We feel that Rust is now ready to join C as a practical language for implementing the [Linux] kernel. It can help us reduce the number of potential bugs and security vulnerabilities in privileged code while playing nicely with the core kernel and preserving its performance characteristics.
I think that this may be one of the most impactful statements regarding Rust for a fair amount of time.
The multiple references to Gregory Szorc's article inspired me to give it a read. As a beginner, I am always skeptical that I am engaging in confirmation bias reading an article about the benefits of Rust's ownership model and the memory safety it provides, to the extent that the author is preaching to the choir. But the author's endorsement from the perspective of an industry veteran carries credibility, and it was interesting to read the constructive critiques as well. My favorite quote from the article was:
With Rust, the compiler errors tell you exactly what the language defects are. So by the time you appease the compiler, you are left with just your logical/intent defects. I greatly prefer the Rust workflow which separates these because I'm getting clearer feedback on my progress: I know that once I've addressed all the language defects the compiler complains about that is just a matter of fixing logical/intent defects. I know I'm a giant step closer to victory.
I like the wording, but I do think there is a limit to how often one should employ italics for emphasis.
Having also read Gregory Szorc's article I think he did a good job of highlighting what truly separates Rust from other languages. Any mention of Rust is bound to mention memory safety, but to me it's more than that.
Rust promotes correctness by making you handle edge cases and errors.
Rust moves a huge number of what would be runtime errors in other languages to the compile stage.
To me, those two things, although often tied very closely to memory safety, are what makes Rust truly special. It's not (just) about memory, it's about correctness.
First time contributing to the quote of the week but reading the (very!) long article of Gregory Szorc, I thought it was worth mentioning at least one quote (it seems I'm not the only one!). I enjoyed this one specifically.
Like an artist reaches for a preferred paintbrush or a chef for a preferred knife because their preferred tool enables them to better express their craft, I feel that Rust often enables me to better express the potential of my professional craft more than other programming languages.
You won’t appreciate Rust unless you spend few weeks building something in it. The initial steep learning curve could be frustrating or challenging depending on how you see it, but once past that it’s hard not to love it. It’s a toddler with superpowers after all
I recently graduated with my Ph.D., after having worked on 5 different versions of my simulator, written in 4 different languages. The last version, written in pure, safe rust, worked correctly in part because of rust's strong guarantees about what 'safety' means, which I was able to leverage to turn what would normally be runtime errors into compile time errors. That let me catch errors that would normally be days or weeks of debugging into relatively simple corrections. [...] So, once again, thank you to everyone!
As the tradeoffs in software engineering change over time, so does the ideal solution. Some 40 years ago when the first C standards were written down, by people no less competent than those that work on Rust today, the design of the language and the list of behaviours not defined likely made much more sense in context of back then than they do right now. It is not all that unlikely that some years down the line the choices made by Rust won't make all that much of sense as they do today, too.
If manually managing memory is like wielding a gun, the borrow checker is an automatic safety that prevents you from pulling the trigger when you're roughly pointing it at yourself. But it's coarse-grained and errs on the side of caution; it simulates your foot as as the rectangular box that would contain it, not as a detailed 3D mesh. If you really think you can aim it between your toes and avoid hitting yourself (for example, "the value returned by this function must remain alive for no more than 15 successive invocations of this function"), unsafe will let you try, but the borrow checker's built-in rules isn't granular enough to help you, though it will still stop you if you accidentally put your hand in front without declaring it.
TBH I find "coarse-grained" a bit of a stretch. Without further context, the quote sounds as if the borrow checker was usually not really useful and had to be worked around, except for the most trivial cases. Whereas in reality, it's the exact opposite – needing to unsafe one's way around a borrow checker usability "bug" is – and should be – extremely rare.
Go loses its memory safety guarantees if you write concurrent software. Rust loses its memory safety guarantees if you use non-trivial data structures. C++ loses its memory safety guarantees if you use pointers