| |
| Posted by Richard (Rikki) Andrew Cattermole in reply to Paul Backus | PermalinkReply |
|
Richard (Rikki) Andrew Cattermole
Posted in reply to Paul Backus
| On 31/01/2023 7:49 AM, Paul Backus wrote:
> On Monday, 30 January 2023 at 18:33:57 UTC, Richard (Rikki) Andrew Cattermole wrote:
>> If we hired some people then yes 1&2 (but not 3). Otherwise we are stuck with changing the goal posts from perfect to good enough for the time being. As Andrei use to say: perfect is the enemy of the good; which is unfortunately what I think we need to strongly consider here. We have what appears to be a pretty decent path forward for 'good'.
>
> I'm not opposed to the idea of moving the goalposts in principle, I am just not sure where you are proposing that we move them to. :) It seems like every time I ask, I get a different answer.
I'm not expressing myself clearly enough but the goal posts I'm recommending are the same as at the start. Check as much as possible with @safe, but let data structures be responsible for as much of the life time guarantees wrt. allocators as possible.
Perfect solution: all code is mechanically checked.
Good solution: library and under the hood code gets audited, user code of the library code gets mechanically checked.
Let's have a good solution, then try to figure out if we can remove restrictions and get a perfect solution in the library code as well.
>> It shouldn't matter what allocator library you use. Either it works or it doesn't. The compiler shouldn't care whose code it is, only the lifetime patterns.
>
> For example: I agree with this paragraph in principle, but isn't this one of the goalposts that you were just saying we should be willing to move?
I'm half and half. Stuff like @localsafe would mean that I think that allocators should all be @system in API. I'm genuinely reconsidering it for my own because of this thread.
But in terms of hard coding into the compiler std.allocators vs sidero.base.allocators yeah no. It shouldn't do that, which is what the quoted statement was about. If both API's match, then the compiler should treat them the same way in terms of lifetime management.
|