77 lines
2.9 KiB
Markdown
77 lines
2.9 KiB
Markdown
# Runtime Values, Identity, and Memory Boundaries
|
|
|
|
## Original Problem
|
|
|
|
PBS needed a consistent user-visible runtime model for:
|
|
|
|
- which values carry identity,
|
|
- which values are copied payload,
|
|
- where ownership changes at host boundaries,
|
|
- what the collector is allowed to assume,
|
|
- and which cost facts matter semantically.
|
|
|
|
Without that closure, later lowering and diagnostics would have to guess whether a construct implied allocation, aliasing, retention, or host-owned state.
|
|
|
|
## Consolidated Decision
|
|
|
|
PBS keeps the runtime model intentionally small and explicit.
|
|
|
|
The stable rules are:
|
|
|
|
1. Scalars are copied values without user-visible identity.
|
|
2. Structs are identity-bearing reference values.
|
|
3. Services are canonical singleton identity-bearing values.
|
|
4. Host-backed resources are identity-bearing on the PBS side even when authority remains host-owned.
|
|
5. `optional`, `result`, and tuples are carriers; they do not create identity of their own.
|
|
6. Contract values do not create a second identity separate from the underlying value.
|
|
7. Host interaction is stack-only across the boundary.
|
|
8. The GC and reachability model must preserve identity-bearing values and retained callback contexts.
|
|
9. Cost visibility is semantic only where it changes reasoning:
|
|
- allocation-bearing versus non-allocation-bearing,
|
|
- retention-bearing versus non-retention-bearing,
|
|
- copy versus aliasing,
|
|
- host-boundary crossing,
|
|
- and trap possibility.
|
|
|
|
## Final Model
|
|
|
|
The runtime contract is qualitative, not byte-accounting-driven.
|
|
|
|
PBS does not promise:
|
|
|
|
- exact byte counts,
|
|
- one exact heap layout,
|
|
- or one exact collector schedule.
|
|
|
|
It does promise the semantic facts that maintenance tooling and humans need:
|
|
|
|
- whether aliasing is preserved,
|
|
- whether retention exists,
|
|
- whether a construct may allocate,
|
|
- and whether a boundary crossing is happening.
|
|
|
|
## Practical Consequences
|
|
|
|
1. `bind(context, fn_name)` is the main retention-bearing primitive in the current surface.
|
|
2. Carrier constructs are not allocation-bearing by themselves.
|
|
3. Host memory authority remains on the host side even when PBS models the value as identity-bearing.
|
|
4. Lifetime-control surfaces beyond the current line remain future-profile work, not silently implied support.
|
|
|
|
## Common Pitfalls
|
|
|
|
- Treating carriers like `optional` or `result` as if they created fresh identity.
|
|
- Assuming stack-only host crossing means host ownership disappears.
|
|
- Confusing qualitative cost guarantees with exact runtime budgeting.
|
|
- Treating future lifetime-control or concurrency surfaces as part of `core-v1` by implication.
|
|
|
|
## Source Decisions
|
|
|
|
- `Value Representation and Identity Decision.md`
|
|
- `Host Memory Boundary Decision.md`
|
|
- `GC and Reachability Decision.md`
|
|
- `Allocation and Cost Visibility Decision.md`
|
|
- `Lifetime Control and Future Profiles Decision.md`
|
|
- `Dynamic Semantics - Execution Model Decision.md`
|
|
- `Dynamic Semantics - Branch Selection Decision.md`
|
|
- `Dynamic Semantics - Effect Surfaces Decision.md`
|