[jandrewrogers]

Not speaking to the specific design choices here, but in C++ moved-from objects are not destroyed and must be valid in their moved-from state (e.g. a sentinel value to indicate they’ve been moved) so that they can be destroyed in the indefinite future. This is useful even though “destroy on move” is the correct semantics for most cases. Making “move” and “destroy” distinct operations increases the flexibility and expressiveness.

A common case where this is useful is if the address space where the object lives is accessible, for read or write, by references exogenous to the process like some kinds of shared memory or hardware DMA. If the object is immediately destroyed on move, it implies the memory can be reused while things your process can’t control may not know you destroyed the object. This is essentially a use-after-free bug factory. Being able to defer destruction to a point in time when you can guarantee this kind of UAF bug is not possible is valuable.

[quietbritishjim]

> Making “move” and “destroy” distinct operations increases the flexibility and expressiveness.

No, it does not. It's an artefact of the evolution of the language and highly undesirable. Rust has destructive moves (and copies built on top of moves, rather than the other way round) and it's far cleaner.

[jandrewrogers]

Sure, if you never need to deal with actual low-level high-performance systems code. Just because this use case doesn’t apply to anything you do doesn’t mean it applies to nobody. This is the kind of attitude that undermines languages like Rust (which I use in my systems). A fair criticism of Rust as a “systems language” is that it simply excludes all the really difficult parts of being a systems language.

C++ deserves a lot of criticism. Many aspects of the language are quite fucked. But willfully ignoring that it solves real problems that other nominal systems languages are unwilling to address doesn’t mean those problems don’t exist.

[arka2147483647]

Respectfully, the value of a c++ wrapper/implementation comes from the fact that it behaves like one would expect a C++ classes to behave. That is, RAII, and so on.

If the underlying resource can not behave like a class, it would be better to expose a free function style api, eg:

    Handle h = ResourceGet();
    ResourceDoSomething(h);
    h.release();

[quietbritishjim]

> Sure, if you never need to deal with actual low-level high-performance systems code.

What are you talking about? It's perfectly possible to write high performance code in C++ without violating the basic idioms if its type system. How would that even help? It sounds like you had some past project where you just didn't have the imagination to come up with a workable design. That's not my (or C++'s) fault.

The irony is, your comment reads as though you're defending C++ against my criticism of it. But actually your assertion that you have to violate move semantics to get performance out of C++, if that made the slightest but of sense, would be more of a criticism than anything I said.

[motorest]

> (...) but in C++ moved-from objects are not destroyed and must be valid in their moved-from state (e.g. a sentinel value to indicate they’ve been moved) so that they can be destroyed in the indefinite future.

I don't think there is any requirement for a moved-from state other than the moved-from instance to remain in a valid state. There is zero relationship between moved-from state and the end of the object's life cycle. You can continue to use the instance of the moved-from object without any concern other than being in a valid state, but that applies to all instances of all conceivable object types.

Focus on the problem that move semantics solves: avoiding copies in general, specifically when resources are transfered to other instances. Does instance lifetimes change? No.

[remexre]

If an object is a RAII container though, shouldn't moving transfer the ownership of the contents to the destination? Otherwise there's no way to increase the lifetime of the contents.

[amluto]

> A common case where this is useful is if the address space where the object lives is accessible, for read or write, by references exogenous to the process like some kinds of shared memory or hardware DMA.

Huh? Okay, I allocate some memory and DMA-map it to the device [0]. Then:

1. Device uses it.

2. I copy or otherwise consume the data. Hopefully not in a way that causes UB.

3. I’m logically done, but maybe the device isn’t.

4. I’m 100% done, and I unmap the memory. And it’s an error if the device touches it again.

Why would I represent steps 2 and 3 as std::move? Maybe this results in efficient code in some particular code base, but it is not idiomatic, and I can almost guarantee that the same performance could be achieved in a less mind-bending and expectation-defying manner that doesn’t call itself a move.

I don’t see why Rust would have any particular trouble with this as long as you don’t try to force the lifetime of a DMA allocation or mapping into an object that doesn’t live long enough.

[0] The mapping operation may or may not be a no-op given IOMMUs, various VM translation schemes, etc.