On Wed, May 23, 2018 at 4:05 PM, Jet Villegas <jville...@mozilla.com> wrote:
> I'd rather see the committee focus on things like object lifetime management
> so we don't have to port everything to Rust just to get basic memory safety
> guarantees. How much leverage do we have to push on that?
I assume you mean "push for better object lifetime management" rather
than "push against the 2D graphics proposal".
The only current proposal that I'm aware of in this area is P0936R0
("Bind Returned/Initialized Objects to the Lifetime of Parameters")
[1]. This aims to extend C++'s lifetime extension rules to "see
through" suitably annotated function / constructor calls, such that
objects bound to parameters of such a function / constructor are kept
alive for the lifetime of the return value / constructed object (so
the annotation basically means "this function returns an object /
constructs an object that refers to its parameters, and therefore that
object should not outlive the parameters").
This is far from a "borrow checker" (indeed, it doesn't *catch*
lifetime errors, it *avoids* them by making certain objects live
longer), but it may be a step in the right direction. I would be
interested to hear some opinions on this proposal from C++ Mozilla
engineers: do we think a proposal like this would materially improve
our C++ usage from an ergonomic and/or safety perspective?
If we like this proposal, we can certainly advocate for it when it's
presented, and vote for it if it comes up for a vote. (Procedurally,
the proposal was submitted prior to the previous meeting, and was not
looked at during the previous meeting because the Evolution Working
Group has a backlog of proposals. It will, hopefully, be looked at
during this coming meeting.) I will also keep a close eye on the
discussion, and report back any counter-arguments / concerns so we can
discuss and potentially respond to them. (So far, the main concern
I've heard is that by things "just working" without explicit lifetime
management more often, we would be lulling C++ programmers into a
false sense of safety.)
Beyond that, we could consider authoring additional proposals in this
area. As this is a tricky area of the language, we may want to
consider prototyping any proposal (either as a pure library, or via
modifications to our clang plugin) prior to submitting it.
There is also work being done in this area outside the formal
standards process, in the form of the C++ Core Guidelines [2] (some of
which can be checked statically) and the accompanying Guideline
Support Library [3], and in the form of Microsoft's lifetime checker
[4], though that seems to be progressing very slowly, and even though
I ask for an update at every meeting, I haven't seen much of substance
there.
Cheers,
Botond
[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p0936r0.pdf
[2] https://github.com/isocpp/CppCoreGuidelines
[3] https://github.com/Microsoft/GSL
[4]
https://blogs.msdn.microsoft.com/vcblog/2016/03/31/c-core-guidelines-checkers-preview-of-the-lifetime-safety-checker/
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
