►
Description
Curry On Prague, July 7th, 2015
Slides: http://pnkfelix.github.io/curry-on2015.html#/
http://curry-on.org
http://2015.ecoop.org
A
Okay,
so
yeah,
let's
talk
about
rust
and
you
know
what
it
is
and
why
we
have
making
it
so
it's
a
new
systems,
programming
language.
Actually,
so
much
of
my
talk,
I
wish
I
had
the
time
to
revise
it
entirely
based
on
the
arns,
because
so
much
overlap
is
there.
So
you
know
we
need
to
have
fast
code
for
systems
programming
and
we
want
to
have
a
good
fi
interface
to
interface
with
native
services.
A
You
want
to
have
low-level
control
things
like
data
layout,
but
also
you
know,
we've
got
the
decades
of
PL
knowledge
to
draw
upon,
so
we
want
to
mix
in
all
these
classic
ideas,
drawing
from
the
best-of-breed
stuff.
You
know
stuff
from
c++
like
rei,
I,
but
also
things
from
the
ml
and
haskell
and
etc
communities
with
generics
of
definite
polymorphism,
etc.
A
Pattern
matching
all
that
great
stuff,
but
perhaps
most
importantly,
the
most
exciting
thing
about
rust
is
the
focus
on
safety,
and
that
for
us
means
not
just
being
memory
safe
in
terms
of
no
seg
faults,
no
pointer,
no
pointer,
dereferences
or
you
know,
garbage
pointer,
dereferences,
but
also
a
new
condition
for
safety,
which
is
to
be
data
race-free,
which
is
pretty
awesome
and
there's
a
great
blog
post
about
this
topic
on
called
feliz
concurrency,
so
yeah,
all
this
stuff.
Do
you
need
to
hack
on
rust
yourself?
Is
that
this
website?
A
So
you
know
you
could
all
go
there
right
now
and
download
the
rest
compiler
and
you
know,
start
running
your
computer
right
now
and
of
course,
you're
all
doing
that
I
can
see,
but
perhaps
more
importantly,
the
playpen
is
something
you
can
get
to.
I
might
not
be
able
to
get
to
it
actually,
but
this
is
something
that
you
can
actually
visit
and
run
yourself
in
the
browser
and
it
goes
to
a
server
a
dedicated
service
online.
A
So
these
slides,
actually
every
piece
of
code
that
I
have
on
here
is
on,
has
links
to
the
playpen.
So
we're
gonna
see
some
demos.
Do
you
all
geared
up?
These
are
like
three
little
tasty,
tasty
tidbits,
so
the
first
thing:
zero
cost
abstraction.
We
heard
Bjorn
say
that
over
and
over
again
it's
a
huge
thing
for
us
to,
but
not
to
come,
not
to
compromise
safety.
That's
you
know,
that's
the
first
and
foremost
thing,
but
still
zero
cost
abstraction.
A
A
That's
a
closure:
that's
our
syntax
for
closures,
which
we
may
or
may
not
get
to
in
this
talk
we'll
find
out,
but
that's
our
syntax
for
yeah
lambda
expression
is
the
I
within
the
bars
so
yeah,
but
it's
not
just
LLVM
to
rely
on
here.
It's
also
that
the
iterator
abstraction
we
use
allows
us
to
do
things
like
not
have
bounced
checks
during
the
actual
iteration
itself,
but
also
we
have
memory
safety,
and
this
is
an
example
I
like
because
this
isn't
an
example
that
everyone
necessary
thinks
of.
In
particular.
A
This
is
a
bug
that
plagues
even
sound,
safe
languages
like
Java,
namely
may
have
heard
concurrent
modification
exception
when
you
try
to
modify
a
collection
while
you're
iterating
over
it.
Rust
doesn't
have
this
so
in
particular,
this
example
is
one
where
in
C++,
if
you
try
to
modify
a
vector
while
you're
iterating
over
it,
that's
a
bug
as
in
it
might
reallocate
the
backing
store
for
the
vector.
B
A
C
A
Oh
okay,
that
makes
sense
actually
I
tried
to
get
to
something
that
I
couldn't
get
to.
Oh
no.
This
is
very
bad.
How
do
I
get
back
sorry
I'm
using
a
hacked
version
of
of
mice,
of
my
Chrome
or
Mozilla,
so
it
doesn't
show
up
the
for
Firefox.
It
doesn't
show
the
the
URL
bar,
but
unfortunately
it
doesn't
show
the
URL
bar
ever
so
we
need
a
presentation
mode
so
anyway.
This
is
this
is
an
example
of
fork/join
concurrency.
A
So
this
is
really
slick
because
we
have
some
data,
that's
owned
by
the
local
stack
frame,
namely
the
or
somebody
it's
owned
by
somebody.
Maybe
it's
not
owned
by
local
stock
right
and
some
of
you
borrowed.
But
the
point
is
that
we
can
split
the
input
array
into
four
chunks
hand
them
off
to
threads
and
have
them
process
those
things
concurrently
and
then,
but
just
passing
out
pointers
not
making
copies
the
data,
and
then
we
like
do
our
processing
and
get
a
result
back.
A
Of
course,
you
wouldn't
typically
do
this
for
something
like
Mac's,
that's
kind
of
stupid,
but
this
is
just
the
illustrative
there's,
a
caveat
which
maybe
we'll
get
to
we'll
see
so
okay.
But
why
Ross?
Why
why?
Why
is
Mozilla
doing
this,
and
the
simple
answer
is
because
it's
the
only
way
we
see
it
be
competitive.
We
don't
have
enough
of
a
work
force
to
especially
with
a
volunteer
work
Basin.
So
on
that
we,
you
know,
we
need
to
compete,
but
C
C++.
A
It
impedes
our
productivity
too
much
so
for
fast
experimentation
with
new
ideas
into
the
future
of
what
web
browsers
can
do
we
needed
a
different.
We
want
a
different
system
for
that.
So
in
particular,
we
have
this
thing
called
servo,
it's
a
separate
project.
It's
a
browser,
research,
Platt
implementation,
research
platform,
it's
written
in
rust,
it's
this
codes,
open
source,
etc,
and
so
we're
using
that
to
do
experiments
like
things
like
doing
pair
of
penny
and
parallel
or
doing
parallel
layouts
or
parallel
CSS,
selector
matching
various
experimental
things.
A
So
one
more
thing:
I
note
about
goals
here,
because
you
might
think
that
we're
all
totally
focused
on
static
safety
and
whatnot,
but
in
fact,
rust
is
more
than
happy
to
use
dynamic
checks
to
ensure
soundness
when
appropriate,
because
you
know
what
is
sound
is
anyway:
it's
not
okay
to
have
seg
fault
in
our
opinion,
but
a
clean
shutdown
of
the
system.
When
you
have
some
internal
invariant
broken,
that's
actually,
okay
in
our
book,
you
bugs,
if
you
can
recover
from
a
bug
in
some
way
and
actually
shut
down
system
cleanly.
A
That's
not
the
same
kind
of
risk
that
a
snake
vault
represents.
So
we
actually
have
warms
for
doing
that
kind
of
clean
shutdown
and
then
doing
a
you
know
proper
unwinding
of
a
stack,
much
like
what
yarn
was
talking
about
today
with
doing
using
destructors
and
having
exceptions
and
properly
cleaning
up
after
them.
But
you
know
we
use
static.
We
do
static
analysis
where
we
can.
A
So
how
are
we
gonna
get
this?
How
we
get
this
done?
What's
the
main
piece,
the
main
pieces
to
this
again
I
wish
that
I've
redone
this
in
terms
of
yarns
talk
so
move
semantics
is
a
huge,
huge
part
of
our
story
and
it's
basically
something
that's
built
in
the
language
from
the
ground
up,
because
it
gives
us
much
direct
control
and
direct
expression
of
what
the
resources
are.
That
you're
representing
your
program,
and
we
have
this
notion
of
borrowing
which
gives
it
back
references
we'll
be
talking
about
that
later
and
then.
A
Finally,
we
have
lifetimes
their
way
of
actually
putting
constraints
on
the
references
in
the
system.
So
you
may
have
noticed
during
beyond
talk
somebody
mentioned
about
how,
if
this
is,
after
after
the
timeout
that
they're
mentioning
wait,
a
minute
you're
giving
back
a
reference
there
and
yet
to
ensure
that
outlives,
sorry
that
doesn't
how
live
the
thing
it's
referencing
into
and
he
was
like
yep
you
do,
but,
okay
uh-huh,
that's
the
programmers
job
to
ensure
that
their
and
rusts
you
can
actually
encode
it
and
it
statically
checked.
A
Okay,
not
everything
is
moved.
It
doesn't
make
sense
like
move
an
integer,
you
just
really
copy
those;
they
don't
represent
the
resources,
but
so
there's
this
notion
of
things
that
are
like
resources
and
thus
can't
be
copy
of
like
that
and
things
that
are
not
resources
and
there's.
The
interface
called
copy
represent
this
and
then
there's
a
selection
of
errors
that
I
have
to
illustrating
here,
but
I
don't
want
to
take
too
much
time
on
it.
The
point
is
that
you
catch
we
catch
you
when
you
make
mistakes
trying
to
access
things
that
moved.
A
You
can
check
out
this
light
yourself.
The
big
problem
here,
of
course,
is
that
you
just
had
a
language
with
only
with
move
semantics.
It
would
be
unusable.
This
is
not
a
work.
This
you
can't
just
rely
on
using
move
semantics
because
you
need
to
reuse
stuff
from
time
to
time.
So
this
is
where
you
need
pointers,
and
the
answer,
then,
is
how
we,
you
know,
bring
pointers
back
and
the
way
we
do
it
is
by
we
reuse
the
syntax
of
C's
address
of
operator,
but
it's
conceptually
a
bit
of
a
different
notion.
A
So
that's
what
a
borrow
looks
like
so,
okay,
we
have
borrows
great
everything
solved
right.
No,
no!
You
see
that
we're
bringing
back
all
the
same
problems
we
had
before
with
it,
because
the
reason
that
bugs
happen
is
because
well
a
reason
that
you
can't
just
statically,
detect
all
the
bugs
in
the
world,
largely
because
of
aliasing.
It
becomes
too
hard
to
analyze
code
and
borrow
experience
and
reduce
aliasing.
So
what
do
we
do?
A
We
restrict
it,
and
the
analogy
here
that
I've
come
to
appreciate
is
when
you're
doing
concurrent
systems
programming,
there's
the
notion
that
there
can
use
a
notion
of
abstraction
called
a
reader/writer
lock,
where
you
either
have
many
readers
at
once.
That
only
have
read-only
access
or
you
have
one
writer
that
has
readwrite
access
and
it's
exclusive
access
to
the
thing
and
we
have
a
similar
model
in
rust.
A
So
here's
some
concrete
examples,
those
types
again.
So,
if
you're
doing
a
read
of
data,
then
you
take
an
ampersand
back
and
that'll.
Let
you
hit
read
access
to
the
data,
but
you
can't,
for
example,
move
strings
out
of
that
vector
because
you're
only
you
can't
do
that
here,
because
the
vector
you
only
have
read-only
access
to
it.
You
can't
do
things
like
change
its.
You
can
only
just
take
references
into
it
or
you
could
modify
the
vector.
So
here
we
can
actually
take
them
and
percent
mute
back
and
then
push
things
on
to
it.
A
And,
finally,
you
can
have
something
you
transfer
ownership,
the
vector-
and
this
actually
consumes
the
vector
by
iterating
over
it,
and
this
code
is
kind
of
funny.
What
it's
doing
is
it
says:
oh
I,
take
the
vector,
I
do
a
for
loop,
but
then,
if
I
see
anything
at
all,
I
take
the
object
which
now
I've
actually
moved
out
compared.
A
Okay,
this
is
what
call
it
looked
like.
It
should
be
pretty
intuitive,
based
on
what
I
said
before
in
terms,
if
there's
ampersand
B
for
taking
a
read,
only
borrow,
that's
alias,
go
ampersand
mute,
be
for
the
read,
read,
write
one
and
then
no
ambition
at
all
from
when
you're
gonna
transfer
directly
I,
don't
know
if
I
really
want
to
talk
too
much
about.
A
This
looks
like
what
the
issue
here
is
that
I
haven't
gotten
too
many
questions
yet,
and
there
are
a
lot
of
slides
here
so
I'd
like
to
get
some
input
from
the
audience
about
where
we
should
go
so,
okay,
lifetimes,
oh
shoot.
That
means
we
do
need
to
talk
about
this.
Okay
back
to
this,
then
Oh,
so,
okay,
so
I
was
talking
before
about
borrowing
and
here's.
Some
concrete
example,
when
you
borrow
something
there's
an
indefinite
extent
that
we
represent
statically
within
the
compiler.
A
That
corresponds
roughly
the
lexical
scope,
it's
kind
of
like
lexical
scope,
except
there's.
Some
finer
grained
things
that
don't
they
don't
correspond
to
explicit
variables
sometimes,
but
here
I've
made
it
very
explicit
by
explicitly
binding
all
the
intermediate
represent
you
in
tirmidhi
a
trip,
expressions
for
the
borrows
it
happened,
so
you
can
see
that
our
two
is
being
borrowed,
the
very
bottom
there
and
its
scope
is
strictly
less
than
our
ones
and
then
those
are
each
less
than
V
2
and
V
1,
okay.
And
then,
when
you
do
it,
you
make
a
call
like
foo.
A
Each
call
to
foo
has
to
choose
the
appropriate
scope
to
plug
in
for
it.
Yes,
absolutely
good
question:
we
have
macros,
sorry,
so
I,
I,
love,
macros
do
I
actually
say
that
somewhat
facetiously,
but
yarn
really
seemed
like
he
had
sinned
against
them.
I
guess!
If
we
were
awesome,
we
would
figure
out
a
way
to
do
it.
A
True
true,
we
have
hygienic
macros,
that's
the
oil
sort
of
we
taught
we
trying
really
hard,
we'll,
probably
even
better
later,
but
the
point
is
they're,
mostly
hygienic
and
so
four
constructs
the
way
that
instead
of
having
variable
arity
constructors
like
in
C++
to
do
things
like
that
construction.
Instead,
we
have
a
Beck
macro
that
construct
an
empty
vector
and
then
pushes
each
element
onto
it,
and
then
we
that
succinctly
summarized
in
this
Beck,
bang
or
Beck
exclamation
point
on
their
product
house.
A
It
back
to
us
the
talk,
sorry
so
likewise,
the
print
Linn
down
here
print
min
bank.
That's
another
macro:
it's
a
lot
like
C's
printf
function,
except
it's
a
macro,
and
thus
it
can
like
check
that
your
arguments
that
you
give
actually
correspond
to
the
template
string
and
it
statically
checks
this.
Yes,
oh
you
do
it
right.
Okay,
all.
A
B
C
A
A
Believe
that
problem
could
be
solved.
I
could
be.
Maybe
not
that's
an
interesting
point.
It
depends
on
how
you
deal
with
name
resolution.
If
you
interleave
name
resolution
and
parsing,
then
you
should
be
able
to
deal
with
that,
but
we
don't
currently
do
that.
So
that's
actually
a
good
point.
I,
don't
think
we
could
do
it
with
rust
as
of
today
or
yesterday,
but
I
don't,
but
I
think
that
rust
in
the
future
would
be
able
to
deal
with
that
that
detail.
Okay,
thanks
yeah,
okay,
so
that's
great!
The
bangs
are
the
macros.
A
But
like
the
other
thing
here,
that's
new
syntax
is
the
input
to
the
foo
function.
Here,
it's
not
just
taking
a
reference,
but
it
has
a
reference
with
explicit
like
time
on
it
that
lifetime
tick
a
so.
It
says
this
is
a
reference
that
lives
for
at
least
as
long
as
2
K,
whatever
Takei
is,
and
what
is
Takei.
The
compiler
has
to
figure
that
out.
You
know
we
don't
currently
have
a
way.
E
A
Errors
here
in
terms
of
your
use
of
these
lifetimes,
so
here
v1
got
moved
by
the
consume,
call
and
there's
still
as
outstanding
reference
to
r1,
and
if
you
attempted
then
call
foo
with
r1
the
compiler
checks
this
and
catches
you,
it
says:
no,
no,
you
can't
do
that
and
it
gives
you
a
precise
error
message
saying
you
can't
move
out
of.
You
know
who's
the
blame
here.
It's
it's
a
call
to
foo
or
the
call
to
consume.
A
There's
not
enough
information
to
actually
you
know
pick
one
so
the
compiler
says:
oh,
you
probably
meant
didn't
mean
to
move
v1
out
here,
because
you
still
are
gonna
read
from
it
potentially
down
here
and
it's
called
a
foo.
But
the
point
is
we
tell
you
about
both
points,
and
so
you
can
figure
it
out.
A
Ok,
now,
ok!
This
is
a
clearly
a
case
where
this
was
a
you
know,
buggy
program.
The
system
we
have
is
naive.
We
have
to
admit
this.
It's
based
on
lexical
scope,
and
so
even
if
there
is
no
call
to
read
after
the
call
to
consume
I
wanted
to
compare
these
two
slides,
so
I
had
a
call
to
foo,
and
that
was
definitely
wrong,
but
even
if
I
get
rid
of
the
call
to
foo
the
current
compliation
model,
it
still
treats
that
as
an
error.
A
A
Not
with
our
current
bottle
of
scopes,
I
don't
know,
because
that
would
be
equivalent,
for
example,
to
just
moving
our
one
somewhere
else
sort
of,
and
but
our
current
model
for
how
our
scopes
represented
doesn't
handle
that,
but
I
think
the
answer
here
isn't
to
put
it
on
the
user.
The
answer
is
to
make
the
compiler
smarter.
We
can
make
the
compiler
smarter
about
how
we
represent
these
these
scopes
regions,
as
we
sometimes
call
them.
Okay,
alright.
A
So
the
main
thing
I
want
to
get
across
here
is
that,
even
though
I
said
these
are
lexical
scopes,
they
are
actually
non-trivial.
The
computation
involved
here
and
the
analysis
of
all
is
not
just
a
simple
matter
of
doing
a
trivial
analysis
of
lexical
scope
of
what
of
variables,
in
particular
in
this
example.
How
long
should
the
Baro
that
I
have
highlighted
with
the
letter
A
there?
How
long
should
it?
Last?
A
If
you
read
over
this
code,
it's
C,
you
can
see
that
r1
is
only
used
in
the
call
to
foo,
and
so
it
doesn't
need
to
last
very
long
at
all.
It
can
last
just
for
as
long
as
r1
does
it
doesn't
have
to
borrow,
for
that
borrow
be
one
where
it
says
a
it
doesn't
need
to
live
longer
than
that.
So
that
could
be
a
very
short
borrow,
but
compare
this
these
two
slides
if
I
change
down
there,
so
it
returns
r1
and
finds
it
up
to
our
now.
A
That
borrow
needs
to
live
much
much
longer.
It
needs
to
actually
live
long
enough
to
deal
with
the
read
of
r2
as
well
at
the
bottom,
so
that
basically
means
you're.
Gonna
have
to
have
the
scope
of
the
borrow
pea
effectively
as
long
as
b1,
so
not
trivial,
so
I'm
talking
about
figuring
it
so
that
there's
that
a
there
yeah
we
need
to
figure
out
how
long
that
borrow
last,
because
in
particular
imagine
if
we
added
a
mutation
of
the
other
vector
V.
A
Where
that
comment
is
on
this
piece
of
code,
you
could
you
could
freely
mutate
V
if
we
had
internet
I'd
like
to
go
and
show
you,
but
you
can
freely
mutate
V
and
it's
not
a
problem,
but
borrow
can
be
very
short,
but
in
this
version
of
the
code
now
I
pass
that
borrow
and
it
gets
down
to
our
to
our
tool
is
passed.
Where
that
comment
is,
and
it's
up
being
read.
Yes
all
right,
I
guess
you.
A
Yeah
the
compiler
will
not
let
you
do
that
unless
you
give
it
unless
the
debark
there
are
situations
where
here
the
stack,
this
v1
is
stacking
out.
It's
owned
by
this
local
stack
frame,
and
so
you
wouldn't
be
able
to
actually
let
the
Baro
escape
its
be
something.
Where
would
there's
an
example
in
a
slide
later
of
this?
But
basically,
if
you
have
something,
that's
that's
owned
by
the
local
stack
frame,
you
wouldn't
be
allowed
to
let
the
Baro
escape
that
far.
It's
gonna
be
a
story
straight
to
this.
This
function
call.
A
No,
that's
not
true,
but
things
you've
allocated
on
the
stack
frame
can't
escape
the
local
borrows.
The
things
on
the
stack
frame
can
escape
the
global
scope,
but,
for
example,
if
there
was
some
static
data
and
I
borrowed
a
pointer
to
that
that
can
escape
to
a
global
scope.
A
E
A
I
mean
practice.
The
reality
here
is
that
you
wouldn't
try
to
move
things
and
you
don't
move
things
and
we
don't
remove
references
like
that
into
the
global
scope
that
often
except
for
whether
it's
static
data,
because
it
doesn't
make
sense
in
terms
of
having
independent
threads.
That
might
you
know
one
might
die
at
any
point
so
moving
into
a
global
variable,
you
there's
no
better
thing
and
to
put
it
in
global
scope,
modulo
GC
stuff.
So
but
we
don't
have
a
GC.
So
you
know
that's
yet.
A
Oh
sorry,
so
yeah,
it's
something
where
the
place
where
this
really
comes
up
is
it's
that
not
when
you
have
a
global
scope,
but
rather,
if
there's
some
function
lower
in
your
stack
frame
like
very
deep
like
if
at
the
func
of
the
main,
the
main
entry
points,
if
that
has
it
allocates
an
arena
of
stuff
that
you
can
dynamically
allocated
to
and
it's
owned
by,
that
you
know
sex.
A
It
has
sex
for
pushing
on
the
stack
like
this,
and
the
guy
at
the
very
bottom
actually
owns
an
arena
that
he
can
allocate
into
that's
a
case
where
now
you
can
start
having
borrows
into
things
in
the
arena
and
put
those
references
pretty
much
anywhere
as
long
as
it
doesn't
outlive
your
main
function,
so
that's
sort
of
like
a
global
scope.
This
is
a
lifetime
year
program
and
that
we
can
actually
encode.
We
can.
We
can
encode
that
you
haven't
seen
enough
yet
to
see
how,
but
we
can
do
that.
That.
A
The
ko
a
that's
an
example
of
a
lifetime,
so
that's
the
syntax
quote
a
is
our
explicit
notation
for
a
lifetime
and
so
that
first
foo
of
angle
brackets
to
K.
That
means
I
am
parametric
over
a
lifetime.
I
am
for
any
tick
a
for
any
scope
that
someone
might
choose
so
the
cost
of
food.
Each
call
that
there's
two
calls
of
foo
here
and
each
one
can
choose
an
independent
lifetime.
A
That's
the
crucial
thing
about
why
this
code
right
now
works
in
the
sense
that
that
first
call
that
foo
our
one
can
use
a
very
short
lifetime
that
instantiate
for
the
tick'.
But
then
the
call,
the
very
bottom
who
are
two
is
almost
certainly
going
to
choose
an
entirely
different
lifetime.
It's
certainly
a
longer
one.
E
A
A
We
we
don't
have
virtual
dispatch
over
it,
so
you
don't.
You
can't
have
a
method
on
a
virtually
dispatch
method.
That
itself
is
parama
type
parametric.
We
don't
have
that,
but
we
do
have
lifetime
parametric
city
even
for
virtual
for
virtual
methods,
because
they
are
erased
at
compile
time
they
don't
they
don't
have
a
runtime
representation.
They
are
solely
for
ATM
compiler
and
doing
this
analysis
to
determine
that
you've
safely.
All
of
your
accesses
are
safe.
A
Lifetime,
so
we
only
do
type
it.
We
don't
do
global
type
of
type
analysis.
Don't
do
global
type
inference,
so
the
type
annotations
a
lifetime
annotation
is
necessary
because
we're
trying
to
avoid
that
and
not
even
I,
don't
know
how
it
work
to
try
to
infer
the
Y
times.
It's
not
clear
to
me
what
the
right
way
to
do
that
would
be
in
the
first
place.
It.
B
A
You
know
what
we
must
move,
there
sure
well
go
straight
to
elision
and
then
we'll
come
back
so
elision
yeah.
The
basic
idea
here
is
that
you
know
yeah
these
two
K's
and
tic.
These
are
ugly,
so
yeah.
A
This
was
some
example
code
where
you're
taking
in
like
x,
and
some
of
these
examples
are
actually
taking
in
multiple
lifetimes,
because
there's
independent
references
that
might
have
independent
their
their
data,
they
point
to
might
actually
one
might
died
before
the
other,
and
so
this
is
the
very
explicit
form
where
you've
actually
made
every
lifetime
for
every
reference
explicit.
But
you
can
actually
the
language
we
allow
you
to
actually
allied
lifetimes
and
these
essentially,
basically
the
rule
is,
if
it's
obvious
what
you
meant,
then
you
can
avoid
it
and
it's
I.
A
Don't
unfortunately,
don't
think
I
have
an
example.
Right
now
have
a
case.
There
there's
also
the
case
entry
returning
a
lifetime.
So
if
you
take
a
single,
this
first
function
up
here
this
print
one
if
it
returned
a
reference,
even
that
could
be
elided,
because
if
you
only
take
in
one
reference,
then
it's
clear
that
the
only
same
thing
you
could
do
if
you
return
a
reference,
is
to
use
the
same
lifetime
for
that
reference.
That's
not
a
hard
percent.
True,
there's
another
scene
there's
another
scene
option,
but
this
is
the
best
choice.
H
It's
on
the
prior
fly
was
I,
can
go
back,
yeah,
go
back
real,
quick,
oh
right,
how
much
port
one
else's!
Do
you
need
to
do?
You'll
need
one
layer
down
to
the
compiler.
Doesn't
after
like
follow
the
the
chain
of
lifetime,
analyses
from
one
point
to
the
next
to
the
next?
It's.
A
Essentially,
function:
local
there
isn't.
There
is
one
thing
we
do
have
closures
in
the
language
and
so
those
don't
have
explicit
types
on
them.
So
there
is.
The
analysis
does
need
to
have
to
in.
Oh,
if
you
have
a
closure
in
a
closure
expression
in
a
function,
then
it
does
have
to
dive
into
that,
but
especially
parla
compliation
units
in
s
infer
things
there,
but
yeah.
F
A
Way
with
your
virtual
dispatch
is
the
signatures
are
explicit,
I'm,
not
sure.
If
I
understand
the
question,
maybe,
but
we
don't
infer
the
but
of
the
signature
for
a
function
for
like
a
top
level
function
or
a
method.
F
F
A
A
Is
like
that's
a
great
question?
It's
interesting.
We
are
still
working
on
pedagogy
here,
for
example,
there's
an
active
debate
about
whether
been
teaching
this
should
you
show
the
lifetimes
explicitly
from
the
outset,
or
should
you
leave
them
out
and
then
show
them
later?
My
impression
so
far
is
that
people
get
it
eventually,
but
the
harder
part
I
think
is.
A
They
first
have
to
get
the
ownership
model
once
they
sort
of
get
that
and
understand
that
you
know
things
are
going
automatically
Bialik
because
we're
talking
about
some
programmers
here
where
it's
like
Ruby
programmers
who
aren't
used
to
a
C++
style.
You
know
ra
íí-,
you
allocate
the
thing
here
and
it's
deallocate
of
the
scope
they're
not
so
used
to
that,
and
so
once
they
sort
of
understand
that
piece
of
it,
then
the
lifetime
part
kind
of
flows
from
it
sort
of.
A
We
have
a
fantastic
volunteer
community.
Actually
I've
been
amazed
by
how
many
non
Mozilla
like
people
who
don't
care
about
Firefox
are
jumping
onto
rust,
and
this
is
another
bjorn
reference.
So
yarn
mentioned
how
C+
C++
doesn't
have
a
central
community.
We
do
like.
We've
got
a
great
system
in
terms
of
having
chat
rooms
and
a
really
active
user
base
and
people
actively
contribute
the
compiler.
A
The
compiler
is
written
in
rust,
which
means
is
super
awesome
in
terms
of
being
able
hacking
a
compiler
in
this
sound
language,
but
you
know
still
get
you
know
doing
native
code
generation
and
whatnot
I
mean
LLVM
is
doing
most
of
the
hard
work
there
to
be
fair.
So
the
point
is
that
we
have
an
awesome
community.
It's
not
just
Mozilla,
it's
people
from
all
over
the
place.
Python
programmers
a
lot
of
rubyists
for
some
reason
that
I
don't
quite
understand
I
got
the
impression
that
some
ruby
has
basically
realized
that
they
needed.
A
You
know.
They've
said
oh
I
need
I
need
to
make
some
component
native
and
they
said
well.
I
could
do
it
and
see
Oba
I'm
scared
of
C,
and
then
they
found
rust
and
they
figured
out
how
to
hook
into
rust,
because
we've
got
a
pretty
good
FFI
story
and
that
led
to
them.
You
know
being
able
to
actually
make
rust
plugins
for
Ruby.
A
About
typify
the
basic
story:
there
is
that
we
have
one
and
if
it's
so
it
basically
lets
you
express
right
now,
it's
essentially
just
less.
You
call
in
this
thing's
with
a
see
call
invention,
like
we've,
about
the
rest
of
all
invention
in
the
sea
convention,
and
you
declare
what
kind
of
thing
you're
working
on,
and
you
can
basically
express
most
see
its
types
that
one
thing
we're
missing
is
union.
Like
actual
union
types,
we
don't
have
a
good
story
for
handling
them
directly
in
our
FFI
right
now.
A
You
sort
of
have
to
just
know
what
the
representation
the
compiler
is
gonna
use.
Unfortunately,
right
now,
but
other
than
that
you
can
define
structs,
we
didn't
see
any
struct
definitions
yet,
but
we
have
a
strut
syntax
and
basically
you
just
annotated
saying
this
needs
to
get
the
c
representation.
There's
an
annotation
system
where
you
can
say
this:
struct
need
to
have
the
c
with
style
layout,
because
I'm
gonna
be
using
it
passing
pointers
into
it
into
c
code,
for
example.
So.
A
Yeah,
you
need
to
be
that's
the
other
piece
of
it,
so
the
other
thing
I
haven't
mentioned
yet.
Is
that
sure
this
is
a
safe
language,
but
it's
also
Assistance
Program
language.
So
how
do
you,
you
know,
make
those
things
two
things
mesh,
and
the
answer
is
that
I'm
gonna
focused
mostly
on
the
safe
language,
but
there
is
actually
a
superset
of
rust
that
includes
the
unsafe
portions
of
it.
G
A
Warmth
and
also
FFI
calls
you
can't
make
an
FF
I
call
directly
you
have
to
it
has
to
be
in
an
unsafe
block.
So
all
these
things
are
basically
a
big
warning
signs.
Saying:
okay,
you
need
to
be
a
little
more
careful
here
and
make
sure
that
you
get
you
away
the
rules.
You
don't
break
any
system
invariance.
A
Applies
all
of
the
rules
for
the
type
note,
it's
a
it's
a
distinct
two
sets
of
types
involved,
so
native
pointers.
Don't
look
like
these
reference
types
here,
there's
a
different
syntax
for
declaring
that
kind
of
type.
And
thus,
if
you
have
an
unsafe
block,
you
still
get
all
the
analyses
of
things
like
that.
The
lifetimes
of
references
are,
you
know,
being
properly
used.
It's
only
unsafe
pointers
that
get
treated.
A
Have
that
statistic
handy,
but
it's
easy
to
grep
for
I,
don't
I,
don't
want
it
the
time
to
do
the
grep
right
now.
Maybe
you
can
come
to
me
offline.
The
answer
is,
there
is
certainly
some
but
there's
less
than
we
used
to
be
like
people
used
to
do
crazy,
hacks
in
the
name
of
efficiency
in
the
compiler,
like
things
where
they
said.
Oh,
we
should
be
like,
but
we
don't
want
to
deal
with
reference
counting
on
this
data
type,
so
we're
gonna
like
just
allocate
it.
This
is
on
them.
A
You
know
the
heap
and
just
ignore
the
fact
that
it's
shared
and
user
need
a
pointer
everywhere
and
just
trust
they
would
that
we
know
how
the
allocation
pads
are.
So
that
wasn't
something
that
we
used
to
do.
But
eventually
someone
said
this
is
this
is
unnecessary.
Once
this
lifetime
system
remember,
I
was
talking
earlier
about
the
pending
a
main
function
with
an
arena.
Basically,
someone
realized
hey.
We
can
take
that
arena
and
we
can
these
types
that
we've
been
doing
unsafe
stuff
with.
We
can
start
allocating
to
an
arena.
A
That's
basically
has
the
same
lifetime
as
the
grant
compilation
unit
and
then
you're
assured
that
that's
the
objects
to
allocate
to
that
arena
live
as
long
as
the
compiled
current
compliation
of
that
function,
and
so
you
have
a
sound
and
proven
sound
approach
there.
So
the
number
of
unsafe
walks
has
gone
down
over
time
is
the
short
answer,
as
the
language
got
better.
Okay,
I
think
that's
everyone
right,
alright,
so
yeah.
A
So
we
were
talking
about
sighs
about
these
these
these
read-only
borrows,
and
the
crucial
thing
here
is
that
you
have
to
assume
very
aliased
as
in
you
know,
the
programmer
does
and
the
compiler
does,
because
you
know
maybe
they
were,
and
so
that
means
that,
for
example
down
here,
that's
called
the
Tri
modify
it's
an
error
to
do
that
because
you
don't
know
if
that
vector
is
alias
by
something
else,
and
so
it
tells
you.
A
You
can't
borrow
this
immutably
borrowed
thing
as
if
it's
mutable
and
that's
a
bummer,
because
you
know
my
I'm
tired
of
programmer
I
want
my
algorithms,
and
so
this
is
where
the
exclusively
borrowed
mute
bar
was
come
in.
Where
now
you
can
do
ampersand
mute
and
then
you
can
call
it
modify
back
and
that
works
fine
and
you
know,
ends
up
printing
one.
Two
three
four
here,
so
a
crucial
detail,
because
a
lot
of
people
misunderstand
this
I
misunderstood
it
for
a
really
long
time.
Ampersand
mute.
It
sounds
like
it
means.
A
Oh
all,
mutation
must
go
through
this,
but
that's
not
actually
what
it
means.
Most
types
that
need
mutation
do
want
to
use
this
form
because
most
mutation
there's
some
sort
of
invariant
trying
to
maintain
where
you
need
exclusive
access
to
actually
properly
update
that
data
structure,
and
so
ampersand
newt
is
the
right
thing
for
most
mutation.
But
there
is
plenty
of
mutation
like
if
you
just
have,
for
example,
a
counter
on
a
data
structure
and
there's
no
like
relationship
with
the
other
piece
of
the
data
structure.
A
There's
not
a
reason
to
require
a
person
need
access
just
to
update
that
counter.
It
can
be
an
atomic
integer
that
you
use
in
a
compare
and
swap
or
our
tog
Tomica
increment
on,
and
so
that's
something
where
we
have
various
types
that
don't
require.
Ampersand
you
access
to
mutate
them,
so
my
opinion
I
know
my
motto
here
is
that
it's
not
about
as
syntax?
It's
sorry,
it's
not
about
mutations
about
having
such
access.
That's
what
ampersand
mute,
denotes
and
should
have.
Perhaps
me
name
something
else
to
make
that
clearer.
E
A
A
mix
so
there's
there's
pre-deployment
like
atomic
word.
It's
for.
You
know
that
that's
the
kind
of
thing
where
you
can't
just
add
new
atomic
things:
the
community
runtime
sister.
We
need
processor
support
for
that,
but
there's
also
generic
types
where
you
can
have
their
certain.
You
can
talk
to
about
it
later,
but
the
point
is
there
are
certain
cell
types
that
can
hold
data.
A
One
kind
is
one
where
it's
basically
always
forces
you
to
take
a
copy
of
the
value
and
if
value
isn't
copyable,
then
you're
not
allowed
to
even
put
it
in
there
and
there's
another
kind
of
type,
a
ref
cell
type.
Where
there's
that
rule
right,
where
you
have
either
many
readers
or
exactly
one
writer,
one
person
is
host
access
and
the
truth.
The
truth,
the
cute
thing
about
the
ref
cell
is
that
it
enforces
that,
but
it
does
it
dynamically.
A
It's
a
library
type,
it's
an
implemented
where
it
enforces
the
rule
dynamically,
and
so,
if
you
break
the
rule
you're
allowed
to
you're
allowed
to,
you
know
attempt
to
mutate
this
thing.
While
there's
now
setting
borrow
and
what
happens,
you
get
a
runtime
failure,
but
a
clean
one.
It
cleans
that
shuts
down
the
system
cleanly
when
it
does
this.
It
shows
on
that
read
cleanly.
So
it's
a
crucial
difference
from
like
a
segfault
or
a
data
race
that
may
or
may
not
answer
your
question:
okay,
uh-huh!
A
Okay,
so
again,
I
wanted
to
point
out
that
these
this
is
who's
versus
ownership
thing
they
seem
quite
similar
and
they
are
pretty
similar.
But
in
my
opinion
the
interesting
thing
is
that
ownership
is
power,
the
power
to
mutate,
plus
the
responsibility
to
actually
clean
up
the
resource.
While
ampersand
mute
is
all
the
power
you
know
freely
available,
mutate
it,
but
none
of
the
responsibility.
You
can't
you
know
in
fact
it's
it's
worse
than
others
ones
ability
you
can't
drop
it.
You
can't
clean
it
up.
A
Okay.
These
are
demos
of
like
the
various
ways
that
ampersand
mute,
like
you
know,
these
errors
that
it
checks,
but
you
guys
can
see
the
slides
yourself.
Hopefully
some
of
you
took
down
that
that
tinyurl
the
beginning,
we
have
method
calls.
We
have
virtual
dispatch
and
the
interesting
thing
about
methods
is
that
there's
you
know
again
the
three
kinds
of
types
where
you
have
methods
that
just
consume
the
receiver.
You
have
methods
that
have
read
access
and
you
have
methods
that
have
exclusive
access.
A
The
interesting
thing
about
these
methods
is
that
the
way
it
works,
yeah
I,
don't
have
time
to
I-
can
get
into
this
in
too
much
detail.
But
the
neat
thing
depending
point
of
view,
is
the
sugar
we
have
where
method
invocations
will
automatically
do
the
borrows
and
DRS
as
necessary.
So
these
calls
here
to
is
some
is
none
and
grab
done,
wrap
or
the
interface
on
the
top.
Here
reflects
three
different
kinds
of
argument:
passing
protocols,
but
the
method
calls
all
look
the
same.
A
This
is
a
huge
boon
in
terms
of
like
product
programmer
convenience.
We
don't
do
it
for
all
the
other
argument.
It's
a
special
thing
about
the
self
argument.
They've
won,
that's
the
receiver
and
the
method
call,
but
it's
a
huge
reason.
Why
you're
not
just
wasting
all
your
time
figuring
out
how
many
stars
or
ampersands
we
need
to
put
in
you
get
away
with
a
lot
with
this
rule?
A
Yeah?
Okay,
we
have
smart
pointers,
I,
don't
think
I've
time
to
talk
about
them,
say
only
30
seconds
too
bad.
We
talked
about
light
emulation.
We
have
generics.
The
one
thing
I
want
to
point
out
here
is
that
you
know
we
have
parametric
polymorphism,
but
it's
not
and
we
have
F
bounded
polymorphism,
so
R
Us
is
not
C++.
We
have
basically
C+
those
concepts
already
in
the
language.
We
checked
them
at
the
time.
You
define
the
trait
so
here
this
trait
this.
This
we're
sorry
the
time
that
you
time
to
define
the
method.
A
A
That's
that's.
We
have
two
unit
testing
built
into
the
language,
so
you
annotate
empty
function,
function
with
no
arguments
is
unit
test,
and
that
means
that
when
you
run
when
you
compile
the
compiler
or
the
special
mode,
it
generates
a
binary
that
that
runs
all
your
unit
tests.
A
A
Get
to
I
don't
know
if
I
actually
have
time
or
not
all
right.
So
the
thing
I
wanted
to
talk
about
besides
f9
and
polymorphism,
is
that
we
have
these
traits
right,
which
are
like
Java
interfaces.
You
explicitly
say
what
method
something
has
and
then
you
use
that
as
bounds
on
a
type
parameter.
Okay,
that's
that's
interesting,
but
it's
sort
of
old
hat.
The
interesting
thing
is
that
that
kind
of
programming
doesn't
suffice
in
all
cases.
A
This
is
in
particular,
if
you
have
a
mix
of
things
on
an
array
where
you
have
both
a
rect
struct
and
a
circle
struct,
you
can't
mix
those
things
into
a
you
know
to
a
a
parametrically
or
a
parametric
array
where
all
the
types
of
Li
the
same.
That
doesn't
work
because
you
need
be
the
same
type
all
the
way
through
it
has
the
uniform.
So
the
crucial
thing
is,
you
need
auditory
programming
right
to
be
able
to
actually
have
virtual
dispatch
and
the
awesome
insight
that
rust
has
is.
A
It
takes
the
same
system
that
you
use
for
trait
bounds
are
used
for
these.
You
know
for
ballad
play
morphism
and
it
just
turns
them
into
objects
by
saying
if
you
have
a
the
way
we
code.
This
is
by
saying,
if
you
have
a
reference
to
a
trait
that
basically
means
you
have
a
special
fat
pointer.
You
have
a
pointer
to
the
actual
data
that
you
was.
You
know
the
actual
representation
type
and
you
have
a
second
word.
A
That's
part
of
this
fat
pointer
that
points
the
be
table,
and
this
is
a
really
cool
way
to
get
it's
not
the
same
as
a
class
hierarchy
that
you
have.
Instead,
this
is
an
arbitrary
sort
of
graph
structure
where
the
traits
can
inherit
from
each
other
and
you're.
Just
passing
things
around
and
the
B
tables
are
part
of
the
pointer
themselves.
So
this
is
really
cool.
Ok,
but
you
know
this
crowd
probably
doesn't
care
as
much
about
it.
A
Oop
is
that
well,
I,
don't
know
actually
there's
a
lot
of
Java's
for
people
here,
right,
right,
I'm
being
curry
on
so
I'm
thinking,
FP,
but
okay
point
is
we
have
we
have
closures
as
well?
You
don't
need
the
reminder.
Bubble
closures
look
like
so
this
is
yeah.
This
is
the
slide
if
somebody
wanted
way
way
along
ago,
the
bar
syntax,
our
syntax,
for
closure
expressions-
and
you
know
you
can
define
closures
so
yeah,
that's
nice!
We're
gonna
skip
this.
You
know
time
we
have
our
III.
A
We
have
the
structure,
it's
just
another
trait
you
have
with
this
trait
and
you
get
a
destructor
boom.
So
there's
a
simply
example,
but
also
the
more
important
thing
is.
This
is
an
example
of
how
our
reference
count.
This
is
a
simplified
version
of
our
reference
counting
system.
So
it's
just
another
piece
of
rusts
code
that,
if
a
reference,
our
C
pointer,
is
just
an
influence
drop
to
properly
maintain
the
count.
Oh,
it's
such
a
shame.
We
don't
time.
I
guess
come
see
me
after
because
this
is
a.