, Sebastian Wittmeier via Std-Proposals wrote:
> Perhaps better restore than enable interrupts:
>
> intmain() {
> interrupts_lock lock;
> {
> interrupts_lock lock;
> critical_section<lock>();
> }
> critical_section<lock>();
> }
>
> interrupts disabled
> interrupts disabled
> critical section
> interrupts enabled
> critical section // outer critical section runs with enabled interrupts
> interrupts enabled
>
>
> -----Ursprüngliche Nachricht-----
> *Von:* Ell via Std-Proposals <std-proposals_at_[hidden]>
> *Gesendet:* Fr 13.02.2026 17:05
> *Betreff:* Re: [std-proposals] Canonical State Enforcement
> *An:* std-proposals_at_[hidden];
> *CC:* Ell <ell.ell.se_at_[hidden]>;
> On Friday, February 13th, 2026 at 12:44 PM, David Brown via
> Std-Proposals <std-proposals_at_[hidden]> wrote:
>
> >
> >
> > On 13/02/2026 10:14, Simon Schröder via Std-Proposals wrote:
> > >
> > > Probably not the most elegant solution, but providing the tag as
> > > template parameter would have zero runtime-overhead.
> > >
> >
> > Yes, I have thought a lot about that.
> >
> > But what is missing there is that there is no way to control the use of
> > a type.
> >
> > If we have a type "irq_disabled" with no public destructor, then the
> > only way I can get a member of that type and pass it on to a restricted
> > function is :
> >
> > irq_disabled irqs_off = disable_interrupts();
> > modify_interrupt_table(irqs_off, new_interrupt_vector);
> >
> >
> > With a template, you can write :
> >
> > using irqs_off = irq_disabled;
> > modify_interrupt_table<irqs_off>(new_interrupt_vector);
> >
> > At no point are you forced to remember to call "disable_interrupts()".
> > You might as well just encode the requirement in the function name
> > (which is a well-established technique, but I hope to do better) :
> >
> > modify_interrupt_table_with_irqs_off(new_interrupt_vector);
> >
> >
> > Even with non-type template parameters rather than type parameters, you
> > can't (AFAICS) enforce the correct usage here.
>
>
> You can do something like this: https://godbolt.org/z/5q3z33nve
>
> It's hard to use that to revoke permissions instead of grant
> permissions though.
> --
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>
>
(If there were a way to restrict based on not having a lock object, then
it could be even neater.)
David
On 13/02/2026 17:36, Sebastian Wittmeier via Std-Proposals wrote:
> Perhaps better restore than enable interrupts:
>
> intmain() {
> interrupts_lock lock;
> {
> interrupts_lock lock;
> critical_section<lock>();
> }
> critical_section<lock>();
> }
>
> interrupts disabled
> interrupts disabled
> critical section
> interrupts enabled
> critical section // outer critical section runs with enabled interrupts
> interrupts enabled
>
>
> -----Ursprüngliche Nachricht-----
> *Von:* Ell via Std-Proposals <std-proposals_at_[hidden]>
> *Gesendet:* Fr 13.02.2026 17:05
> *Betreff:* Re: [std-proposals] Canonical State Enforcement
> *An:* std-proposals_at_[hidden];
> *CC:* Ell <ell.ell.se_at_[hidden]>;
> On Friday, February 13th, 2026 at 12:44 PM, David Brown via
> Std-Proposals <std-proposals_at_[hidden]> wrote:
>
> >
> >
> > On 13/02/2026 10:14, Simon Schröder via Std-Proposals wrote:
> > >
> > > Probably not the most elegant solution, but providing the tag as
> > > template parameter would have zero runtime-overhead.
> > >
> >
> > Yes, I have thought a lot about that.
> >
> > But what is missing there is that there is no way to control the use of
> > a type.
> >
> > If we have a type "irq_disabled" with no public destructor, then the
> > only way I can get a member of that type and pass it on to a restricted
> > function is :
> >
> > irq_disabled irqs_off = disable_interrupts();
> > modify_interrupt_table(irqs_off, new_interrupt_vector);
> >
> >
> > With a template, you can write :
> >
> > using irqs_off = irq_disabled;
> > modify_interrupt_table<irqs_off>(new_interrupt_vector);
> >
> > At no point are you forced to remember to call "disable_interrupts()".
> > You might as well just encode the requirement in the function name
> > (which is a well-established technique, but I hope to do better) :
> >
> > modify_interrupt_table_with_irqs_off(new_interrupt_vector);
> >
> >
> > Even with non-type template parameters rather than type parameters, you
> > can't (AFAICS) enforce the correct usage here.
>
>
> You can do something like this: https://godbolt.org/z/5q3z33nve
>
> It's hard to use that to revoke permissions instead of grant
> permissions though.
> --
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>
>
Received on 2026-02-13 17:04:14