Temporally safe by default
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Tue Apr 9 12:54:24 UTC 2024
On 09/04/2024 7:17 PM, Dukc wrote:
> However, I think you're advocating for something like `@live`. That is,
> a type that's destroyed in RAII fashion but that can be passed from one
> function to another, without risking dangling references, and you also
> want it to work between threads.
``@live`` is a lint over a single function, not over the entire program.
Outside of known enforced temporally safe function, yes its going to
have to be type qualifier based to give those guarantees.
Hence isolated which requires the DFA as provided by type state analysis
to work (wrt. reachability). If you want to see what a less well made
version of this looks like, look at ``@live`` and its holes.
Of course when you're in a temporally ``@safe`` code, you really want to
know that the compiler won't let you do the wrong thing. Regardless of
if it's based upon isolated, atomics, locking ext. Bringing it all
together will allow people to pick the right tool for the job rather
than a specific one that other languages like Rust enforce.
More information about the dip.ideas
mailing list