Temporally safe by default

Dukc ajieskola at gmail.com
Tue Apr 9 08:16:22 UTC 2024


On Monday, 8 April 2024 at 19:59:55 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
> No library features can stop it either, unless you want to 
> check ref counts (which won't work cos ya know graphs).

I think you are losing sight of the big picture.

The big picture is we already have a fine safety mechanism for 
majority of the cases, the garbage collector! It also just works 
with graphs.

Ownership and/or reference counting are needed for some cases. I 
suspect they're more important than "system programming is niche" 
arguments suggest because you don't always use them for RAM 
memory, but also things like [file or thread 
handles](https://theartofmachinery.com/2018/12/05/gc_not_enough.html). However, managing access to other resources than RAM memory is a lot easier since you don't have to deal with the possibility of escaped pointers to the resource you're protecting, and already well supported by the present language.

What we're left with are the cases where you need to manage RAM 
but the GC won't do. This is a niche area. D needs to support it 
since systems programming is in it's domain, but it isn't a case 
worth optimising much.

Since forever D has supported doing these by simply marking the 
manual memory handling code `@system`. This is already a 
reasonable standard considering how rarely you need to do it. D 
where it's currently going to does better with DIP1000, `@system` 
variables and move constructors, enabling, in principle, safely 
doing most of what Rust can do. It's true that ref counting and 
borrowing are more ergonomic to use in Rust than in D since the 
language is built around those, and probably it enables doing 
something safely that D doesn't.

But so what? Rust does better in a case which is far from your 
worst problems in D either even if you always dabble at the low 
level. If D implements a type system addition to match Rust, it 
complicates the whole language but improves it only in a very 
narrow case.

Also, Rust is a first-and-foremost systems programming language. 
D is a hybrid systems and application programming language. What 
is worthwhile for one language isn't always worthwhile for the 
other.

As for "ref counting doesn't work because of graphs" - I'm not 
sure, but probably this can be worked around somehow without 
forcing client to use `@system` the GC. Rust manages it somehow 
after all. But even if that isn't the case, it's a small corner 
case that doesn't affect the big picture.


More information about the dip.ideas mailing list