Three points:
> the biggest problem with our current alias analysis: closures that can close > over arbitrary state Our current closures are so neutered (they can only appear as function call arguments) that doing reference analysis on them is trivial (just descend into the closure during the analysis). Sully is considering an extension them which, if I understand it correctly, will still be checkable without any acrobatics. You seem to believe that type-based alias analysis is complicated. This may be me using the term wrong, but it the thing I'm doing, whatever it's called, is entirely trivially easy. Basically, it's the 45-line function at [1] which, when dealing with references to things that might be overwritten in a way that can't be statically seen, simply checks whether any value is touched that may include the type that has to be mutated to overwrite the referenced value. There's nothing hard or complicated about this. [1] https://github.com/graydon/rust/blob/master/src/comp/middle/alias.rs#L544 Lastly, I am really opposed to destructive reads. Making unsafe programs fail at run-time is not what I understand to be the goal of Rust. Sure, a null-pointer error is better than memory corruption, but it's still awful. I am confused about the problem you're trying to solve. Same for your proposal in the return-by-reference thread (which I'll respond to separately). You seem to believe that there is something fundamentally wrong with our current reference-safety system. I, on the other hand, feel that I've hit on a really good solution to the problem of safe references. It doesn't put much burden on the programmer, doesn't require ridiculous compiler complexity (700 lines, in a verbose language like Rust), can be explained, even standardized (though I've apparently not been doing a very good job explaining, so far) without embarrassment, and imposes no run-time cost at all. (And, as an aside, it is quite a bit more advanced than the alias burying you describe here. We have a few properties in Rust, 'no global data' and 'mostly immutable data structures' that make this style of analysis possible. I'm going to write up some kind of paper when the thing has stabilized. But for now, I'd like everybody to realize that they're programming with safe references, and they hardly ever have to think about it. This is no mean feat!) _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
