we re not crazy we promise
play

Were not crazy, we promise! Trials and tribulations of a programming - PowerPoint PPT Presentation

Jan 06, 2024 •271 likes •677 views

Were not crazy, we promise! Trials and tribulations of a programming language designer Atila Neves, Ph.D. DConf 2020 1 Pertinent quotes Perfection is achieved, not when there is nothing more to add, but when there is nothing left

  1. We’re not crazy, we promise! Trials and tribulations of a programming language designer ´ Atila Neves, Ph.D. DConf 2020 1

  2. Pertinent quotes • “Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.” — Antoine de Saint-Exup´ ery • “Everything should be made as simple as possible, but not simpler.” — Albert Einstein • “Lisp programmers know the value of everything and the cost of nothing” — Alan Perlis 2

  3. Why? What? • Why do we care about @safe ? • Less is more: language design principles • What I’d like to be working on • What I’m actually working on 3

  4. Why do we care about @safe ? • Me as a user: “because I’m lazy” • Because it’s good marketing • Because leaning on the compiler is a good idea • Because defaults matter 4

  5. Types • D is a statically typed language • Nobody seems to want to change that (good!) • Type systems don’t let friends write bugs • Trade-off: ease-of-use vs defect prevention 5

  6. Memory safety = preventing bugs • Bugs due to memory safety violations are particularly costly • If type systems prevent bugs. . . leverage ours? • Goal: minimise or eliminate memory safety bugs without limiting the power of a systems programming language 6

  7. I don’t want to go back to this: // In a ~10kSLOC C++ codebase struct SomeStruct { /* .. */ }; SomeStruct onlyGodKnowsWhyThisIsHere[9]; 7

  8. Memory safety errors (single-threaded) • Out-of-bounds access • Issues calling free • double free • freeing a pointer on the stack • freeing 0x42 • freeing an aliased variable • Reading from or writing to an invalid pointer • Use after free • Pointer to popped part of the stack • Dereferencing 0x42 8

  9. Mitigations in D • Out-of-bounds: Slice access checks, foreach • Issues related to calling free : don’t • Not needed with GC allocated memory anyway • Don’t manually allocate memory • Leak? • Invalid pointer usage: . . . 9

  10. GC: automatic memory safety? • In Java and Go? Yes. In D? No. • Java doesn’t have & • Go does, but it can mean GC allocation: func NewFile(fd int, name string) *File { if fd < 0 { return nil } return &File{fd, name, nil, 0} } • D: Taking the address of locals can be an issue • D: Manually managed pointers can be an issue 10

  11. Pointers in D • Infinite lifetime • GC-allocated memory • Address of a TLS variable • Finite lifetime • Address of a local variable / parameter: fixed by DIP1000 • malloc / allocator: fixed by . . . ??? 11

  12. @safe code is easy to write With -preview=dip1000 and only GC heap allocations: • Don’t do pointer arithmetic, including slicing pointers • Don’t use slices’ .ptr property ( &slice[0] instead) • Don’t use casts See https://dlang.org/spec/function.htmlsafe-functions for more 12

  13. @safe and @nogc ? • D proudly advertises that the GC isn’t mandatory • We not so proudly omit the inevitable bugs • How can we have our GC-averse cake and eat it too? 13

  14. Goal: @safe @nogc code It’s not currently possible to write a @safe vector library type in D: auto v = vector(1, 2, 3, 4); auto s = v[]; v ~= 5; // could reallocate here s[3] = 42; // oops 14

  15. Goal: @safe @nogc code • T* should always be usable from @safe code • Infinite lifetime • Finite scoped lifetime (DIP1000) • Even if obtained from malloc (freeing however. . . ) 15

  16. Ok, @safe is great, but why by default? • Defaults matter • dub packages with dependencies can be made @safe • Fewer bugs all around 16

  17. Less is more 17

  18. Less is more The more features. . . • The harder it is to teach the language • The more bugs the implementation has • The more likely they interact in unexpected ways 18

  19. Out of few, many • Guiding principle: create few orthogonal powerful primitives • Use those powerful primitives to write everything else in • Guideline: prefer library solutions to language features • The default answer to language additions should be no 19

  20. Simplicity as a guiding principle • Simple: as defined by Rich Hickey in “Simple made easy” • Simple: unentangled, decoupled 20

  21. Simple vs complex • Pure functions vs impure ones • const vs auto • values vs references • Explicit vs implicit • algorithms vs for loops 21

  22. Case study: library-based OOP • OOP doesn’t need to be a language feature • It’s a library in Common Lisp (CLOS) • Can be used in C, but not good: • No subtyping = no type safety (hello void* my old friend) • Manual initialisation of function slots in the virtual table • Hard to find actual implementation being called — gdb to the rescue! • Do we need OOP in the language? 22

  23. Why OOP? Returning related types (mostly stolen from Louis Dionne’s talk “Runtime polymorphism: back to the basics”) struct Car { void accelerate(); } struct Truck { void accelerate(); } struct Plane { void accelereate(); } ??? getVehicle(string vehicle) { switch(vehicle) { default: throw new Exception("Unknown vehicle " ~ vehicle); case "car": return Car(...); case "truck": return Truck(...); case "plane": return Plane(...); } } 23

  24. Why OOP? Storing related types (mostly stolen from Louis Dionne’s talk “Runtime polymorphism: back to the basics”) // stores types that can accelerate ???[] vehicles; vehicles ~= Car(...); vehicles ~= Truck(...); vehicles ~= Plane(...); foreach(ref vehicle; vehicles) vehicle.accelerate; Goal: manipulate an open set of related types with different representations 24

  25. Obvious D solution: inheritance interface Vehicle { void accelerate(); } class Car: Vehicle { override void accelerate() { /* ... */ } } class Truck: Vehicle { override void accelerate() { /* ... */ } } class Plane: Vehicle { override void accelerate() { /* ... */ } } Vehicle getVehicle(string vehicle); Vehicle[] vehicles; 25

  26. Under the hood // See https://dlang.org/spec/abi.html#classes struct VehicleVTable { object.Interface instance; void function() accelerate; } struct CarImpl { immutable(void*)* __vptr; // ptr to CarVTable void* __monitor; immutable(void*)* __vptr_Vehicle; // ptr to VehicleVTable } alias Car = CarImpl*; 26

  27. Problems with inheritance • Reference semantics (aliasing issues) • Heap allocations • GC allocations might be an issue for certain applications • Non-GC allocations introduce memory management issues • Billion dollar error semantics (null) • Intrusive (types must opt-in ahead of time) • Fixed binary layout (did you want monitor? You get monitor) 27

  28. What I actually want (pseudocode) interface Vehicle { void accelerate(); } import lib: Motorcycle; // struct Motorcyle { void accelerate(); } struct Car { void accelerate(); } struct Truck { void accelerate(); } void main() { Vehicle[] vehicles = [ Car(), Truck(), Motorcyle() ]; foreach(ref vehicle; vehicles) vehicle.accelerate; } 28

  29. What D can do now import tardy; // https://github.com/atilaneves/tardy interface IVehicle { void accelerate(); } alias Vehicle = Polymorphic!IVehicle; import lib: Motorcycle; // struct Motorcyle { void accelerate(); } struct Car { void accelerate(); } struct Truck { void accelerate(); } void main() { Vehicle[] vehicles = [ Vehicle(Car()), Vehicle(Truck()), Vehicle(Motorcyle()) ]; foreach(ref vehicle; vehicles) vehicle.accelerate; } 29

  30. The library solution is more flexible • None of the problems mentioned earlier • Possibility of user-controlled policies • Small buffer optimisation • Default value or reference semantics? • What allocator to use when heap allocation is needed? • User-specified binary layout 30

  31. D is a powerful language • Let’s use it to its fullest potential • Let’s prefer library solutions to language changes • No, I don’t mean “let’s remove classes” 31

  32. What I’d like to work on • Making automem @safe • Finishing my reflection library, mirror • Lightning-fast unittest feedback • Next-gen Phobos • Easy C ++ interop • Move semantics • Implementing “Build systems ` a la carte” in D 32

  33. Reflection in D traits • • std.traits • Sometimes cumbersome • Akin to using OS threads directly 33

  34. Why mirror? Looping through struct member functions void func() { // need this for {{, can't be at module scope // {{ due to alias static foreach(memberName; __traits(allMembers, MyStruct)) {{ alias member = __traits(getMember, MyStruct, memberName); static if(isPublic!member) { // BYOT static if(isMemberFunction!member) { // BYOT static foreach(overload; __traits(getOverloads, MyStruct, memberName)) { pragma(msg, __traits(identifier, overload)); } } } 34 }}

  35. Why mirror? Looping through struct member functions import mirror; static foreach(overload; MemberFunctionsByOverload!MyStruct) { pragma(msg, __traits(identifier, overload)); } 35

  36. mirror: runtime reflection • Compile-time ¿ run-time • Compile-time reflection can generate run-time info • Issue: I don’t know of decent use cases 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE What is Pierce

PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE What is Pierce

Pierce College Promise PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE PIERCE PROMISE What is Pierce Promise? The Pierce Promise provides one year of free tuition to all full-time students graduating from your high

301 views • 19 slides
PROMISE INDIANA Technical Aspects How Promise Works February 23, 2017 HOW PROMISE WORKS

PROMISE INDIANA Technical Aspects How Promise Works February 23, 2017 HOW PROMISE WORKS

PROMISE INDIANA Technical Aspects How Promise Works February 23, 2017 HOW PROMISE WORKS Community Coalition Building Community Application Process Support for Promise Communities Technical Aspects and Innovation

304 views • 12 slides
Living the Promise: Living the Promise: Building the Future Building the Future Dale Braun

Living the Promise: Living the Promise: Building the Future Building the Future Dale Braun

Living the Promise: Living the Promise: Building the Future Building the Future Dale Braun Gregg Heinselman Nancy Devine Campus Planner Assoc. Vice Chancellor President UWRF Foundation Living the Promise: Living the Promise: Building

1.02k views • 64 slides
An introduc+on to Promise programs Promise programs differ from

An introduc+on to Promise programs Promise programs differ from

An introduc+on to Promise programs Promise programs differ from tradi+onal financial aid in that they seek to transform schools and communi0es , not simply

338 views • 12 slides
Study #5: The immovable promise Galatians 3.15-25 God made a promise of salvation, which is a

Study #5: The immovable promise Galatians 3.15-25 God made a promise of salvation, which is a

Study #5: The immovable promise Galatians 3.15-25 God made a promise of salvation, which is a free gift that depends on Him alone. Diatheke: legal term for covenant. Even we, humans, are binding to our words and should keep our promises. How

364 views • 10 slides
17 June 2020 What an exciting day weve had ad to toda day, , cel celeb ebrati rating

17 June 2020 What an exciting day weve had ad to toda day, , cel celeb ebrati rating

17 June 2020 What an exciting day weve had ad to toda day, , cel celeb ebrati rating ng crazy razy hai air r da day y ! ! The The ch children dren lined ned up up for or thei their r cu cute te and nd crazy crazy

379 views • 6 slides
Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home

Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home

2021 Budget Brief An Agency of the State of Vermont Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home Governor Scotts Priority Initiative- We Protect Vermonts most Vulnerable Heroes

870 views • 37 slides
Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home

Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home

2020 Budget Brief An Agency of the State of Vermont Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home Governor Scotts Priority Initiative- We Protect Vermonts most Vulnerable Heroes by

456 views • 42 slides
Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home We care

Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home We care

2019 Budget Brief An Agency of the State of Vermont Fulfilling the Promise It all starts with the Promise At the Vermont Veterans Home We care for Vermonts most Vulnerable Heroes Fulfilling the Promise 2 It all starts with the

1.24k views • 86 slides
Generosity: Faith Promise 14-15: Current Goal: $30,000 Received (So Far): $29,263 Faith

Generosity: Faith Promise 14-15: Current Goal: $30,000 Received (So Far): $29,263 Faith

Generosity: Faith Promise 14-15: Current Goal: $30,000 Received (So Far): $29,263 Faith Promise: Missionaries: Mills in Thailand Stocks in SE Asia Robertsons in Chile Faith Promise: Church Plants: Riverside Community Cartersville

340 views • 17 slides
2016-2017 School Board Presentation October 10, 2017 Our Equity Promise Our promise:

2016-2017 School Board Presentation October 10, 2017 Our Equity Promise Our promise:

Mounds View Schools Equity Promise Accountability Report 2016-2017 School Board Presentation October 10, 2017 Our Equity Promise Our promise: Programs and services will be in place at all schools to ensure that race, class, and

769 views • 39 slides
Outline Background on Ketamine The Promise and Perils of Ketamine The Promise

Outline Background on Ketamine The Promise and Perils of Ketamine The Promise

Outline Background on Ketamine The Promise and Perils of Ketamine The Promise Single Infusion Therapy for TRD, Suicidal in Psychiatric Practice Ideation, PTSD Continuation Therapy Sanjay J. Mathew, MD The Perils

577 views • 9 slides
How to create slides about CMake with CMake? https://github.com/train-it-eu/remark-cmake Mateusz

How to create slides about CMake with CMake? https://github.com/train-it-eu/remark-cmake Mateusz

How to create slides about CMake with CMake? https://github.com/train-it-eu/remark-cmake Mateusz Pusz November 16, 2018 CMake? Are you crazy? Why? 2 CMake? Are you crazy? Why? 2 CMake? Are you crazy? Why? Brings benefits for large slide

572 views • 27 slides
SECOND ROUND PROMISE ZONE DESIGNATION Tribal Promise Zones September 29, 2014

SECOND ROUND PROMISE ZONE DESIGNATION Tribal Promise Zones September 29, 2014

SECOND ROUND PROMISE ZONE DESIGNATION Tribal Promise Zones September 29, 2014 www.hud.gov/promisezones Presenters Valerie Piper Deputy Assistant Secretary for Economic Development U.S. Department of Housing and Urban Development Leslie

243 views • 20 slides
DALLAS COUNTY WHAT IS IT? PROMISE DALLAS COUNTY PROMISE Covers the gap between financial aid

DALLAS COUNTY WHAT IS IT? PROMISE DALLAS COUNTY PROMISE Covers the gap between financial aid

DALLAS COUNTY WHAT IS IT? PROMISE DALLAS COUNTY PROMISE Covers the gap between financial aid and the cost of TUITION for up to three years or associate degree completion (whichever comes first) at any Dallas County Community College and a

236 views • 7 slides
The intoxication of the reverse The intoxication of the reverse prosthesis prosthesis Which one

The intoxication of the reverse The intoxication of the reverse prosthesis prosthesis Which one

9/27/2016 Complex Scenarios, Decision making, and Complications in Total Shoulder Arthroplasty W.Z. Burkhead Jr. The Carrell Clinic Dallas, Texas Disclosure These Opinions are those of a Crazy Texan and may only apply to Crazy Texas patients and

447 views • 17 slides
Can Block Iterative Eigensolvers Fulfill their Performance Promise? Jonas Thies Melven R

Can Block Iterative Eigensolvers Fulfill their Performance Promise? Jonas Thies Melven R

www.DLR.de Chart 1 &gt; SPPEXA16 &gt; J. Thies Block Sparse Solvers &gt; 2016-01-25 Can Block Iterative Eigensolvers Fulfill their Performance Promise? Jonas Thies Melven R ohrig-Z ollner Achim Basermann DLR Simulation and

802 views • 17 slides
Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam Concordia University

Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam Concordia University

Securing PIM-SM Link- Local Messages J.W. Atwood Salekul Islam Concordia University draft-atwood-pim-sm-linklocal-01 1 Problem Statement n PIM-SM draft says n Recommend AH n Assume manual keying, but allow automatic n If IPsec, MUST

552 views • 10 slides
Discourse Coherence Lecture Plan: Einf uhrung in Pragmatik Discourse cohesion and

Discourse Coherence Lecture Plan: Einf uhrung in Pragmatik Discourse cohesion and

1 Discourse Coherence Lecture Plan: Einf uhrung in Pragmatik Discourse cohesion and coherence Coherence relations und Texttheorie Sources of discourse structure Discourse Structure Theory (Grosz&amp;Sidner86) Discourse

412 views • 14 slides
Professional Communication in Computer Science Responsible Conduct in Science II Jiri Srba

Professional Communication in Computer Science Responsible Conduct in Science II Jiri Srba

Professional Communication in Computer Science Responsible Conduct in Science II Jiri Srba Lecturer: Jiri Srba, 1.2.32, srba@cs.aau.dk 1 / 17 Todays Plan Misconduct in science. (Case story by M. Nielsen.) Conflict of interest. (Case story

874 views • 17 slides
Round elimination in exact communication complexity Teresa Piovesan Joint work with et, Harry

Round elimination in exact communication complexity Teresa Piovesan Joint work with et, Harry

Round elimination in exact communication complexity Teresa Piovesan Joint work with et, Harry Buhrman, Debbie Leung + Jop Bri &amp; Florian Speelman ( + University of Waterloo) 20 th Combinatorial Optimization Workshop Aussois, 6 January 2016

870 views • 66 slides
Programming Abstractions Week 13-1: Streams Stephen Checkoway What is printed by this code?

Programming Abstractions Week 13-1: Streams Stephen Checkoway What is printed by this code?

Programming Abstractions Week 13-1: Streams Stephen Checkoway What is printed by this code? (let* ([x 10] [y x]) (set! x 20) (displayln y)) A. 10 B. 20 C. It's an error 2 What is printed by this code? (let* ([x 10] [y (delay x)]) (set! x

496 views • 20 slides
Streams Announcements Efficient Sequence Processing Sequence Operations Map, filter, and reduce

Streams Announcements Efficient Sequence Processing Sequence Operations Map, filter, and reduce

Streams Announcements Efficient Sequence Processing Sequence Operations Map, filter, and reduce express sequence manipulation using compact expressions Example: Sum all primes in an interval from a (inclusive) to b (exclusive) def sum_primes (a,

432 views • 17 slides
CPL 2016, week 6 Asynchronous execution Oleg Batrashev Institute of Computer Science, Tartu,

CPL 2016, week 6 Asynchronous execution Oleg Batrashev Institute of Computer Science, Tartu,

CPL 2016, week 6 Asynchronous execution Oleg Batrashev Institute of Computer Science, Tartu, Estonia March 14, 2016 Overview Studied so far: 1. Inter-thread visibility : JMM 2. Inter-thread synchronization : locks and monitors 3. Thread

617 views • 30 slides

More recommend