| ▲ | quotemstr 3 days ago |
| That's what the "Profiles" feature is. The problem is that any nontrivial real world program in a non-GC language needs non-owning reference types to perform well, and you can't express the rules for safe use of non-owning references without augmenting the language. People have tried. You need something more sophisticated than using smart pointers for everything. In the limit, smart pointers for everything is just called "Python". What infuriates me about the C++ safety situation is that C++ is by and large a better, more expressive language than Rust is, particularly with respect to compile time type level metaprogramming. And I am being walked hands handcuffed behind my back, alongside everyone else, into the Rust world with its comparatively anemic proc macro shit because the C++ committee can't be bothered to care about memory safety. Because of the C++ standards committee's misfeasance, I'm going to have to live in a world where I don't get to use some of my favorite programming techniques. |
|
| ▲ | int_19h 2 days ago | parent | next [-] |
| > You need something more sophisticated than using smart pointers for everything. In the limit, smart pointers for everything is just called "Python". I don't see how that follows at all. What makes Python Python (and slow!) is dynamic dispatch everywhere down to the most primitive things. Refcounted smart pointers are a very minor thing in the big picture, which is why we've seen Python implementations without them (Jython, IronPython). Performance-wise, yes, refcounting certainly isn't cheap, but you just do that and keep everything else C++-like, the overall performance profile of such a language is still much closer to C++ than to something like Python. You can also have refcounting + something like `ref` types in modern C# (which are essentially restricted-lifetime zero-overhead pointers with inferred or very simplistic lifetimes): https://learn.microsoft.com/en-us/dotnet/csharp/language-ref... It doesn't cover all the cases that a full-fledged borrow checked with explicit lifetime annotations can, but it does cover quite a few; perhaps enough to adopt the position that refcounting is "good enough" for the rest. |
| |
| ▲ | seanbax 2 days ago | parent | next [-] | | Python doesn't have lvalues in the way that C++ and Rust do. You can't refcount everything and still pass lvalues to subobjects. If lvalues to subobjects are important, you need borrow checking. | |
| ▲ | quotemstr a day ago | parent | prev [-] | | > Jython, IronPython Both of which have modern, concurrent, parallel, and generational garbage collectors. |
|
|
| ▲ | Yoric 3 days ago | parent | prev [-] |
| > In the limit, smart pointers for everything is just called "Python". To be more precise, it's old Python. Recent versions of Python use a gc. > And I am being walked hands handcuffed behind my back, alongside everyone else, into the Rust world with its comparatively anemic proc macro shit because the C++ committee can't be bothered to care about memory safety. Out of curiosity (as someone working on static analysis), what properties would you like your compiler to check? |
| |
| ▲ | quotemstr 3 days ago | parent | next [-] | | I've been thinking for a while now about using dependant typing to enforce good numerics in numerics kernels. Wouldn't it be nice if we could propagate value bounds and make catastrophic cancellation a type error? Have you worked much with SAL and MIDL from Microsoft? Using SAL (an aesthetically hideous but conceptually beautiful macro based gradual typing system for C and C++) overlay guarantees about not only reference safety but also sign comparison restriction, maximum buffer sizes, and so on. | | |
| ▲ | zevets 3 days ago | parent | next [-] | | Please do this. But first: we need to take step-zero and introduce a type "r64": a "f64" that is not nan/inf. Rust has its uint-thats-not-zero - why not the same for floating point numbers?? | | |
| ▲ | tialaramex 3 days ago | parent | next [-] | | You can write your "r64" type today. You would need a perma-unstable compiler-only feature to give your type a huge niche where the missing bit patterns would go, but otherwise there's no problem that I can see, so if you don't care about the niche it's just another crate - there is something similar called noisy_float | | |
| ▲ | zevets 2 days ago | parent [-] | | I can do it, and I do similar such things in C++ - but the biggest benefit of "safe defaults" is the standardization of such behaviors, and the resultant expectations/ecosystem. |
| |
| ▲ | 1718627440 3 days ago | parent | prev [-] | | > Rust has its uint-thats-not-zero Why do we need to single out a specific value. It would be way better if we also could use uint-without-5-and-42. What I would wish for is type attributes that really belong to the type. typedef unsigned int __attribute__ ((constraint (X != 5 && X != 42))) my_type;
| | |
| ▲ | int_19h 2 days ago | parent | next [-] | | Proper union types would get you there. If you have them, then each specific integer constant is basically its own type, and e.g. uint8 is just (0|1|2|...|255). So long as your type algebra has an operator that excludes one of the variants from the union to produce a new one, it's trivial to exclude whatever, and it's still easy for the compiler to reason about such types and to provide syntactic sugar for them like 0..255 etc. | |
| ▲ | steveklabnik 3 days ago | parent | prev [-] | | Those are the unstable attributes that your sibling is talking about. | | |
| ▲ | 1718627440 2 days ago | parent [-] | | Yeah of course I can put what I want in my toy compiler. My statement was about standard C. I think that's what Contracts really are and hope this will be included in C. | | |
| ▲ | steveklabnik 2 days ago | parent [-] | | Oh sure, I wouldn’t call rustc a “toy compiler” but yeah, they’d be cool in C as well. |
|
|
|
| |
| ▲ | Yoric 2 days ago | parent | prev [-] | | Dependent types in well-behaved, well-defined snippets of C++ dedicated to numeric kernels? While I think it's a great idea, this also sounds like it would require fairly major rewrites (and possibly specialized libraries?), which suggests that it would be hard to get much buy-in. |
| |
| ▲ | ranger_danger 2 days ago | parent | prev [-] | | To be even more precise: > Reference counting is the primary mechanism of garbage collection, however, it doesn’t work when the references have cycles between them and for handling such cases it employs the GC. |
|
