| ▲ | baq 2 days ago |
| > Rust and Yolo-C will always be faster graydon points in that direction, but since you're here: how feasible is a hypothetical Fil-Unsafe-Rust? would you need to compile the whole program in Fil-Rust to get the benefits of Fil-Unsafe-Rust? |
|
| ▲ | zozbot234 2 days ago | parent | next [-] |
| It's reasonably easy if you can treat the Safe Rust and Fil-Unsafe-Rust code as accessing different address spaces (in the C programming sense of "a broad subset of memory that a pointer is limited to", not the general OS/hardware sense), since that's essentially what the bespoke Fil-C ABI amounts to in the first place. Which of course is not really a good fit for every use of Unsafe Rust, but might suffice for some of them. |
|
| ▲ | pizlonator 2 days ago | parent | prev | next [-] |
| What is Fil-Rust and Fil-Unsafe-Rust? |
| |
| ▲ | kobebrookskC3 2 days ago | parent [-] | | in my mind it would be doing what fil-c does for c to unsafe rust: a hypothetical memory safe implementation of unsafe rust using the same methods fil-c does e.g. gc | | |
| ▲ | pizlonator 2 days ago | parent [-] | | Can't do GC unless you go all-in. So that implies just running all of Rust through the Fil-C transformation | | |
| ▲ | zozbot234 2 days ago | parent | next [-] | | > Can't do GC unless you go all-in. It can be done, especially with a safe non-GC language that can meaningfully guarantee it won't corrupt GC metadata or break its invariants. You only have real issues (and then only wrt. excess overhead, not unsoundness) with pervasive mutual references between the GC and non-GC parts of the program. You do need to promote GC pointers to a root anytime that non-GC code has direct access to them, and add finalizers to GC objects that may need to drop/run destructors on non-GC data. | |
| ▲ | baq 2 days ago | parent | prev [-] | | that's what I expected, thanks for making this clear! |
|
|
|
|
| ▲ | kobebrookskC3 2 days ago | parent | prev [-] |
| what would fil-rust do that miri doesn't? |
| |
| ▲ | baq 2 days ago | parent [-] | | e.g. validate safety across safe/unsafe boundaries | | |
| ▲ | estebank 2 days ago | parent [-] | | Miri does do that? It is not aware of the distinction to begin with (which is one of the use cases of the tool: it lets us exercise safe code to ensure there aren't memory violations caused by incorrect MIR lowering). I might be mistaking what you mean. Miri's big limitation is not being able to interface with FFI. | | |
| ▲ | baq 2 days ago | parent [-] | | hmmm I thought miri was used in the compiler for static analysis, wasn't aware it's a runtime interpreter. I guess the primary reason would be running hardened code in production without compromising performance too much, same as you would run Fil-C compiled software instead of the usual way. I've no idea if it's feasible to run miri in prod. | | |
| ▲ | estebank 2 days ago | parent [-] | | I guess the confusion happens because MIR: the representation, mir: the stage, stable MIR: the potential future API interface for hooking into the compiler stage, and miri: the MIR interpreter all share pretty much the same name. Const evaluation uses MIR and that's the most likely culprit. Miri is an interpreter (as you found out on your own now), and it is not meant for use in production workloads due to the slowdown it introduces, so it limits its use to use in test suites and during debugging. From my understanding Fil-C is an LLVM operation, so it should be possible to build integration to have a Fil-Rust binary that is slower but gives you some of the benefits of miri. I see value in doing something like that. There are plenty of other languages that would be well served by this too! |
|
|
|
|
