From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 2002:a24:fe05:: with SMTP id w5-v6mr8417188ith.14.1525175099111; Tue, 01 May 2018 04:44:59 -0700 (PDT) X-Received: by 2002:a9d:5c8d:: with SMTP id a13-v6mr1234817oti.0.1525175098979; Tue, 01 May 2018 04:44:58 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.gegeweb.eu!gegeweb.org!usenet-fr.net!proxad.net!feeder1-2.proxad.net!209.85.214.87.MISMATCH!k65-v6no2886921ita.0!news-out.google.com!b185-v6ni4524itb.0!nntp.google.com!k65-v6no2886918ita.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 1 May 2018 04:44:58 -0700 (PDT) In-Reply-To: <87efiwm3er.fsf@nightsong.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=96.247.198.106; posting-account=QF6XPQoAAABce2NyPxxDAaKdAkN6RgAf NNTP-Posting-Host: 96.247.198.106 References: <7b6ae5e8-6604-4d36-b606-ead71f667847@googlegroups.com> <87efiwm3er.fsf@nightsong.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <2da6c10e-0af9-4d28-a869-950d34495e1b@googlegroups.com> Subject: Re: Why not Coq2Ada program extraction? From: Jere Injection-Date: Tue, 01 May 2018 11:44:59 +0000 Content-Type: text/plain; charset="UTF-8" Xref: reader02.eternal-september.org comp.lang.ada:51883 Date: 2018-05-01T04:44:58-07:00 List-Id: On Tuesday, May 1, 2018 at 12:00:00 AM UTC-4, Paul Rubin wrote: > "Dan'l Miller" writes: > > Why hasn't anyone ever developed Ada extraction from Coq proofs? > On the other hand, there's a C++11 back end for Purescript (purescript.org) > that uses std::shared_ptr as a poor person's GC, so maybe Rust has > something like that too. > You generally don't use any direct allocation or deallocation in Rust. If you need heap memory, you use something like Box (like std::unique_ptr), Rc (like std::shared_ptr), or Arc (a thread safe version of Rc). You generally don't use pointers, but rely on references (which are always non-null and cannot be deallocated). Everything tries to be stack allocated if possible. One of the more confusing things that caught me was I kept seeing the use of SomeType::new() everywhere and assumed it was heap allocation. It actually rarely was heap allocation at all. Also keep in mind that rust is actually considered two different languages "safe rust" and "unsafe rust", which is analogous to Ada's "unchecked" options. You have to be explicit to use unsafe rust and I believe there are language options to prohibit it's use in your own code (I'd have to check to make sure on that though). Pointers are always "unsafe" so you cannot use them in Rust code without using explicitly "unsafe Rust" code. It is also very extremely picky about how you use references. You can only have either 1 mutable reference OR up to N immutable references (never both). It is all compile time checked and the compiler is EXTREMELY picky (way more so than an Ada compiler is).