| ▲ | weinzierl 3 days ago |
| "It's true when you ride a skateboard with a helmet on." Rust is not the helmet. It is not a safety net that only gives you a benefit in rare catastrophic events. Rust is your lane assist. It relieves you from the burden of constant vigilance. A C or C++ programmer that doesn't feel relief when writing Rust has never acquired the mindset that is required to produce safe, secure and reliable code. |
|
| ▲ | omnicognate 3 days ago | parent | next [-] |
| Public Safety Announcement: Lane assist does not relieve you from the burden of constant vigilance. |
|
| ▲ | travisgriggs 3 days ago | parent | prev | next [-] |
| > Rust is your lane assist. It relieves you from the burden of constant vigilance. Interesting analogy. I love lane assist. When I love it. And hate it when it gets in the way. It can actively jerk the car in weird and surprising ways when presented with things it doesn’t cope well with. So I manage when it’s active very proactively. Rust of course has unsafe… but… to keep the analogy, that would be like driving in a peer group where everyone was always asking me if I had my lane assist on, where when I arrived at a destination, I was badgered with “did you do the whole drive with lane assist?” And if I didn’t, I’d have explained to me the routes and techniques I could have used to arrive at my destination using used lane assist the whole way. Disclaimer, I have only dabbled a little with rust. It is the religion behind and around it that I struggle with, not the borrow checker. |
| |
| ▲ | danudey 3 days ago | parent [-] | | I have also mostly only dabbled with Rust, and I've come to the conclusion that it is a fantastic language for a lot of things but it is very unforgiving. The optimal way to write Python is to have your code properly structured, but you can just puke a bunch of syntax into a .py file and it'll still run. You can experiment with a file that consists entirely of "print('Hello World')" and go from there. Import a json file with `json.load(open(filename))` and boom. Rust, meanwhile, will not let you do this. It requires you to write a lot of best-practice stuff from the start. Loading a JSON file in a function? That function owns that new data structure, you can't just keep it around. You want to keep it around? Okay, you need to do all this work. What's that? Now you need to specify a lifetime for the variable? What does that mean? How do I do that? What do I decide? This makes Rust feel much less approachable and I think gives people a worse impression of it at the start when they start being told that they're doing it wrong - even though, from an objective memory-safety perspective, they are, it's still frustrating when you feel as though you have to learn everything to do anything. Especially in the context of the small programs you write when you're learning a language. I don't care about the 'lifetime' of this data structure if the program I'm writing is only going to run for 350ms. As I've toiled a bit more with Rust on small projects (mine or others') I feel the negative impacts of the language's restrictions far more than I feel the positive impacts, but it is nice to know that my small "download a URL from the internet" tool isn't going to suffer from a memory safety bug and rootkit my laptop because of a maliciously crafted URL. I'm sure it has lots of other bugs waiting to be found, but at least it's not those ones. | | |
| ▲ | fpoling 3 days ago | parent | next [-] | | Rust is very forgiving if the goal is not the absolutely best performance. One can rewrite Python code into Rust mostly automatically and the end result is not bad. Recent LLMs can do it without complex prompting. The only problem is the code would be littered with Rc<RefCell<Foo>>. If Rust would have a compact notation for that a lot of pain related to fighting the borrow checker just to avoid the above would be eliminated. | | |
| ▲ | wffurr 3 days ago | parent [-] | | >> If Rust would have a compact notation for "Rc<RefCell<Foo>>" That sounds like Rhai or one of the other Rust-alike scripting languages. |
| |
| ▲ | yen223 3 days ago | parent | prev [-] | | Someone (Rich Hickey?) described this as a piano that doesn't make a sound until you play the piece perfectly, and that analogy has stuck with me since. | | |
| ▲ | timschmidt 2 days ago | parent [-] | | Much preferred over pianos which are making unwanted sounds, unexpected sounds, loud crashing sounds, sounds initiated by sheet music which exploits a flaw in the piano's construction, and can therefore not be depended upon to sound appropriately during important events like concerts. That said, I'm all the time noodling new small programs in Rust. Cargo and crates.io makes this far simpler than with C/C++ where I have to write some code in another language entirely like [C]Make to get the thing to build. And I find that the borrow checker and rustc's helpful errors create a sort of ladder where all I have to do to get a working program is fix the errors the compiler identifies. And it often tells he how. Once the errors are fixed one by one, which is easy enough, and the software builds, my experience is that I get the expected program behavior about 95% of the time. I cannot say the same for other languages. |
|
|
|
|
| ▲ | 6P58r3MXJSLi 2 days ago | parent | prev | next [-] |
| > It relieves you from the burden of constant vigilance Is it..? Rust is more like your parents when you are a kid: don't do that, don't do that either! see? you wanted to go out to play with your friends and now you have a bruised knee. What did I told you? Now go to your room and stay there! |
|
| ▲ | mattwilsonn888 3 days ago | parent | prev | next [-] |
| No. It is not an invisible safeguard - it yaps and significantly increases compile time and (a matter of great debate) development effort. It is a helmet, just accept it. Helmets are useful. |
| |
| ▲ | steveklabnik 3 days ago | parent | next [-] | | The borrow checker is never a significant portion of compile times. | | |
| ▲ | mattwilsonn888 3 days ago | parent [-] | | This is incredibly misleading (technically true maybe) and you know it. Rust has slower compile times for the sake of safety, it's a tradeoff you shouldn't be ashamed of. I didn't narrowly claim the borrow checker (as opposed to the type system or other static analysis) was the sole focus of the tradeoff. | | |
| ▲ | shakow 3 days ago | parent [-] | | > Rust has slower compile times That's true. > for the sake of safety, That's false though. All deep dives in the topic find that the core issue is the sheer amount of unoptimized IR that is thrown at LLVM, especially due to the pervasive monomorphization of everything. | | |
| ▲ | mattwilsonn888 3 days ago | parent [-] | | Well it is arguably Rust's worst issue and it has remained it for most of its life. Are you really going to try and convince people that this is completely incidental and not a result of pursuing its robust static contracts? How pedantic should we about about it? | | |
| ▲ | burntsushi 2 days ago | parent | next [-] | | On the one hand, you talk about being upfront and honest about trade-offs. On the other, you yourself are being less that credible by phrasing wild speculation as if they are facts. So... do I as I say, not as I do? | |
| ▲ | steveklabnik 3 days ago | parent | prev | next [-] | | Yes. This is borne out by the numbers. It has nothing to do with being pedantic, it’s basic facts. | |
| ▲ | purplesyringa 3 days ago | parent | prev | next [-] | | It's not about static contracts at all, it's about keeping performance of high-level APIs high. It's all just about templates and generics, as far as I'm aware -- the same problem that plagues C++, except that it's worse in Rust because it's more ergonomic to expose templates in public library APIs in Rust than C++. Well, and also the trait solver might be quite slow, but again, it has nothing to do with memory safety. | |
| ▲ | shakow 3 days ago | parent | prev [-] | | > Are you really going to try and convince people that this is completely incidental and not a result of pursuing its robust static contracts? I am, because that's what all the people that explored the question converged on. Now if you have other evidences to bring to the debate, feel free to – otherwise, please stop spreading FUD and/or incompetence. |
|
|
|
| |
| ▲ | rowanG077 3 days ago | parent | prev [-] | | It is a helmet. But at least it's a helmet in situations where you get into brain cracking accidents multiple times a day. In the end the helmet allows you to get back up and continue your journey compared to when you had no helmet. | | |
| ▲ | mattwilsonn888 3 days ago | parent [-] | | We're talking about Zig not C. Same argument will apply to Odin. These modern approaches are not languages that result in constant memory-safety issues like you imply. | | |
| ▲ | pjmlp 2 days ago | parent [-] | | Modern as in 1978 and Modula-2 was just made available. Or better yet, modern as 1961 Burroughs released ESPOL/NEWP and C was a decade away to be invented. |
|
|
|
|
| ▲ | nsagent 3 days ago | parent | prev [-] |
| I don't think this is any better of an argument. Maybe yours is a more apt analogy, but as a very competent driver I can't tell you how often lane assist has driven me crazy. If I could simply rely on it in all situations, then it would be fine. It's the death of a thousand cuts each and every time it behaves less than ideally that gets to me and I've had to turn it off in every single car a I've driven that has it. |
