Missed that. My bad.

They did put the number in the title (but yes it should be a link, and I almost posted the same thing).

a1phyr: > I don't think so. Adding a supertrait to `Read` would be a breaking change Note that I wrote that assuming we landed the "allow splitting traits without it being a breaking change" work first, since that's something we want in lots of other places too.

When cross posting please post a link to the original: The memory order of the store to `weak` in `is_unique` is over-strict · Issue #149376 · rust-lang/rust · GitHub

kpcyrd: > `BTreeMap::from_iter(map.into_iter().map(f))` With specialization this could be made to just work™, similar to Vecs.

a1phyr: > I am surprised to hear that. Doesn't `#[global_allocator]` work on these platforms as well? What prevent using the same technique with EII? For `#[global_allocator]` we currently create an object file (the allocator shim) which contains functions that forward to the default impl. It mostly works for the global allocator, but it means that you can't just link rlibs together. You either have to use rustc or depend on implementation details. And it is currently confined to the standard library. EII would expose it directly to users, which have much more ways to misuse it. And already the allocator shim is breaking LTO when you compile for multiple crate types at once with said crate types disagreeing if the allocator shim needs to be linked in or not (eg you compile an rlib and dylib at the same time).

a1phyr: > I don't think so. Adding a supertrait to `Read` would be a breaking change On Zulip there's some discussion indicating this might be possible

Thanks everyone for your replies! bjorn3: > Default impls are the hardest part of EII to implement. Several targets don't support weak symbols at all or have rather buggy support. This includes the windows-gnu targets where weak symbols are non-functional and windows-msvc where exporting weak symbols from dylibs requires a hacky implementation. I am surprised to hear that. Doesn't `#[global_allocator]` work on these platforms as well? What prevent using the same technique with EII? josh: > I think we could manage to move a fair bit of `io` to `alloc` or even to `core`, by relying on the fact that all of `core`/`alloc`/`std` are one coherence domain. This is interesting to know indeed. While splitting the definition of `io::Error` would be complex, splitting the methods could enable something like "manual EII" (where constructing an `Error` from raw OS error would require providing the necessary functions). scottmcm: > I also wonder how much most of the code involved in these _traits_ really care what the error types are? For example, could we have a `GenericRead` with an associated `Error` type, so that std's `Read` is just `trait Read : super GenericRead<Error = io::Error> {}`? I don't think so. Adding a supertrait to `Read` would be a breaking change, and blanket impls from `GenericRead<io::Error>` to `Read` would be complex with the exiting `impl<R> Read for &mut R`. I think that it would require something like specialization lattice? Also code using these traits often rely on the fact that they can create a custom `io::Error`. Just in `std`, you have instances of this in `Read::read_exact`, `Read::read_to_string`, `Write::write_all`, plus OOM handling in `Read::read_to_end` (and probably more). And it would be nice to keep having these specific ones constants. Additionally, I fear that creating new traits would split the ecosystem. Overall, I think that doing the work to migrate the existing traits is easier and better than working around it. kornel: > The `std::error::Error` got split to be possible to expose it in `core`. Maybe `io::Read`/`io::Write` could get a similar treatment? Note that this is the `impl` block of the **type** `dyn std::error::Error` that is split, not the definition of the **trait**. That is why my proposal is only to migrate to `alloc` for now.

Okay, but my point stands - it's still a tree and insertions still require traversal and balancing, so copying the original tree's structure should be faster.

I expand the code of using `is_unique` and `downgrade` as something like the following, which models that there are three `Arc` instances. use std::sync::atomic::{AtomicUsize, Ordering}; use std::thread; fn main() { let strong = AtomicUsize::new(3); let weak = AtomicUsize::new(1); thread::scope(|s| { s.spawn(|| { // t1 if weak .compare_exchange(1, usize::MAX, Ordering::Acquire, Ordering::Relaxed) .is_ok() { let unique = strong.load(Ordering::Acquire) == 1; // #0 weak.store(1, Ordering::Relaxed); // #1 assert!(unique == false); } }); s.spawn(|| { // t2 let mut val = weak.load(Ordering::Relaxed); loop { if val == usize::MAX { val = weak.load(Ordering::Relaxed); continue; } if weak .compare_exchange(val, val + 1, Ordering::Acquire, Ordering::Relaxed) .is_ok() { break; } } strong.fetch_sub(1, Ordering::Release); // #2 }); s.spawn(|| { // t3 let mut val = weak.load(Ordering::Relaxed); loop { if val == usize::MAX { val = weak.load(Ordering::Relaxed); continue; } if weak .compare_exchange(val, val + 1, Ordering::Acquire, Ordering::Relaxed) .is_ok() { break; } } strong.fetch_sub(1, Ordering::Release); // #3 }); }); } Merely change `weak.store(1, Ordering::Release);`(in the original implementation) to `weak.store(1, Ordering::Relaxed);` Assuming the `CAS` operation in `t1` succeeds, that means the loops in `t2` and `t3` cannot exit except that one thereof reads `#1` and the other reads the value written by the RMW operation that reads `#1`. The question is whether `#0` can read `1` and the assertion fails. Assume that `#0` reads `1`, because the initial value of `strong` is `3`, this implies that `#2` and `#3` both happen before `#0`, which in turn implies that the load part of `weak` in `t2` and `t3` both happen before `#1`. According to [intro.races] p13 > If a value computation A of an atomic object M happens before an operation B that modifies M, then A takes its value from a side effect X on M, where X precedes B in the modification order of M. `#1` is not visible to the load part of `weak` in `t2` and `t3`, so the loop in `t2` and `t3` cannot exit; this means, `#2` and `#3` cannot be reached by the corresponding control flows in their respective threads. This contradicts the assumption that `#0` reads `1` because `#2` and `#3` won't be executed in the lifetime of the program; otherwise, it would violate [intro.races] p10 > The value of an atomic object M, as determined by evaluation B, is the value stored by some unspecified side effect A that modifies M, where B does not happen before A. More generally speaking, any thread claiming that its RMW operation on `strong` would be read by `#0` is impossible, because its `CAS` operation on `weak` does not expect `MAX`, and `#1` is not visible to the load part, so its loop cannot exit. And no other RMW operation on `weak` that increases count can precede it; otherwise, the modification order of `weak` is invalid 1 < MAX < weak_store_1 < RMW_weak_a < ... < RMW_weak_current < ... < weak_store_1 So, `#0` cannot read `1` and `2`; however, it can only read the initial value `3`. Is my analysis right? If the target is, as described in the comment of the source code, to check whether the thread holds the unique strong, I think the memory order used for the case is over-strict, and the memory order of the store to `weak` that writes `1` can at least be `relaxed`, IIUC.

Hmm... It appears that there were] (⚙ D119284 [IR] Add intrinsics to represent complex multiply and divide instructions.) [some plans for complex numbers, but they are not entirely supported for now. It's odd because I thought there were some plans for doing so. I don't think this is a problem, as we can now use a platform dependent representation as a struct for the complex types. The advantage is still C FFI.

tczajka: > Here there is no better alternative in typical use. Be kind of nice if we added some then. To be very very clear: _I don't think just adding a warning is a complete solution_... and it's a bit of a straw man to respond to that position.

In several programs, I've taken to writing safety comments on my uses of arithmetic operators. Arithmetic is pretty much the most dangerous thing you can do in safe Rust (EDIT: not counting I/O or other similar interactions with the environment outside the program) – you need a lot of reasoning about the program to know that it isn't going to give you a panic or the wrong result. (Note that wrapping is actually often a worse outcome than panicking, because the program will continue running but using the wrong numbers.)

Well rust doesn't use MLIR, so that's not particularly relevant? (MLIR has all kinds of dialects, like sparse tensors for example.) Whereas if there was, say, a `llvm.complex.mul.f32` intrinsic that handled complex multiplication properly for us, that would be a stronger reason to have it built-in in some way, as it would be something a crate wouldn't use. (Like how https://doc.rust-lang.org/std/primitive.u128.html#method.carrying_mul_add is implemented on LLVM in a way not possible in a crate, which is one reason it's nice to have as a `core` method.)

idanarye: > This whole "sorted happy path" for binary tree insertions sounds weird to me But BTree is _not_ a binary tree. It's a b-tree with a much higher branching factor. Binary search trees are definitely not a very good idea on today's machines that love sequential memory access and hate indirection and branches. And unpredictable branches even more.

This does seem like a personal preference, that's why I suggested to reuse macro syntax (with an exclamation mark) to also distinguish between macros and attributes.

pitaj: > What if we just gave a sorted happy path to `extend`? Have it track the maximum item so it can skip the traversal in that case. This whole "sorted happy path" for binary tree insertions sounds weird to me. The tree still has depth - you still need to traverse it and rebalance it on every insertion, and for that it doesn't really matter if the items are sorted or not - it's still `O(log n)` per insertion. I'd understand if `bulk_build_from_sorted_iter` was accepting an `ExactSizeIterator` (and then it could easily deduce the entire structure of the tree) but it doesn't - so I although I did not look into how it works, I doubt its optimizations are as good as what `map_values` can achieve. The biggest advantage of `map_values` is that it can just copy the structure of the original tree over to the new one. This means that it doesn't need to navigate the tree from the root on each insertion, and doesn't need to rebalance it - it'll be unbalanced during its construction and only be fully balanced at the very end. This, BTW, mean it's worthwhile to also make `&` (and `&mut`) versions of these methods (`where K: Clone`, of course)

I agree. I'll add it as a major factor in the ACP and will change it as soon as I can.

MLIR does

For the purposes of making the simplest possible ACP, please leave out the bits involving new custom lang syntax, and assume that this will have a constructor like `c32::new(2.0, 4.0)`.

SciMind2460: > LLVM has a intrinsic for this, but it is not used in Rust as yet. Can you link where that is in the langref? None of the places it says "complex" (that I found) are about complex _numbers_.

I'm not sure LLVM _does_ implement numerically safe complex multiply, at least not in all cases.[1] Still, "this is the compiler's job" is a good answer to the question I asked, and "the compiler has intrinsics for complex arithmetic that (in principle) handle all the floating-point corner cases and are legible to optimization, but Rust doesn't expose them" is IMO a stronger argument for including complex numbers in the stdlib than just "there are a lot of crates already that define complex types and they're not interoperable". (You do mention that LLVM has these intrinsics in your problem statement, but you don't, IMO, give that the importance it deserves.) * * * 1. for example, llvm-project/compiler-rt/lib/builtins/muldc3.c at 5017370a1ce5009aed2855b645194bc141f72a2d · llvm/llvm-project · GitHub handles the naive formula producing a NaN that ought to be Inf, but it doesn't look like it even tries to detect the situation where the difference of two infinite-precision intermediates would be in the _finite_ representable range of IEEE double. ↩︎

dlight: > I think many APIs panic because unwrapping is too verbose. Sure, but my point is that when we do decide to have a panicking API, there is no tradition or need to call it `X_or_panic`. For example, `slice::swap` is not called `slice::swap_or_panic`. I don't really see how `unwrap` is any different. If you `unwrap` an externally-provided `Option`, that's bad engineering, but the same applies to `slice::swap`: if you `swap` using a user-provided index without checking it's valid, that's bad engineering. This is just a general principle that you should not trust external user inputs. But I don't think a good solution is to warn or make long scary names for functions that may panic.

ryanavella: > I would like to use `.unwrap()` as a terser `unreachable!()`, but I work with developers whose usage of it suggests they think it is more like `panic!()`. You could argue this was one domino in the Cloudflare chain-of-dominos: a team environment where each developer had different ideas of what `unwrap` means. I feel exactly this way, there's many meanings for `.unwrap()` and each person has their own favorite meaning. Here is another data point: the lang team feels like `.unwrap()` exists largely for quick and dirty code, that is, code that disregards failure modes to simplify development. Which I think differs from the point of view that `.unwrap()` is a sugar for `unreachable!()`, and thus has a place even in code that thoroughly checks and recovers from errors: it's to be used when there is absolutely no way an error could happen, but the type checker isn't smart enough to figure it out. tczajka: > Plenty of functions will panic when their preconditions are not satisfied. It's part of the regular function contract that a function will panic when you give it invalid inputs. So I don't think adding `_or_panic` or `_or_unreachable` here helps. I think many APIs panic because unwrapping is too verbose. I mean, panicking because the input is invalid due to programming error is ok and expected. But if the input comes from the user, it's probably better to not panic but return `Result`, because I want to display this error to the user and ask him to try again. (or else, to prevent a panic you need to validate an input before passing it to the function that will validate it _again_ - a situation that generally is solved by the "parse, don't validate" pattern) But APIs generally don't know where their inputs come from. so it's somewhat common for a Rust API to not decide what's more appropriate, returning `Result`/`Option` or panicking, and thus provide both variants. Which would be probably redundant - if you want to panic, why not call the non-panicking variant and unwrap it? Except that the verbosity of sprinkling `.unwrap()` makes the code harder to read, so people prefer calling a panicking API.

RelunSec: > This will be very useful in some situations. Standard response: you're discussing a feature without elaborating on the motivation. The motivation is more important than any specific feature. What are you trying to do? Avoid name conflicts? Define your crate's API? ...