TWiR quote of the week

The quote is not "if you use unsafe, you're fooling yourself", rather, it is "if you use unsafe incorrectly, you're fooling yourself". When you use unsafe correctly, it doesn't apply.

7 Likes

BlackBerry Limited (NYSE: BB; TSX: BB) and Elektrobit today announced they are collaborating on integration efforts to support the Rust programming language, empowering developers to build safe, reliable and efficient automotive software.

Thanks to @blonk for the link! Unfortunately, it doesn't contain any catchy quotes. Perhaps there is a more memetic announcement?

1 Like

Turns out, it's easier to test and refactor when objects are not carrying mutable references around or are in complex graphs of relationships.

Once I was no longer fighting the borrow checker and saw him more as an adviser than a hurdle, Rust became bliss.

From My Year With Rust: The Good, The Bad, The Ugly | BreakBuildGames (which was already mentioned in TWiR, but I didn't see as a QotW suggestion).

6 Likes

Unfortunately, the author goes on to give a lot of pretty unfounded criticism of the language in the same post (eg. the "crates are not mature" argument is wielded merely based on 0.x version numbers, pointing out an obvious misunderstanding and/or lack of experience and/or lack of research – this question has been explained to death and has no correlation with perceived or actual maturity). The same goes for citing the supposedly opinionated nature of the language as a bad part, arguing that "only time will tell whether it's right or wrong" – I mean, haven't the last 16 years been enough proof? And the list goes on – "Rust is not OOP" is declared a downside, too (whereas at best this is a subjective choice among equal paradigms, at worst it's not true since OOP proved to be highly problematic during the last few decades), etc. It would have been better for this person to gain more experience in the community and the ecosystem before giving unjustified criticism of matters s/he clearly doesn't fully grasp in the grand scheme of things.

3 Likes

Working with traits has been hard. I find a need to revisit how to use traits quite often, especially when using generic types.

Jim Hodapp in My impressions of Rust after a year of working with it

Common arguments against Rust's safety guarantees:

  • The library you're binding to can have a segfault in it.
  • RAM can physically fail, causing dangling pointers.
  • The computer the Rust program is running on can be hit by a meteorite.
  • Alan Turing can come back from the dead and tell everyone that he actually made up computer science and none of it is real, thus invalidating every program ever made, including all Rust programs.

-- Ironmask @ Google To Allow Rust Code In The Chromium Browser - Phoronix Forums

12 Likes

A cosmic ray can also affect your code's behaviour, but that's not Rust's fault.

but that's not Rust's fault

It's a caricature of the kinds of reaches that keep getting made by people who see the prospect of Modern C++ still being flawed as some kind of threat to their emotional well-being/self-worth/identity/whatever.

3 Likes

Then Rust can do what it's always done - outsource experimentation of higher level features to external crates, and if there's demand - incorporate the winner to the standard library.

https://blaz.is/blog/post/we-dont-need-a-stable-abi/

this isn't my quote, or from the rust community but I figured you guy's would love this

forget ChatGPT, Rust is here to take my job
-dry-ambition-5456 from r/cpp

3 Likes

Self-nominating because I find myself saying things like this regularly, and I think it's philosophically important for Rust:

The signature is a firewall that keeps mistakes inside the function from affecting callers of the function.

https://old.reddit.com/r/rust/comments/10dmkth/lifetime_annotations_why_doesnt_rust/j4meovn/

6 Likes

Ironic, isn't it?

There are a bunch of asterisks -- auto trait leakage from RPIT is another one.

It's a principle, not an inviolable law of the universe.

Auto trait leakage caused me a lot of hair pulling when writing async code.

A 99% guarantee is worse than a 10% one: you learn to trust it, get bitten at the worst moment and get confused. The only solution is to treat it as nonexistent, and check everything manually.

if the rust compiler is a beast, then i'm going to tame it!

..or get tamed by it depending on how you look at it

@kyo@haunted.computer on Mastodon

2 Likes

Rust has demonstrated that you using a type system as a vehicle for separation logic works, even in imperative languages, and it's nothing as arcane as those immutable functional predecessors would suggest. It did this by making sure the language defines a type system that helps you, by making sure core properties of soundness can be expressed in it.

  • soundness requirement for memory access: lifetimes
  • soundness requirements for references with value semantics: > &/&mut _
  • soundness requirements for resources: Copy and Drop
  • making sure your logic is monotic: traits instead of inheritance, lack of specialization (yes, that's a feature).
  • (notably missing: no dependent types; apparently not 'necessary' but I'm sure it could be useful; however, research is heavily ongoing; caution is good)

This allows the standard library to encode all of its relevant requirements as types. And doing this everywhere is its soundness property: safe functions have no requirements beyond the sum of its parameter type, unsafe functions can. Nothing new or special there, nothing that makes Rust's notion of soundness special.

Basing your mathematical reasoning on separation logic makes soundness reviews local instead of requiring whole program analysis. This is what makes it practical. It did this pretty successfully and principled, but did no single truly revolutionary thing. It's a sum of good bits from the last decade of type system research. That's probably why people refer to it as 'the soundness definition', it's just a very poignant way to say: "we learned that a practical type systems works as a proof checker".

-- HeroicKatora @ https://www.reddit.com/r/cpp/comments/10d4qny/a_call_to_action_think_seriously_about_safety/j4ks225/

6 Likes

This guy hits the nail on the head. I think if C++ can be statically limited to a safe subset, it can still be the better option, especially migrating an existing code base to said subset. However, there is not enough effort going into that because the community doesn't care.

2 Likes

Rust’s numbers speak for themselves. As the number 1 most loved language in the famous stack overflow survey for seven years in a row, it has also recently been released as part of Linux kernel - a feat no language other than C has been able to accomplish. What’s exciting about the language, to me, is that it provides something truly new in the art of how software is built.

2 Likes

Another self-suggestion:

Robust Underpinnings, Strong Technique

-- yours truly on twitter

Compilers are an error reporting tool with a code generation side-gig.

-- estebank on a Hacker News thread about Rust syntax

6 Likes