Safety, undefined behavior, @safe, @trusted

Thu Nov 5 14:07:02 PST 2009

== Quote from Andrei Alexandrescu (SeeWebsiteForEmail at erdani.org)'s article
> dsimcha wrote:
> > == Quote from Andrei Alexandrescu (SeeWebsiteForEmail at erdani.org)'s article
> >> Steven Schveighoffer wrote:
> >>> On Thu, 05 Nov 2009 16:30:42 -0500, Andrei Alexandrescu
> >>> <SeeWebsiteForEmail at erdani.org> wrote:
> >>>
> >>>>>  Most of the usages are like this:
> >>>>>  ubyte[1024] buffer;
> >>>>> functionThatNeedsBufferSpace(buffer);
> >>>>>  where functionThatNeedsBufferSpace takes a ubyte[], thereby taking
> >>>>> an address of the local data.
> >>>>>  So it's not explicit address taking, but it's the same thing under
> >>>>> the hood.  There always exists the potential for the stack reference
> >>>>> to escape.
> >>>> I see, thank you. I am confident that a trusted reap could be
> >>>> implemented in the standard library. (google reap)
> >>> I did.  Couldn't find anything.
> >> Damn acronyms, sorry. Better results: reap memory allocation
> >> ftp://ftp.cs.utexas.edu/pub/emery/papers/reconsidering-custom.pdf
> >> Andrei
> >
> > Ok, I understand the basic principle of a reap, but if it's going to convert to a
> > heap when you try to delete something, why not just improve the standard GC heap,
> > i.e. by making per-thread heaps?  If you're not going to delete stuff, why not
> > just use a regular old region or stack (not necessarily the call stack, but a
> > stack of some kind)?
> Perhaps a region could also be defined as a @trusted facility! So much
> good stuff to do, so little time...
> Andrei

I have my doubts only b/c I've worked on similar things before and the thing that
keeps biting me in the @$$ is how to handle the GC.  If you allocate some huge
block of memory to parcel out and have it all be scanned by the GC, you're asking
for slow scan times and lots of false pointers, thus largely defeating the purpose
of the region scheme.  (My precise heap scanning patch doesn't address this, as it
assumes that untyped memory blocks will be allocated using the conservative bit
mask and scanned conservatively, or not scanned at all.)

If you don't have it scanned by the GC, then you can't store the only reference to
a GC-allocated object in the region.  I chose the latter for TempAlloc, and it's
still ridiculously useful in the small niche of dstats, where I need to allocate
tons of temporary arrays of numbers or copies of arrays that are already in memory
but need to be sorted, etc.  However, it's a shoe with a gun built in.  If it
wasn't, I'd recommend it for Phobos.  If I made it scanned by the GC performance
and space overhead would likely be so bad that it would be useless.