←back to thread

Tree Borrows

(plf.inf.ethz.ch)
573 points zdw | 6 comments | 09 Jul 25 14:40 UTC | HN request time: 0.817s | source | bottom
Show context
fuhsnn ◴[09 Jul 25 16:35 UTC] No.44512042[source]
I wonder if Rust or future PL would evolve into allowing multiple borrow checker implementations with varying characteristics (compile speed, runtime speed, algorithm flexibility, etc.) that projects can choose from.
replies(9): >>44512293 #>>44512361 #>>44512426 #>>44512597 #>>44512841 #>>44513554 #>>44513949 #>>44516880 #>>44516995 #
1. 0x000xca0xfe ◴[09 Jul 25 17:19 UTC] No.44512597[source]
As I understand it the borrow checker only has false negatives but no false positives, correct?

Maybe a dumb question but couldn't you just run multiple implementations in parallel threads and whichever finishes first with a positive result wins?

replies(2): >>44512965 #>>44517616 #
2. vlovich123 ◴[09 Jul 25 17:53 UTC] No.44512965[source]
This presumes that checking composes which may not if you have orthogonal checker implementations. You might end up risking accepting an invalid program because part of it is valid under one checker, part under another, but the combination isn't actually valid. But maybe that's not actually possible in practice.
replies(1): >>44515079 #
3. afdbcreid ◴[09 Jul 25 21:52 UTC] No.44515079[source]
Borrow checking is function-local, so if the opsem model is the same and you run the different checkers per-function, there is no such risk.
replies(1): >>44517102 #
4. vlovich123 ◴[10 Jul 25 04:15 UTC] No.44517102{3}[source]
I’ll take your word for that although it feels like there may be other cases. Even still there is the subtle problem that bugs in the proof checkers now result in O(n^m) safety issues because an incorrectly accepted program is more likely to get through 1 of the borrow checkers (similar to how in a distributed system adding single points of failure results in exponentially decreasing reliability).
5. creata ◴[10 Jul 25 05:34 UTC] No.44517616[source]
> As I understand it the borrow checker only has false negatives but no false positives, correct?

The borrow checker is supposed to be a sound static analysis, yes. I think Ralf Jung's comment at https://news.ycombinator.com/item?id=44511416 says soundness hasn't been proved relative to tree borrows yet.

> Maybe a dumb question but couldn't you just run multiple implementations in parallel threads and whichever finishes first with a positive result wins?

IIUC when you're compiling reasonably-sized programs you're already using all the cores, so parallelizing here doesn't seem like it's going to net you much gain, especially if it means you're doing a lot of extra work.

replies(1): >>44518971 #
6. 0x000xca0xfe ◴[10 Jul 25 09:14 UTC] No.44518971[source]
Thanks, didn't see that!

> when you're compiling reasonably-sized programs you're already using all the cores

Only on full rebuilds. I would assume most build jobs with a human in the loop only compile a handful of crates at once.

In fact as CPUs get more and more parallel we'll cross the threshold where thread count surpasses work items more often and then will come the time to get creative ;)