TWiR quote of the week

From this thread:


and as much as i dislike the cargo-geiger concept, the name … kind of works

unsafe is a lot like uranium. it’s just one more metal ore you can process, refine, and machine. it doesn’t combust in atmosphere, it doesn’t corrode or make weird acids. unless you go out of your way to make it dangerous you don’t even have to worry about critical masses. you can work with it pretty normally most of the time

but if you don’t know exactly what it is, what it does, and how to work with it, it will cause mysterious illnesses that only crop up long after you’ve stopped touching it

-- myrrlyn @ Reddit - Dive into anything


Another thing that I found interesting was hiring Rust developers. Turned out that I thought it would be hard and in a sense I was right. But the last three developers which were hired they didn't use Rust before at all, but still in their second day [..] their commits were already used in production. Pair programming of course helps a lot with this, but I reasonably cannot see anymore that Rust is hard to learn. People can pick it up really really quickly.

-- Markus Klein, "Rust at Aleph Alpha" talk at Rust Linz Meetup (link to youtube)


Memory management is the least interesting application of borrow checking.

Fixing the next 10 000 aliasing bugs


The Rust compiler is a thousand unit tests that you don't have to write
-- I built a startup in Rust, I would do it again. | Cloak

(Echoing exactly the reason I'm migrating as much of my development effort as is feasible to Rust.)

Also, give the section it comes from a read. It's possible I misjudged where the boundary lies for the best quote and someone else may want to propose a different cropping.


The generated program is a random sequence of bytes that just happens to take the shape of a seemingly working program by accident. Such is the joy of code that causes UB. You cannot deduce anything from what happens when you execute a program with UB, since that act is by itself meaningless. You need to establish that your program has no UB before making any inference based on what you see the program do after it came out of the compiler.

Ralf Jung on Is read_volatile on uninitialized memory really undefined behavior?


It's a shame the one I proposed came in at the beginning of the week while this one came in at the end and didn't have time to accumulate votes. I think this one deserved it more.


You're not fighting the compiler you're fixing bugs.

Also from I built a startup in Rust, I would do it again.


(I'd like to also suggest considering rolling over the RalfJ quote to this week's consideration as well; it's a good quote.)

Accounting for arbitrary shenanigans going on is the default state of the compiler; any optimizations have to prove that there aren't problematic shenanigans going on. The purpose of UB is carving out semantic space where the user code promises not to be doing any shenanigans, in order to make proving the absence of shenanigans somewhat practical.

Myself (@CAD97), in discussion about shenanigans before main. (edited very slightly for formatting)

(Memedatory reply)

As part of this work, I even found two memory safety bugs in the DRM scheduler component that were causing kernel oopses for Alyssa and other developers, so the Rust driver work also benefits other kernel drivers that use this shared code! Meanwhile, I still haven't gotten any reports of kernel oopses due to bugs in the Rust code at all

Asahi Lina


It's not exactly a quote, but I saw one of these trucks the other day and the slogan "Secure Destruction You Can Trust" made me think Rust:


It's very hard to debug something based on a human description. If you were able to explain what's going on perfectly, you probably wouldn't be looking for help. Sharing the code is the best way to communicate about unexpected behavior.

@saethlin on zulip.


Rust changes the paradigm again in a way structured programming did.

Structured programming went from spaghetti code to more organized code.

Rust pushes us from "spaghetti of pointers" to more organized data.

Zde-G on reddit.


I like the quote, but I think it is slightly misleading because rust does in fact not give you a guarantee that a destructor is called.
There is a whole bunch of problems caused by this in the async context for example.

1 Like

As usual, the borrow checker is correct: we are doing memory crimes.


As an expert at being ignorant of what Pin does, I can assert with expertise that other ignorant readers have a hard time with Pin

@grom in Pin tutorial are confusing me

After all, we had April Fools this week :slight_smile:


Error types should be located near to their unit of fallibility.

By Sabrina Jewson.

The post itself is unfortunately not meme-friendly, but I think an in-depth discussion of errors with a readymade proposed solution is worth the people's attention.


I'm not sure whether it's tonally appropriate to push it into people's attention again, but this certainly feels like it succinctly embodies the most significant event of this week:

but Tide and Clorox don't have a community, they have customers. The reason why the Rust mark has any value is that there is a community of people who love using it.

-- Robert Swinford @ Why the Rust Trademark Policy was such a problem... - kimono koans


Hmm,,, what on Earth are Tide and Clorox?

Sure I could google it. But really, I have enough to google every day.

1 Like