►
From YouTube: Lang Team Triage Meeting 2019.08.29
Description
Topics discussed in depth:
- nounwind attribute logic
- unsound interaction between self-referential generators (incl. async fn) and noalias
- Ref parameter incorrectly decorated with `noalias` attribute
Dropbox paper link:
https://paper.dropbox.com/doc/T-Lang-Meeting-2019.08.29--AjzRGzHqD9HET5PNCoAomh4sAg-ydagQSwNNH0iSwUy225pZ
A
A
A
C
A
A
C
C
C
A
D
C
D
C
A
C
C
C
So
it's
been
pointed
out
that
the
temporary
lifetime
surrounder
wait
are
a
little
bit
surprising
or
at
least
they're
different
from
the
synchronous
code.
So
in
synchronous
code
you
have
this
example.
The
this
creates
a
temporary
vector
that
lives
sort
of
until
the
next
semicolon,
in
other
words
the
third
duration
of
this
statement.
So
the
code
compiles
in
async
code
because
of
the
D
sugaring,
it
does
not
it's
Aaron,
so
I
think.
C
There's
some
this
came
up
because
it
interferes
with
like
builder
patterns
and
things
like
this
yeah.
Basically,
existing
ergonomics
are
impacted
by
this.
If
you
try
to
move
from
synchronous,
asynchronous
you
wind
up
having
to
introduce
let
bindings
there
was
a
proposed
fix,
which
I
haven't
really
thought
about,
of
making
a
match.
C
You
could
I
mean
if
there
are
things
that
wouldn't
have
needed
to
then
they're
going
to
get
there's
going
to
be
an
extra
slot
and
the
free
will
happen
later
so
your
peak
resource
larger,
like
I,
I,
think,
though,
that
one
question
would
be
what's
a
good
example
where
it
creates
a
temporary,
but
you
didn't
want
it
to
move
longer.
I
guess
it
can
certainly
happen.
I.
F
C
D
A
A
G
D
Use
this
particular
weird
style
for
like
right,
like
only
use
our
values
in
these
places
and
like
anytime,
like
this
up
here,
move
it
into
a
new
statement
and,
like
I
don't
want
us
to
start
introducing
those
sorts
of
conventions,
and
so
it
would
be
an
unfortunate
thing
if
the
the
size
increased
being
caused
here
was
something
that
led
people
to
start
recommending
this
sorts
of
weird
hacks.
I
think.
A
D
D
A
D
C
Also
wonder
if
we
can
it's
all
the
things
we
said
are
true
to
a
lesser
extent,
in
synchronous
code.
I
wonder,
then
it
pushed
forward
for
like
it's
much
lesser,
but
you
know
it's
still.
If
we
could,
there
is
some
future
where
we
are
allowed
to
drop
things
earlier
and
so
on.
After
certain
conditions,
they
could
health
here
and
just
not
building
which
everywhere
yeah.
D
I
mean
I,
don't
think
like
I,
don't
think
people
are
usually
worried
about,
like
the
size
of
their
stacks
lot,
the
way
that
they're
worried
about
the
size
of
their
journey
futures
right
because
they
don't
usually
have
like
there's
one
stack
and
you're,
either
blowing
it
or
you're,
not
right.
It's
not
like
yes,
III!
Think
about
the.
F
C
D
C
D
D
C
C
D
A
C
Do
this
one?
Somebody
pointed
out
that,
during
a
reform
that
this
is
sort
of,
we
offer
an
error
here.
They
were
suggesting
we
could
automate
limbs
to
fix
it,
but
central
pointed
out.
We
could
also
just
accept
it.
It's
kind
of
inconsistent
you
might
expect.
You
didn't
say
this.
You
might
expect
this,
you
know,
and
this
would
be
equivalent,
but
it's
not.
C
D
H
C
C
D
B
A
D
A
C
C
A
A
D
E
A
So
this
this
this
feature
allows
you
to
add
attributes
like
function,
parameters
and
stuff,
and
it
has
baked
awhile
in
nightly,
and
the
question
is
to
be
sterilized.
It
I've
heard
people
wanting
this
in
various
occasions
and
there
is
a
report
which
is
done
on
the
tests.
Look
good,
I,
think
I've,
read
them
deaf,
trinket,
I,
believe
them
and.
C
G
C
C
D
G
D
Decide
that
we
want
to
force
this
syntax
on
people
before
we
know
that
it's
not
gonna
break
too
much
existing
code
right,
but
even
if
we
decide
to
start
introducing
this
syntax
and
say
that
this
is
an
allowable
way
to
write
the
code
like
we
don't
necessarily
have
to
have
that
either
the
allowable
way
to
write
the
code
like
we
could
still
do
the
coercion
thing.
If
it
turns
out
that
not
doing
it
is
going
to
request
much
code.
D
C
D
C
C
D
A
C
D
D
Doesn't
it's
not
none
of
them?
Wee-Wee
I
would
like
to
stabilize
that
so
that
we
could
have
a
bunch
of
functions
that
they
used
to
allow
it
and
then
right
at
the
last
minute,
when
we
went
to
stabilize
this,
we
went
oh
well.
We
could
hold
off
on
stabilizing
this
part,
and
so
we
didn't
stabilize
it,
but
I
was
gonna,
write
up
the
proposal
to
go
ahead
and
stabilize
it
anyway.
Well,
this
needs
action
off
recursive
types
with
arbitrary
self,
the
self
ampersand
box
self
rate
as
a
type.
D
D
C
C
G
Of
this
sure,
so
we've
talked
about
this
in
a
couple
previous
meetings,
but
right
now
we
have
an
optimization
where
we
mark
all
all
X
turn
C
functions
either
called
or
called
by
a
thrust
called
from
or
called
into
rust,
as
no
unlined
in
lob
em.
That's
a
useful,
optimization,
it's
caught
and
if
you
then
unwind
from
a
function
that's
marked
and
no
online,
do
you
create
an
undefined
behavior?
There
was
an
effort.
Minnie
taught
many
many
versions
ago
to
try
to
introduce
a
on
abort.
G
G
To
go
this
far
that
all
right
I
can
skip
ahead
a
bit.
So
the
point
is
we
reverted
that
change
to
do
the
abort
temporarily?
That
means
we
are
now
currently
miss
compiling
certain
pieces
of
code,
we'd
like
to
fix
that
there
was
a
proposal
to
fix
that
by
just
deleting
the
know,
unwind
attribute
from
LLVM,
but
that
will
break
a
lot
of
useful
optimizations
if
we
have
to
do
that,
we
should
in
order
to
fix
the
undefined
behavior.
G
That
just
says:
allow
unwinding
through
this
function
and
we
just
wrote
up
a
couple
of
hours
ago,
a
spy,
a
descriptive
spec,
canonical
RFC,
for
what
that
attribute
should
do,
which
means
somebody
just
needs
to
turn
that
into
an
RFC
and
Shepherd
that
through
the
process
and
if
we
can
nail
that
down
and
stabilize
that
whose
sole
function
is
stop
tagging
this
function
know
unwind
in
LLVM,
then
we
should
be
able
to
continue
to
do.
The
optimization
keep
the
aborts
that
we
had
before
and
just
tell
people
they
need
to
tag
functions
like
this.
B
G
Somebody
started
working
on
an
RFC
and,
unfortunately
other
people
in
the
community,
distracted
them
and
got
them
under
the
impression
that
they
had
to
completely
and
totally
specify
all
aspects
of
cross
language
unwinding
and
panic
run
times
before
they
could
do
anything
and
I've
tried
several
times
to
get
this
RFC
back
on
the
rails
and
say
no
really.
We
just
need
something
that
turns
off
the
LLVM,
no
unlined
attribute
that
doesn't
seem
to
have
been
successful.
Previously.
It
may
have
caught
this
time,
I
hope
so.
G
A
D
B
The
problem
is
that,
right
now
we
just
finally
landed
in
nightly
the
thing
that
we
backported
like
six
times,
that
turns
off
a
board
shrim.
Indeed,
yeah
I
mean
okay,
it
was
kind
of
embarrassing
to
keep
back
boarding
it,
but
now
it's
an
IP
and
it's
still
embarrassing
because
we
still
have
them
the
one
one
attribute
josh
has
been
saying.
These
are
important.
Optimizations
I've
been
asking
for
like
examples
or
stuff,
so
they
could
benchmark
and
like,
and
these
Russ
perk
shows
they're
like
basically
no
measurable
regressions
when
you
travel.
G
For
the
record,
I
have
no
objection
to
temporarily
dropping
be
no
unwind
attribute.
My
concern
is
given
how
many
times
this
has
been
around
and
around
and
around
it.
Is
that
actually
going
to
be
temporary
and
will
we
start
leading
people
to
think?
Oh
I,
guess
I
don't
have
this
at
all
I
guess
I,
don't
have
to
be
to
my
functions.
If
we
don't
tell
we're
gonna
start
affording
again-
and
you
have
to
put
an
attribute
on
your
functions.
B
C
C
C
B
A
D
A
B
Useful
that
case
is
useful,
I'm
sure
it's
just
like
I
think.
If
we
tell
people
that
okay,
you
have
to
stow
it
backwards,
compatibility
blah
blah
blah,
be
not
going
to
break
it,
and
so
we
have
a
like
something
you
can
port
to.
Then
we
should
also
not
have
that
attribute,
because
we
are
still
breaking
it.
Just
less.
Obviously
so
and
I
mean
like
if
the
benchmark
comes
around
with
there's
no
on
what
is
really
important.
Okay,
then
I
guess
that's.
C
C
B
D
And
binary
size
matters
a
lot
I
mean
so,
for
example,
so
I
don't
know
how,
like.
Obviously,
this
is
only
gonna
like
be
an
issue
if
you're
actually
calling
lots
of
C
functions
from
rust
right
like
if
you
only
have
a
few
spots
where
you
go
back
and
forth
between
languages,
this
just
well.
It's
just
can't
have
that
much
impact
unless.
C
C
C
D
B
D
B
G
Are
you
thinking
that
your
preferred
approach
would
be
to
go
ahead
and
revert?
The
no
instead
chain
apply
this
fix
and
stop
applying
the
no
unwind
attribute
and
then
separately,
reintroduce
that
attribute
and
the
aborts
and
the
unlike
the
new
unwind
attribute
at
the
same
time,
is
that
your
preferred
alternative,
I.
G
B
E
E
B
E
B
B
B
A
C
Don't
I
just
write
the
RFC,
that's
good
I
really
feel
like
we
should
do
that.
I
mean
I
I,
don't
know
what
I
think
about
whether
to
do
that,
nor
online
contributor,
really
in
the
important
but
I
feel
like.
We
should
be
able
to
get
this
RFC
done
in
the
next
few
weeks
and
make
it
kind
of
a
moot
discussion
so
I'm,
sorry,
both
the
next.
A
A
C
B
C
D
G
D
That
again,
Kramer
I
didn't
catch
that
well.
So
one
thing
that
you
could
imagine
is
that
the
the
unwind
attribute
is
in
would
be
a
no
op
on
panicky
panic
equals
abort
right,
but
which,
which
would
be
helpful
for
for
rest
code
right.
But
if
part
of
the
intention
of
the
unwind
attribute
is
not
just
to
allow
rust
panics
to
like
to
flow
through
correctly,
but
to
also
allow
C++
exceptions
and
other
kinds
of
you
know.
B
E
F
D
B
B
G
A
B
B
G
D
G
A
C
C
A
C
B
B
We
are
thinking
of
pointers
as
pointing
to
a
span
of
memory
where
the
base
address
is
given
by
the
pointer
address
and
the
size
is
given
by
the
type
and
the
spans
of
memory
of
like
the
pointer
to
the
entire
self,
a
fresher
struct
and
the
pointer
stood
in
that
struck
that
points
to
a
field
of
the
struct.
They
overlap
contain
that
field.
So.
B
C
No,
not
so,
and
so
exactly
but
generators
that
like
well.
What
we're
probably
going
to
want
to
do
is
to
say,
if
you
have
a
mutable
reference
to
a
generator.
The
contents
that
are
interior
to
the
generator
have
to
have
some
way
of
some
understanding
of
what
that
means
right,
that
there
may
be
internal
aliases,
something
which
probably.
B
Means
you
poison
the
pointer
to
that
generator
field
is
a
bog-standard
mutable
reference
and
it
can
be
passed
to
other.
Like
so
there's
nothing.
We
can't.
We
can't
remove
the
no
alias
from
that
thing,
without
basically
removing
it
everywhere,
because
it's
just
an
ampersand
B
C
for
any
T
and
no
alias
does
it
it
matters
what
you
do
with
the
nouriel's
reference.
Well,
I
mean
that's
in
the
LLVM
model.
We
have
no
idea
what
the
rust
model
is,
but
infra-red
for
old
cure.
C
Let's
assume
because
I
think
I
think
if
that
means
we
can't
use,
elegans
existed
no
alias
from
that's
what
it
means,
but,
and
we
have
to
lobby
for
an
improvement.
But
yes,
I'm
curious
about
the
rust
I.
Have
things
like
the
first
concern
to
me
and
the
second
concern
is
well,
we
may
have
doing
through
the
abilities.
B
C
B
G
B
B
Most
of
this
could
make
like,
and
specifically,
we
basically
want,
pin
a
percentage
t
to
not
be
no
alias
and
also
generally
be
a
lot
less
like
a
mutable
reference
and
more
like
a
row
pointer
which,
if
we
still
have
the
old
API,
where
pin
mute,
was
a
separate
type.
That
would
be
fairly
easy
to
do.
For
most
of
the
thing
we
could
just
internally
make
it
a
rope
on
her
like
a
normal
instead
of
an
ampersand.
Would.
B
B
It
could
be
good
to
hacks
and
the
compiler
and
then
the
most
we
could.
We
would
probably
have
to
do
hacks
for
all
of
the
pin
operations,
but
most
of
them
only
have
deal
with
mutable
references
internally.
The
interesting
ones
are
the
ones
that
exposed
them
like
map,
unchecked
mute
or
whatever.
The
permutation
of
things
await.
B
C
B
G
B
To
sort
of
yes,
that
I
think
would
work.
That's
what
I
meant
earlier
when
I
said
like
we
could
just
stop
a
meeting.
No
Elias
up
in
amperes
I
mean
I,
think
we
fixed
the
elevator
bucks
or
there's
enough
pieces
moving
here.
That
I'm
not
sure
at
that
point.
However,
like
some
people
want
that
debug
input
for
futures.
C
D
B
C
B
The
difference
between
you
have
to
use,
so
the
problem
is
that
let's
say
you
have
a
field
F
and
then
you
have
a
reference.
Are
that
points
to
field
F?
Those
are
fields
of
that
struct
when
you,
so
you
create
your
generator
and
you
have
field
F,
it
gets
some
value
and
all
your
create
a
reference
to
feed
F
installed
in
are
those
reference.
It's
a
mutable
reference.
It
not
expects
to
be
the
only
one
that
messes
with
that
field
field,
and
so.
B
C
B
You
manage
to
do
that.
That
would
be
okay.
The
I
mean
the
constraint
that
I
lay
down
was
the
thing
that
the
mutable
reference
points
to
must
not
be
used
by
another
pointer
and
used
in
at
least.
Currently
we
are
doing,
we
are
being
maximally
aggressive,
it's
like
Burroughs,
you
can't
even
create
a
reference
to
it
all
right.
B
C
C
I'm
aware
of
that,
but
we
also
like
we
know
in
the
compiler
that
it's
borrowed
so
we're
trying
to
say
so.
You
could
imagine
that
we
also
store
some
state
about
what
local
variables
should
be
part
of
the
debug
in
full,
and
we
use
that
to
guide
the
excess
season
there.
There
conform
the
Dre
and
Doc
that
wouldn't
create.
It
seems
like
that,
couldn't
create
any
new
problems,
because
that's
the
same
thing,
it's
gonna
happen
when
you
resume
execution
more
or
less.
B
B
C
C
B
B
So
the
problem
is
that,
like
currently,
if
you
look
at
the
pin
and
press
M
mute
API,
it
has
it
set
the
cupboard,
they
are
mutable
references
in
it.
Like
you
have
a
pristine,
mute
I
mean
I,
guess
I
haven't
thought
about
like
automatically
I
said
of
starting
this
from
the
pin.
Nick
was
to
starting
it
from
the
other
end
from
the
generator
propagating
all
the
words
that
this
guy
that
never
has
no
areas.
B
B
C
That's
exactly
why
I
was
wanting
to
start
I
mean
well
how
we
exposed
to
you
is
I,
don't
know,
but
that's
exactly
why
I
was
thinking
the
pin
is
not
necessarily
the
high-order
like
the
right
place
to
approach
this.
It's
more
about
a
mutable
reference
to
a
thing
that
we
know
is
self
referential
is
different,
but.
B
It's
it,
but
I
mean
it's
box
as
aliases.
It
stores
us
it's
the
the
pointer
that
points
into
the
box
is
stored.
Next
to
the
box.
It's
not
in
the
box,
it
doesn't
really.
The
surf
refresher
process
of
the
problem
is
just
we
have
a
mutable
reference
and
it's
aliased
like
sometimes
we
want
that.
It
seems.
It's
really.
C
B
Yes,
I
mean
this
gets
into
other
tricky
questions
like
I'm
on
your
once,
once
a
container
of
macro
to
go
from
the
address
of
a
feel
to
the
address
of
the
entire
struct
that
doesn't
work.
I'd
always
take
four
most
commonly
either,
because
if
you
have
a
pointer
to
a
field,
I'm
allowed
to
use
it
outside
of
it,
it's
better
at
span,
I'm,
not
sure.
If
that
interacts
with
relative
with
relative
hunters,
it
seems
like
it
might.
I
don't
know,
respond
to
another
field.
Sure.
C
B
A
So
one
more
generalization
I
would
like
to
make
that
maybe
not
everyone
agrees
with
is
that
perhaps
we
have
been
like,
too
afraid
to
introduce
new
new
like
basic
reference
types,
and
maybe
we
should
be
less
afraid
of
that,
like
maybe,
if
we're
trading
convexity
in
in
the
in
type
system
versus
the
abstract
machine,
maybe
we
should
go
for
more
convexity
in
type
system
and
stuff.
It's
that
I.
B
B
Make
the
abstract
machine
simpler,
like
it's
still,
it's
still
a
reference,
that's
that
allows
aliasing
it's
something
between
a
row
pointer
and
a
bit
of
a
reference.
Maybe
it's
just
a
row
harder.
Maybe
it's
more
like
to
face
balls
which
currently
insect
like
rock
wanders,
because
I've
not
yet
found
a
better
way
to
model
them.
B
Yeah
I
mean
like
in
terms
of
specifying
stack,
borrows
one
thing:
that's
annoying
about
these
marker
types
is
I
mean
unsafe,
so
the
more
thing
that's
annoying
or
unsafe.
Still
it
did
a
shared
reference,
at
least
currently
stack
forms,
try
very
hard
and
have
just
changed
it
to
try
a
bit
less
hard
because
it
was
awful
if
you
have
a
reference
to
a
big
thing
and
there's
small
unsafe
says
in
there,
it'll
only
treat
those
small
purchases
accessible.
B
So
if
you
have
a,
if
you
have
a
reference
to
a
share
reference
to
a
big
thing
and
there's
some
small
unsafe
cells
in
there,
like
a
big
struck
by
only
one
field,
is
a
wrestle
or
something
mm-hmm
like
we're
all
striving
hard,
and
this
is
after
a
conversation
I
had
a
while
ago
with
uni
steak,
Burroughs
tries
very
hard
to
say
well,
a
product
of
like
a
bunch
of
unsafe
zones
and
a
bunch
of
not
unsafe
cells
should
really
be
the
same
as
having
all
of
those
references
separately.
We'll
just
to
say.
B
C
B
We
go
below
straps,
because
then
we
don't
need
to
access
memory.
But
when
there's
an
enum,
if
there's
an
ancestor
anyway
in
the
you
know,
you're
just
gonna
be
like
okay,
I
guess.
This
entire
thing
is
like
can't
change
and
that
helps
that
helps
with
proving
in
Cocke
that
helps
with
not
being
like
I
was
completely
hopeless,
like
no
not
hopeless.
I
was
I
was
thinking
of
inner
layer
optimizations,
where
we
have
logically
disjoint
fields,
namely
the
discriminant
of
an
enum
and
the
values
stored
in
there.
B
Going
so
basically,
currently
I
can't
it's
it's
nonsense
to
speak
about
the
permission
of
a
reference.
You
can
only
speak
about
the
commission
that
a
reference
has
for
some
location
in
memory
and
it
would
make
all
the
bookkeeping
so
much
simpler
if
permissions
were
associated
with
references
and
not
with
references
cross.
B
Not
really
not
for
mutable
rhythms
like
no,
no
alias
the
way.
We
omit
it.
If
there's
any
unsafe
start
anywhere.
No
any
us
gets
emitted,
so
we
cook
totally
in
stock
Poirot,
say:
if
there's
any
ancestor
anywhere,
you
can
there's
no
freezing
and
would
be
completely
legitimate.
You
just
didn't
like
it
when
I
add
the
idea
like
a
year
ago.
C
C
I
just
mean
stuff
on
say-so
I,
just
don't
like
talking
Roman
citizen
people,
often
Millington
I
mean
basically
I.
Obviously
would
not
expect
that
like
same
way
that
unsafe
so
is
infections
across
nuanced
or
another
or
is
approximated
at
the
enum
boundary.
Similarly,
generators
would
be,
and
maybe
if
it's
convenient
it's
at
all,
much
easier
to
push
it
all
the
way
up
push
it
all
the
way
up.
B
Yeah,
that's
basically,
the
main
concern
was
doing
a
type
based
is
that,
but
of
course,
if
we
did
it
reference
level
based,
we
would
never
even
have
that
right.
So
it's
not
like
we're
losing
precision
compared
to
doing
a
reference
pace.
It's
just
like
you
might
not
get
the
extra
position
that
it
looks
like
we
could
get
nicely.
That's
a
good
point!
Yeah.
If
you
had
an
tan,
you
would've
lost
it
all.
Yeah.
B
Well,
the
optimizations
are
probably
great
but
reasoning
about
still
getting
your
code
right
is
a
pain
and
and
no
no
actually,
it's
defining
the
model
which,
of
course,
that
makes
any
kind
of
reasoning,
I,
think
great,
because
once
I'm,
goodness
almost
into
a
tree,
I
I,
don't
really
I,
really
don't
want
to
have
a
tree
for
every
location.
That
seems
like
such
a
big
mess.
B
C
B
C
C
Any
other
question
I,
probably
shouldn't
be
raising
now
and
whilst
waiting
for
five
weeks,
but
what
I
would
like
to
just
throw
out
there
is.
You
know
this
hints
that
the
increasing
importance
of
integrating
guidelines
work
into
the
rest
of
the
work,
we're
doing
doing
a
better
job
of
that
that's
kind
of
obvious,
but
also
true.
B
I
mean
the
the
ref
thing
I
guess
we
can
talk
about
him
back
or
something
it's
I
am
actually
and
I
find
that
funny,
because
I
started
getting
these
Maria
failures
about
I
get
I,
got
them
actually,
first
with
neck
back
tech
eater,
or
something
like
that.
It
has
a
similar
problem
as
well
and-
and
my
conclusion
was
Mira
Mira
is
too
aggressive,
so
we
actually
have
this
in
the
paper
we
submitted
like
okay
yeah.
We
had
these
like.
We
had
this
some
of
those
failures
that
we
didn't
fix.
B
We
didn't
change
the
same
library
to
account
for
those
because
it
seemed
like.
Maybe
the
NS
is
just
too
oppressive
and
you
have
to
find
a
more
relaxed
analysis
and
actually
we
moved
it
from
Erie,
because
I
wanted
to
get
those
like
with
all
those
failures
I
make
it
make.
Favor
seem
very
more
likely
to
be
true
positives,
and
then
it
turns
out
that
they
were
actually
real
things
and
I
should
go
back
to
the
paper
and
figure
out
what
else
we
say
there
I
mean.
C
C
B
B
Is
that
it
stops
being
not
know
Elias
Midway,
yes,
so
so
we
can.
We
can
do
fully
unique
everything
in
instead
borrows
the
one
thing
we
can't
do.
Is
this
barrier
or
protector
mechanism
that
I
added?
That
makes
sure
the
scope
of
this
thing
is
at
least
the
current
function
call
because
it
isn't
so.
This
is
not
the
same
as
mutable
references.
The
aliasing
is
intact.
It's
just
broken
earlier
than
we
tell
LLVM.
It
is.
A
C
B
Mean
the
barriers
are
pretty
awesome,
we
haven't
done
the
proof
yet,
but
I
have
proof
sketch
and
I
hope
we
have
the
proof
in
two
weeks,
but
this
means
you
can
move.
You
can
do
something
pretty
crazy
where
you
can
move
right
up
across
or
down
I
forgot,
which
f1,
which
of
them
across
an
unknown
function.
Call
you
end
up.
B
B
Mutable
like
data
behind
a
mutable
reference,
it
has
a
barrier,
can
be
different
in
the
source
and
target
machine.
If,
even
though
that
the
pointer
is
not
a
pointer,
we
control.
This
is
not
local
state.
This
is
shared
state,
but
we
add
this
barrier
to
it
and
then
we
can
prove-
and
we
have
that
principle
basically
proving
we
just
haven't
exploited
any
code-
that
the
value
can
be
different
between
source
and
target
and
you
still
and
the
other
code
just
can't
observe
and
what.
B
No,
the
whole
concept
is
fine.
It's
just
currently
they're
currently
very
aggressively,
also
adding
that
to
to
structs
wrapping
references,
yeah
and
in
many
cases
I
guess
we
want
that
because
we
want
new
types:
do
not
do
zero
cost
but
ref
and
refute,
and
our
there
are
new
types,
technically
speaking,
the
only
like
the
reference
and
as
est,
but
we
don't
actually
want
that
semantics.
B
C
G
C
B
G
C
B
C
B
C
B
Yeah,
the
question
isn't
taught
to
fix
it
in
live
STD
I
could
I
could
write
up
a
PR.
The
question
is
what
we
expect
people
to
do
when
they
write
stuff
like
that
themselves
and
are
they
even
gonna
realize
they're
breaking
a
rule,
probably
not
like,
oh
and
like
like,
even
if
they
ride
a
Mary?
It's
not
easy
to
come
up
with
the
test
case
that
makes
this
Erin
Erin
Mary.
B
So
even
if
they
have
a
good
test,
suite
I,
don't
think
the
refs
a
test
suite
we
have
would
catch.
This
bug
like
even
the
refs,
I
or
I,
wrote
some
pretty
aggressive,
ref
scientists
and
it
and
they
didn't
catch
this
bug.
It
was
only
after
I
realized
that
it's
the
same
as
this
Vick
tech
eater
thing
that
I
was
able
to
write
a
test
case
that
caught
the
bug.
Yeah.