@@ -118,7 +118,7 @@ require exclusive access, while read operations require only shared access.
118118At any given moment during program execution, a thread holds a specific set of
119119capabilities (e.g. the set of mutexes that it has locked.) These act like keys
120120or tokens that allow the thread to access a given resource. Just like physical
121- security keys, a thread cannot make copy of a capability, nor can it destroy
121+ security keys, a thread cannot make a copy of a capability, nor can it destroy
122122one. A thread can only release a capability to another thread, or acquire one
123123from another thread. The annotations are deliberately agnostic about the
124124exact mechanism used to acquire and release capabilities; it assumes that the
@@ -131,7 +131,7 @@ by calculating an approximation of that set, called the *capability
131131environment *. The capability environment is calculated for every program point,
132132and describes the set of capabilities that are statically known to be held, or
133133not held, at that particular point. This environment is a conservative
134- approximation of the full set of capabilities that will actually held by a
134+ approximation of the full set of capabilities that will actually be held by a
135135thread at run-time.
136136
137137
@@ -369,7 +369,7 @@ thread-safe, but too complicated for the analysis to understand. Reasons for
369369 void unsafeIncrement() NO_THREAD_SAFETY_ANALYSIS { a++; }
370370 };
371371
372- Unlike the other attributes, NO_THREAD_SAFETY_ANALYSIS is not part of the
372+ Unlike the other attributes, `` NO_THREAD_SAFETY_ANALYSIS `` is not part of the
373373interface of a function, and should thus be placed on the function definition
374374(in the ``.cc `` or ``.cpp `` file) rather than on the function declaration
375375(in the header).
@@ -509,7 +509,7 @@ ASSERT_CAPABILITY(...) and ASSERT_SHARED_CAPABILITY(...)
509509*Previously: * ``ASSERT_EXCLUSIVE_LOCK ``, ``ASSERT_SHARED_LOCK ``
510510
511511These are attributes on a function or method which asserts the calling thread
512- already holds the given capability, for example by performing a run-time test
512+ already holds the given capability, for example, by performing a run-time test
513513and terminating if the capability is not held. Presence of this annotation
514514causes the analysis to assume the capability is held after calls to the
515515annotated function. See :ref: `mutexheader `, below, for example uses.
@@ -554,19 +554,19 @@ Negative Capabilities
554554=====================
555555
556556Thread Safety Analysis is designed to prevent both race conditions and
557- deadlock. The GUARDED_BY and REQUIRES attributes prevent race conditions, by
557+ deadlock. The `` GUARDED_BY `` and `` REQUIRES `` attributes prevent race conditions, by
558558ensuring that a capability is held before reading or writing to guarded data,
559- and the EXCLUDES attribute prevents deadlock, by making sure that a mutex is
559+ and the `` EXCLUDES `` attribute prevents deadlock, by making sure that a mutex is
560560*not * held.
561561
562- However, EXCLUDES is an optional attribute, and does not provide the same
563- safety guarantee as REQUIRES. In particular:
562+ However, `` EXCLUDES `` is an optional attribute, and does not provide the same
563+ safety guarantee as `` REQUIRES `` . In particular:
564564
565565 * A function which acquires a capability does not have to exclude it.
566566 * A function which calls a function that excludes a capability does not
567- have transitively exclude that capability.
567+ have to transitively exclude that capability.
568568
569- As a result, EXCLUDES can easily produce false negatives:
569+ As a result, `` EXCLUDES `` can easily produce false negatives:
570570
571571.. code-block :: c++
572572
@@ -594,8 +594,8 @@ As a result, EXCLUDES can easily produce false negatives:
594594 };
595595
596596
597- Negative requirements are an alternative EXCLUDES that provide
598- a stronger safety guarantee. A negative requirement uses the REQUIRES
597+ Negative requirements are an alternative to `` EXCLUDES `` that provide
598+ a stronger safety guarantee. A negative requirement uses the `` REQUIRES ``
599599attribute, in conjunction with the ``! `` operator, to indicate that a capability
600600should *not * be held.
601601
@@ -642,7 +642,7 @@ Frequently Asked Questions
642642
643643(A) Attributes are part of the formal interface of a function, and should
644644always go in the header, where they are visible to anything that includes
645- the header. Attributes in the .cpp file are not visible outside of the
645+ the header. Attributes in the `` .cpp `` file are not visible outside of the
646646immediate translation unit, which leads to false negatives and false positives.
647647
648648
@@ -684,7 +684,7 @@ Private Mutexes
684684---------------
685685
686686Good software engineering practice dictates that mutexes should be private
687- members, because the locking mechanism used by a thread-safe class is part of
687+ members because the locking mechanism used by a thread-safe class is part of
688688its internal implementation. However, private mutexes can sometimes leak into
689689the public interface of a class.
690690Thread safety attributes follow normal C++ access restrictions, so if ``mu ``
0 commit comments