X-Git-Url: https://git.ralfj.de/web.git/blobdiff_plain/f9a3fec1704a2bb89fe6458b8f65ae9042c197ff..5cdb512d4c051c4b3d6e7432f1c4cacc46dc9fa8:/personal/_posts/2018-07-19-const.md diff --git a/personal/_posts/2018-07-19-const.md b/personal/_posts/2018-07-19-const.md index da18fc1..2bcd009 100644 --- a/personal/_posts/2018-07-19-const.md +++ b/personal/_posts/2018-07-19-const.md @@ -34,8 +34,12 @@ We say that the `3 + 4` above is in *const context* and hence subject to CTFE, b Not all operations can be used in const context. For example, it makes no sense to compute your array length as "please go read that file from disk and compute something" -- we can't know what will be on the disk when the program actually runs. We could use the disk of the machine compiling the program, but that does not sound very appearling either. -In fact, it would also be grossly unsafe: +Things get even worse when you consider letting the program send information to the network. +Clearly, we don't want CTFE to have actually observable side-effects outside of compilation. + +In fact, just naively letting programs read files would also be grossly unsafe: When computing the length of an array twice, it is important that we obtain the same result. +**Update:** As @eddyb points out, things get even worse once you consider const generics, traits, and coherence: At that point, you have to [rely on evaluating the same expression in different crates to produce the same result](https://internals.rust-lang.org/t/mir-constant-evaluation/3143/47). **/Update** > *CTFE must be deterministic.* @@ -135,7 +139,8 @@ So, we will likely have to live with either considering floating point operation I think it is possible to achieve CTFE correctness for all other operations, and I think we should strive to do so. Before we go on, notice that CTFE correctness as defined above does not say anything about the case where CTFE fails with an error, e.g. because of an unsupported operation. -That is a deliberate choice because it lets us gradually improve the operations supported by CTFE, but it is a choice that not everyone might agree with. +CTFE would be trivially correct (in the above sense) if it just always immediately returned an error. +However, since const-safe programs cannot error during CTFE, we know from CTFE correctness that *those* programs *do* in fact behave exactly the same at compile-time and at run-time. ## Unsafe Blocks in Const Context