Insulating layer?

Posted Oct 14, 2024 19:42 UTC (Mon) by khim (subscriber, #9252)
In reply to: Insulating layer? by Wol
Parent article: On Rust in enterprise kernels

> If it merely returns whether or not "be" is initialised, then how can the optimiser assume that it is initialised?

That's easy: because correct program is not supposed to read uninitialized variable it can conclude that on all branches where it's read it's successfully initilialized. Then it's responsibility of developer to fix code to ensure that

> But that would be obvious from the type system, no?

Nope. When you call read(2) nothing in the typesystem differs for return values that are larger and smaller than zero.

Insulating layer?

Posted Oct 14, 2024 20:19 UTC (Mon) by Wol (subscriber, #4433) [Link] (9 responses)

> > If it merely returns whether or not "be" is initialised, then how can the optimiser assume that it is initialised?

> That's easy: because correct program is not supposed to read uninitialized variable it can conclude that on all branches where it's read it's successfully initilialized. Then it's responsibility of developer to fix code to ensure that

Circular reasoning !!! Actually, completely screwy reasoning. If do_init() does not alter the value of "be", then the compiler cannot assume that the value of "be" has changed!

Let's rephrase that - "Because a SAFE *function* is not supposed to read an uninitialised variable".

to_be_or_not_to_be() knows that "be" can be 'undef'. Therefore it either (a) can apply boolean logic to 'undef' and return a true boolean, or (b) it has to return an "unsafe boolean", or (c) it's a compiler error. Whichever route is chosen is irrelevant, the fact is it's just *logic*, not hardware, and it's enforceable by the compiler. In fact, as I understand Rust, normal compiler behaviour is to give the programmer the ability to choose whichever route he wants!

All that matters is that the body of to_be_or_not_to_be() is marked as unsafe code, and the return value is either a safe "true boolean", or an unsafe boolean that could be 'undef'. At which point the calling program can take the appropriate action because IT KNOWS.

Cheers,
Wol

Insulating layer?

Posted Oct 14, 2024 20:31 UTC (Mon) by khim (subscriber, #9252) [Link]

> In fact, as I understand Rust, normal compiler behaviour is to give the programmer the ability to choose whichever route he wants!

Nope. Normal compiler behavior is still the same as in C: language user have to ensure program doesn't have any UBs.

The big difference is that for, normal, safe, subset of Rust it's ensured by the compiler. But for unsafe Rust it's still resposibility of the developer to ensure that program doesn't violate any rules WRT UB.

> to_be_or_not_to_be() knows that "be" can be 'undef'.

Nope. It couldn't be undef. In Rust MaybeUninit<bool> can be undef, but regular bool have to be either true or false. Going from MaybeUninit<bool> to bool when it's undef (and not true or false) is an instant UB.

> At which point the calling program can take the appropriate action because IT KNOWS.

How does it know? You couldn't look on MaybeUninit<bool:gt; and ask it whether it's initialized or not. It's still very much a resposibility of Rust user to ensure that program doesn't try to convert MaybeUninit<bool> which contains undef into normal bool.

Insulating layer?

Posted Oct 14, 2024 20:41 UTC (Mon) by daroc (editor, #160859) [Link] (7 responses)

I think that using three exclamation marks in a row might be a sign that this back-and-forth is not going anywhere in particular. This is a worthy discussion topic, but I'm not sure the last few comments have added anything new.

Insulating layer?

Posted Oct 14, 2024 23:43 UTC (Mon) by atnot (subscriber, #124910) [Link] (6 responses)

> This is a worthy discussion topic, but I'm not sure the last few comments have added anything new.

I agree it may have been a worthy topic once upon a time. But when the same two people (khim and wol) have the same near-identical drawn out discussions for dozens of messages a week in every amenable thread to the point of drowning out most other discussion on the site (at least without the filter) and making zero progress on their positions over a span of at least 2 years, perhaps some more action is necessary.

Insulating layer?

Posted Oct 15, 2024 10:13 UTC (Tue) by Wol (subscriber, #4433) [Link] (5 responses)

Apologies. I try not to respond to khim any more.

Unfortunately, I suspect the language barrier doesn't help. I think sometimes we end up arguing FOR the same thing, but because we don't understand what the other one is saying we end up arguing PAST each other.

Cheers,
Wol

Insulating layer?

Posted Oct 15, 2024 11:15 UTC (Tue) by khim (subscriber, #9252) [Link] (4 responses)

> Unfortunately, I suspect the language barrier doesn't help.

It could be a language barrier but I have seen similar discussions going in circles endlessly with a pair of native speakers, too, thus I suspect problem is deeper.

My feeling is that it's ralated to difference between how mathematicians apply logic and laymans do it.

> I think sometimes we end up arguing FOR the same thing, but because we don't understand what the other one is saying we end up arguing PAST each other.

No, that's the issue. The big problem with compiler development (and language development) lies in the fact that compiler couldn't answer any interesting questions about semantics of your program.

And that's why we go in circles. Wol arguments usually come in the form of:

Compiler can do “the right thing” or “the wrong thing”
“The wrong thing” is, well… wrong, it's bad thus compilers have to do “the right thing”

And my answer comes in the form of:

Sure, we may imagine compilers that do “the right thing” or “the wrong thing”
Except usually “the wrong thing” is, possible to implement while “the right thing” is impossible to implement
We are stuck with “the wrong thing” this talking about “the right thing” is pointless
We may try to mitigate consequence of doing “the wrong thing” using some alternate approaches

And Wol ignores the most important #2 step from my answer and goes back to “compilers should do “the right thing”… even if I have no idea how can they do that”.

I have no idea why is it so hard for layman to accept that compilers are not omnipotent and compiler developers are not omnipotent either, that there are things that compilers just could never do… but that's the core issue: “we code for the hardware” guys somehow have a mental model of a compiler which is both simulatentously very simple (as discussion about how modern compilers introduce shadow variables for each assignment show) and infinitely powerful (as discussions about what compiler have to detect and report show).

I have no idea how compiler can be simultaneously primitive and yet infinitely powerful, that's definitely a barrier right there, but it's not a “native speaker” vs “non-native speaker” barrier.

And I continue the discussion to see if that barrier could be broken, somehow – because in that case C/C++ would have a chance! If that barrier could be broken then there's a way to reform the C/C++ “we code for the hardware” community!

But so far it looks hopeless. Safe languages would still arrive, they would just have to arrive the sad way, one funeral at time way. And that would be the end of C/C++, because “one funeral at time” approach favors transition to the new language.

Insulating layer?

Posted Oct 15, 2024 16:18 UTC (Tue) by atnot (subscriber, #124910) [Link]

I think this is a very tonedeaf way to respond to someone agreeing to finally stop participating in a discussion has been unproductive for years. Even if the powers that be continue to tolerate it, perhaps it's time to practice the (admittedly difficult) skill of letting someone be "wrong on the internet", for the sake of the rest of us.

Insulating layer?

Posted Oct 15, 2024 16:42 UTC (Tue) by intelfx (subscriber, #130118) [Link] (2 responses)

One has to have a non-trivial amout of gall to unapologetically continue to paint oneself as a "mathematician" and attack your opponent as a "layman"... immediately after you were asked to stop not just the attacks, but the entire argument.

Insulating layer?

Posted Oct 15, 2024 21:58 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

And to say I'm not a mathematician ... well I don't necessarily understand symbolic logic, and I don't have a COMPUTER degree, but I've got an Honours in Science (Maths, Physics and Chemistry). And I've got a Masters, too (in technology, though I'm much less impressed with the value of that degree than the plain Bachelors). And I've got a very good ituition for "this argument sounds screwy" ...

And when I try to argue LOGICally, if people argue straight past my logic and don't try show me what's wrong with it, I end up concluding they have to be attacking the messenger, because they are making no attempt to attack the message.

Khim is saying Science advances one funeral at a time, but it'll be his funeral not mine - if you look back over what I've written it's clear I've learnt stuff. Don't always remember it! But as I've said every now and then in the past, you need to try to understand what the other person is arguing. I get the impression khim finds that hard.

Cheers,
Wol

Insulating layer?

Posted Oct 15, 2024 22:13 UTC (Tue) by daroc (editor, #160859) [Link]

Alright, I think that's a fairly clear personal attack. Probably I should have said something after khim's message. Sorry, Wol, for not stepping in at that point. But in either case, this topic should end here.