If the final compiler will be written in SLUL, shouldn't the stdlib also
be written in SLUL?

But that leads to problems with implementing things that cannot be
implemented in SLUL, such as low-level stuff and data structures:

* syscall code
* mem-copy, vector, and similar.
* allocation
* threading
* fatal error handling

Should the bootstrap compiler use the normal stdlib?
Or a limited built-in one?


Solutions
---------
Can combine more than one!

Write those things in:
* C
* Assembler
  (probably safer than using inline assembler)
* Annotated "hexcode"/binary
    - perhaps with macro support to make it more usable.
* Unsafe IR
* Safe IR with unsafe elements
* Some neither-100%-nor-0%-safe language:
  Ada, Zig, Rust-with-unsafe, Hare, ...
  (note that some of those are not very portable,
   e.g. Hare uses QBE, which has somewhat limited target support)
* Formally-verified IR/assembler (see below)

Hard-core solution: formally verified IR/assembler
--------------------------------------------------

* Could build in some minimal but powerful proof language into the IR
  (this could then also be used by the frontend)
    - ...and then it would be safe to expose this
          (although without backwards compatibility guarantees)
* But it's still necessary to do things like syscalls etc.
  That can't be done safely at all... unless the compiler can
  directly generate syscalls AND enforce that the are used in a
  safe way (e.g. by emitting pre/post-conditions that can be
  used by the proof language)

Pre/post-condition ideas:

For registers, and for fields in structs in memory:

* valid pointer of type X
* valid uninitialized memory of size N
* free'd pointer
* not null
* length of field F
* etc.