Temporally safe by default

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Thu Apr 4 12:42:07 UTC 2024 

On 05/04/2024 1:32 AM, Dukc wrote:
> On Thursday, 4 April 2024 at 06:45:44 UTC, Richard (Rikki) Andrew 
> Cattermole wrote:
> 
>>> Can you please write a code example or two? Doesn't have to be 
>>> anything with a nailed-down syntax, but it's really hard to be sure 
>>> what you're suggesting without one.
>>
>> Okay so you need something a bit bigger picture for temporally safe?
>>
>> My way of working would mean I would need to solve isolated and then 
>> temporally safe before I can do that.
>>
>> It might be a while before it all comes together for me to be able to 
>> do it concretely.
> 
> I mean, given you're posting this as a new thread in the DIP ideas 
> forum, I'm assuming you have a language improvement idea to present and 
> want some informal feedback for it. But I don't get from your posts what 
> exactly you're proposing, only that it's some sort of improvement to 
> `@safe`.

Okay yes, you want some big picture overview.

Temporal safety is about making sure one thread doesn't stomp all over 
memory that another thread also knows about.

So this is locking, ensuring only one thread has a reference to it, 
atomics ext.

Moving us over to this without the edition system would break everyone's 
code. So it has to be based upon this.

So the question of this thread is all about how do we annotate our code 
to indicate its temporally safe and how does it map into older editions 
view of what safe is. There is at least three different solutions to 
this that I have come up with.

Escape analysis wrt. DIP1000 is only a very small part of such a system. 
But it all plays together to give us what is known as program security.

Program security is what the CS field has been working towards since the 
80's. Its about guaranteeing that a program will work as expected 
guaranteed. We are no where near that, it'll need a proof assistant for 
full blown program security, however temporal safety will get us most of 
the way there.

I know Walter has seen the writing on the wall for PL's if they don't 
have it ~5 years ago. Hence DIP1000 and @live. However I don't know how 
far along the path he has gone. I'm waiting on him talking with Adam 
Wilson this month to find that out to know how to proceed with type 
state analysis (which is a building block to make it all work nicely 
together).

More information about the dip.ideas mailing list