TWiR quote of the week

"All the pro C/C++ arguments seem to come down to “Good drivers don’t need seat belts because they don’t get in accidents"

~ otwkme in Reddit - Dive into anything


“It’s enjoyable to write Rust, which is maybe kind of weird to say, but it’s just the language is fantastic. It’s fun. You feel like a magician, and that never happens in other languages.”

Parker Timmerman, software engineer

Citation extracted from How Rust went from a side project to the world’s most-loved programming language


I'm not sure if this is fitting for the quote of the week, but I liked the simile enough that I thought it'd be best to let everyone else decide that.

Instead of being dangerous and fun like cigarettes (or French philosophy), C needs to be dangerous and unfun like sewage systems: something that experts handle humble, carefully, and out of necessity, with designs that reflect the societal repercussions of any mistakes.

-- The unsafe language doom principle


You've probably come across unsafe. So "unsafe" is a keyword that sort of unlocks super powers and segfaults.

-- Arthur Cohen, in his talk A deep dive inside the Rust frontend for GCC at FOSDEM'23

Edit: There are quite a few quotable lines in this talk.


From this thread:


and as much as i dislike the cargo-geiger concept, the name … kind of works

unsafe is a lot like uranium. it’s just one more metal ore you can process, refine, and machine. it doesn’t combust in atmosphere, it doesn’t corrode or make weird acids. unless you go out of your way to make it dangerous you don’t even have to worry about critical masses. you can work with it pretty normally most of the time

but if you don’t know exactly what it is, what it does, and how to work with it, it will cause mysterious illnesses that only crop up long after you’ve stopped touching it

-- myrrlyn @ Reddit - Dive into anything


Another thing that I found interesting was hiring Rust developers. Turned out that I thought it would be hard and in a sense I was right. But the last three developers which were hired they didn't use Rust before at all, but still in their second day [..] their commits were already used in production. Pair programming of course helps a lot with this, but I reasonably cannot see anymore that Rust is hard to learn. People can pick it up really really quickly.

-- Markus Klein, "Rust at Aleph Alpha" talk at Rust Linz Meetup (link to youtube)


Memory management is the least interesting application of borrow checking.

Fixing the next 10 000 aliasing bugs


The Rust compiler is a thousand unit tests that you don't have to write
-- I built a startup in Rust, I would do it again. | Cloak

(Echoing exactly the reason I'm migrating as much of my development effort as is feasible to Rust.)

Also, give the section it comes from a read. It's possible I misjudged where the boundary lies for the best quote and someone else may want to propose a different cropping.


The generated program is a random sequence of bytes that just happens to take the shape of a seemingly working program by accident. Such is the joy of code that causes UB. You cannot deduce anything from what happens when you execute a program with UB, since that act is by itself meaningless. You need to establish that your program has no UB before making any inference based on what you see the program do after it came out of the compiler.

Ralf Jung on Is read_volatile on uninitialized memory really undefined behavior?


It's a shame the one I proposed came in at the beginning of the week while this one came in at the end and didn't have time to accumulate votes. I think this one deserved it more.


You're not fighting the compiler you're fixing bugs.

Also from I built a startup in Rust, I would do it again.


(I'd like to also suggest considering rolling over the RalfJ quote to this week's consideration as well; it's a good quote.)

Accounting for arbitrary shenanigans going on is the default state of the compiler; any optimizations have to prove that there aren't problematic shenanigans going on. The purpose of UB is carving out semantic space where the user code promises not to be doing any shenanigans, in order to make proving the absence of shenanigans somewhat practical.

Myself (@CAD97), in discussion about shenanigans before main. (edited very slightly for formatting)

(Memedatory reply)

As part of this work, I even found two memory safety bugs in the DRM scheduler component that were causing kernel oopses for Alyssa and other developers, so the Rust driver work also benefits other kernel drivers that use this shared code! Meanwhile, I still haven't gotten any reports of kernel oopses due to bugs in the Rust code at all

Asahi Lina


It's not exactly a quote, but I saw one of these trucks the other day and the slogan "Secure Destruction You Can Trust" made me think Rust:


It's very hard to debug something based on a human description. If you were able to explain what's going on perfectly, you probably wouldn't be looking for help. Sharing the code is the best way to communicate about unexpected behavior.

@saethlin on zulip.


Rust changes the paradigm again in a way structured programming did.

Structured programming went from spaghetti code to more organized code.

Rust pushes us from "spaghetti of pointers" to more organized data.

Zde-G on reddit.


I like the quote, but I think it is slightly misleading because rust does in fact not give you a guarantee that a destructor is called.
There is a whole bunch of problems caused by this in the async context for example.

1 Like

As usual, the borrow checker is correct: we are doing memory crimes.