←back to thread

Tree Borrows

(plf.inf.ethz.ch)
573 points zdw | 2 comments | 09 Jul 25 14:40 UTC | HN request time: 0.44s | source
Show context
jcalvinowens ◴[09 Jul 25 18:21 UTC] No.44513250[source]
> On the one hand, compilers would like to exploit the strong guarantees of the type system—particularly those pertaining to aliasing of pointers—in order to unlock powerful intraprocedural optimizations.

How true is this really?

Torvalds has argued for a long time that strict aliasing rules in C are more trouble than they're worth, I find his arguments compelling. Here's one of many examples: https://lore.kernel.org/all/CAHk-=wgq1DvgNVoodk7JKc6BuU1m9Un... (the entire thread worth reading if you find this sort of thing interesting)

Is Rust somehow fundamentally different? Based on limited experience, it seems not (at least, when unsafe is involved...).

replies(11): >>44513333 #>>44513357 #>>44513452 #>>44513468 #>>44513936 #>>44514234 #>>44514867 #>>44514904 #>>44516742 #>>44516860 #>>44517860 #
dzaima ◴[09 Jul 25 18:42 UTC] No.44513468[source]
Rust's aliasing rules are very different from C's.

In C you have a nuclear `restrict` that in my experience does anything only when applied to function arguments across clang & gcc, and type-based aliasing which is both not a generally-usable thing (don't have infinite different copies of the int64_t type (and probably wouldn't want such either)), and annoying (forces using memcpy if you want to reinterpret to a different type).

Whereas with Rust references you have finely-bounded lifetimes and spans and mutability, and it doesn't actually care about the "physical" types, so it is possible to reinterpret memory as both `&mut i32`/`&i32` and `&mut i64`/`&i64` and switch between the two for the same memory, writing/reading halves of/multiple values by the most bog standard Rust safe reads & writes, as long as the unsafe abstraction never gives you overlapping `&mut` references at the same time, or split a `&mut` into multiple non-overlapping `&mut`s.

replies(1): >>44517043 #
nhaehnle ◴[10 Jul 25 03:59 UTC] No.44517043[source]
> don't have infinite different copies of the int64_t type

You can make some, though!

Basically, the idea is to define a class template NoAlias<T, Tag> that contains a single value of type T. Implement operators etc. to make the type useful in practice for working with the wrapped value. Type-based alias rules mean that an access to the value wrapped in NoAlias<int64_t, Tag1> can never alias a value wrapped in NoAlias<int64_t, Tag2>. (Tag1 and Tag2 can just be forward-declared structs that are never defined.)

One time, I even encountered a situation where this was mildly useful.

replies(2): >>44517059 #>>44517421 #
saagarjha ◴[10 Jul 25 04:03 UTC] No.44517059[source]
Of course this is substantially less doable in C :(
replies(1): >>44517187 #
1. nhaehnle ◴[10 Jul 25 04:31 UTC] No.44517187[source]
Fair point, yeah. The general concept should still apply, you could maybe wrap it in some macros, but it is going to be more awkward mostly because of the lack of operator overloading.
replies(1): >>44519258 #
2. dzaima ◴[10 Jul 25 10:00 UTC] No.44519258[source]
Yeah, I meant specifically C in an ergonomic way with operators working on them and being passable to existing functions.

Though wrapping in different structs doesn't seem to even make gcc & clang properly optimize utilizing the types as non-aliasing: https://godbolt.org/z/r1MT9W9db. Clang just completely fails to do anything, but gcc somehow manages to reorder the load but not do the trivial part of constant-propagating afterwards..