Comment by Animats
7 years ago
Backpointers aren't that bad. You have two pointers, locked together by a simple invariant. That invariant has to be valid both before and after any operation on either pointer or deletion of either object. The problem is that in most languages, it's hard to talk about an invariant between two variables. But what you have to check or prove is trivial. You don't need a full theorem prover, just some standard compiler-type checks.
That's what I'm getting at here. There are only a few special cases where you really need unsafe code. Backpointers, partially initialized arrays, and foreign functions cover most of it. Yes, you can construct fancy situations like hash maps where there's some performance benefit in having complicated sparse arrays of pointers interspersed with junk. Is it worth it? Zeroing memory is cheap. Go zeros everything and doesn't seem to suffer.
The use case of Rust is memory safety without garbage collection. Keep that in mind. Try not to get too clever. Too much "unsafe", and it will break. Not just through coding bugs. Because someone will change something that was based on an implicit assumption made in the past by another.
You don't get to hand-wave away the complexity by just asserting that it is trivial. The hard part of all static analysis tools is reasoning about pointers.
> Go zeros everything and doesn't seem to suffer.
What are you referring to by this? For most CPU bound things, Go is measurably slower than Rust. If you mean that Go is successful as a language, well... that's almost like saying "why do you need structs/value types? Python allocates everything and doesn't seem to suffer". The languages have different domains/primary targets.