[Dlang-internal] DIP1000 discussion and testing

Martin Nowak via Dlang-internal dlang-internal at puremagic.com
Fri Oct 21 04:39:27 PDT 2016 

On Friday, 21 October 2016 at 06:04:41 UTC, Walter Bright wrote:
>> So far you have only given answers regarding technical 
>> trivialities
>
> That is true, but we must reach mutual understanding on how 
> those trivialities work before we can do more. So far, we have 
> not.

I think we all agree on which overall goal we're trying to 
achieve, @safe deterministic memory management.
So the primitives of DIP1000 need to prove that they properly 
cover the reference escaping part of that goal.

1. Default initializers have infinite lifetime.
    lifetime(e.init) = ∞

    Non default initializers are treated as default init followed 
by an assignment.

2. The sticky lifetime axiom.

    Assignment `v = e` changes lifetime(v) to lifetime(e) if v is 
a pointer or reference.

3. The safe reference axiom.

    Can't assign an expression e to a variable v if that
    would change lifetime(v) so that lifetime(v) < reachability(v).

4. The conservative lifetime axiom.

    lifetime(func(args)) = min(∞, argmin_{e ∈ A}(lifetime(e)))
    with A = {a ∈ args | canAlias(returnType(func), typeof(a))}

    The lifetime of a function call expression, is the minimum of 
infinity and the
    lifetime of all arguments that could be referenced by the 
return type.
    (Shouldn't be type here b/c scope is a storage class and not 
part of the type)

5. The conservative escape axiom.

    The reachability of non-scope ref or pointer paramters is 
assumed to be ∞.

    Hence it's not allowed to assign expressions with finite 
lifetime to non-scope parameters, though the compiler might infer 
scope for parameters.

If this works out we guarantee lifetime(v) ≥ reachability(v) in 
@safe code.

The rest should be deducible using the rules from 
https://github.com/dlang/DIPs/blob/731255ed7dc37d596fec0552013f0e12c68f7bea/DIPs/DIP1000.md#aggregates.

The problem that remains could be stated as lifetime tunneling.

Given `v2 = func(v1)` lifetime(v2) = lifetime(v1) according to 5.
Changing lifetime(v1) by `v1 = e` can change lifetime(v2) to < 
reachability(v2).

More information about the Dlang-internal mailing list