| ▲ | devnullbrain 17 hours ago |
| If the borrow checker slows you down, the C++ you write instead would just be buggy |
|
| ▲ | etyp 17 hours ago | parent | next [-] |
| Safe programs extend beyond those that Rust's borrow checker accepts though. There is more than one way to make a program safe, not all of them would be valid Rust. |
| |
| ▲ | goku12 14 hours ago | parent [-] | | There are more than one way to achieve safety in Rust. Two more, infact - runtime safety and fully manual (unsafe with some additional work). Runtime safety is a very fast way to overcome the resistance offered by the borrow checker. While it does slowdown the code a little bit, that should be pretty fine for prototyping. A more careful use of runtime checks will still give you a program more performant than in most other languages. | | |
| ▲ | dzaima 11 hours ago | parent [-] | | Runtime safety still comes with a good amount of complication source-wise, having to spam RefCell/Arc everywhere, and whatever derefs/.get()s they necessitate, and probably a different approach to passing references. Refactoring either that or unsafe away after being done with prototyping isn't trivial, if even possible without entirely rethinking the approach. | | |
| ▲ | goku12 7 hours ago | parent [-] | | Isn't that a bit dramatic? How much extra code or care do you need to implement runtime safety checks? This isn't the first time I hear these sort of arguments either. It gives the impression that a crowd is making up one exaggeration after another to drive the perception that Rust is somehow not suitable for general purpose programming. | | |
| ▲ | dzaima 7 hours ago | parent [-] | | It is a bit dramatic, though less so for some approaches to programming. And of course prototyping is very different from general purpose programming. With Rust, if you really want the borrow checker to actually never bother you, you really do just have to spam the dynamically-checked wrappers everywhere; when in the groove, having to stop and wrap some existing field (or its holder) and all its usages just to be able to mutate it because you previously didn't think you'd need to is just completely awful if you don't find that "fun". Whereas in C, if you want to mutate a thing, you can always do so whenever with no concerns (whereas using unsafe to mutate a field of a &Thing in Rust is just UB, though maybe you can get away with using unoptimized builds for a bit) and deal with previous code that may have been written with the assumption it wouldn't change Later™ (but, importantly, still allowing properly testing the modified thing, and perhaps the entire project). Want to change the lifetime of a thing? Just move where you free it, no need to ever change lifetime args across a dozen functions. And in Java the most anything may take is removing a "final" on a field. |
|
|
|
|
|
| ▲ | tylersmith 17 hours ago | parent | prev [-] |
| [flagged] |
| |
| ▲ | mkipper 17 hours ago | parent | next [-] | | If you remove "develop" from the OP and stick to "prototype", it's a totally valid criticism, and you come across as a condescending jerk if you suggest that software can't be "working" unless it's bug-free. I can't count the number of times I've wanted to try out some library and whipped up a quick prototype app in an hour or two to play around with it. I don't give a damn if that app is memory safe, handles signals safely, satisfies arcane aliasing rules or deals with any of the other million footguns in C/C++. I'm happy if it compiles and does what I want it to. I deal with that stuff when I inevitably rewrite it from scratch the next day and have an actual design in mind. FWIW, I'm comfortable enough with Rust that I would personally choose it over C or C++ for most stuff like this these days since the standard library makes a lot of boilerplate prototyping stuff (e.g. setting up a project, pulling in dependencies, handling files and I/O) much more pleasant. But suggesting that anyone who writes unsafe C/C++ in any context doesn't know what they're doing is ridiculous. | | |
| ▲ | truculent 16 hours ago | parent [-] | | What trade-offs are you typically evaluating with the prototype? Have you ever found that decision harder to make because of shortcuts etc taken during prototype? | | |
| ▲ | mkipper 16 hours ago | parent [-] | | Like everything, “it depends”. I used to work on a product that handled video, and I would regularly spin up prototypes where I’d stitch together gstreamer pipelines with different plugins to try things out. For reasons that aren’t important, it was easier to use an app linked against the gstreamer libraries than to use its CLI. There were all sorts of ways I’d evaluate some plugin I was trying out. Maybe I’d look at some test pattern for artifacts. Maybe I’d measure latency. Maybe I’d profile its resource usage. But I can confidently say that in all of those cases, the memory safety of the 100 lines of C++ code that told gstreamer how to plug things together had absolutely no impact on what I was evaluating. Sometimes the code you’re writing is basically unrelated to what you’re interested in from a prototype. |
|
| |
| ▲ | catlifeonmars 16 hours ago | parent | prev [-] | | Working software doesn’t always have to be correct or safe. This is highly use case dependent. Rust’s guarantees aren’t free, it comes with a handful of tradeoffs, such as learning curve, implementation speed, (this one is personally annoying) compilation speed, and portability. I’m a huge proponent of using the right language for the job. Sometimes rust is the obvious choice, sometimes it’s Python, Go, Lua, Java, Prolog, C, brainfuck etc. | | |
| ▲ | pdimitar 16 hours ago | parent | next [-] | | > Working software doesn’t always have to be correct or safe. I feel like I am missing some very obvious point of yours because that statement in isolation I cannot agree with (I've read the rest of your comment and still can't find the extra context). Can you clarify? | |
| ▲ | tylersmith 16 hours ago | parent | prev [-] | | [flagged] | | |
|
|
