Rust is Software's Salvation(redox-os.org) |
Rust is Software's Salvation(redox-os.org) |
Programming is hard. Programming will always be hard. Better/newer tools (and sometimes influences from the old finally making it mainstream, like Standard ML) make programming easier but not fool proof. It's misleading and harmful to hype the crap out of any language.
Unfortunately this stupidity is never going to end as long as language creators measure language success in adoption numbers and TIOBE scores rather than the warm fuzzy feeling of handling certain people's needs really, really well.
I am somewhat disappointed that we still feel the need to create entirely new toolchains and rewrite everything just to support what should be an incremental improvement. But at a certain point, a lot of the reason for the hype is that it sells these solutions to newer developers that haven't had exposure to these concepts before. I suppose we can consider them fortunate for not having to do systems programming while suffering through implementing their own reference counting and garbage collection semantics.
Those, plus the total package of tradeoffs in Golang did for me, in terms of implementing a game server. The whole package really is game changing for what I'm doing.
I am somewhat disappointed that we still feel the need to create entirely new toolchains and rewrite everything just to support what should be an incremental improvement.
There's something wrong with programming as an entire field. Don't other fields figure out ways of not reinventing the wheel?
But at a certain point, a lot of the reason for the hype is that it sells these solutions to newer developers that haven't had exposure to these concepts before.
Luminaries of our field have been lamenting for decades that programming forgets its own history and discoveries. Maybe we should make it de rigeur that people relate their "inventions" with past art? A lot of times, when I point out past art, I get met with instant open hostility from younger devs. Is it any wonder that programming has the attributes of a popular medium, not a field of engineering study?
If young coders want to be the future intelligentsia and harbingers of a better kind of programming, they need to foster a set of subcultural norms that best leverages collective knowledge. Programming has to become a field that remembers its own history and can learn from its mistakes.
I've been doing C/C++ for close to 15 years now, I find that the borrow-checker not only helps with safety but also with guiding a good architectural foundation. Nothing keeps you from dropping into an unsafe block and cranking out very c-like code if you want as well.
All my green-field code now is Rust. Sure there's some hype but that's because people are genuinely excited about the language.
I agree that "salvation" is a bit much, though.
For whatever hype Go had and may have, it's still a resoundingly successful language that's building meaningful stuff that improves people's lives. Sounds like a success to me.
I don't personally divide my life into "before move semantics" and "after move semantics" - but thanks to move semantics, I have to anyway. And I feel like I'm all the better for it.
Any ideas about how to add this small "incremental improvement" of Rust-like safety to C, for example?
I don't think that the language creators are behind this in this instance, more over-excited users continuing the hype cycle. I definitely agree that it does a disservice to the language. I posted this on /r/rust[0]:
> Please don't push the hype train to far - our language, tooling and strong community does a lot of work to sell itself, and we will get a backlash if we are not up-front honest about Rust's problems. Ruby and Go are experiencing that now. Some languages are better than others especially in specific domains, but even the better ones are not silver bullets, and Rust is no different. I use Rust for some things because I feel the trade-offs are worth it.
Not all of us feel the need to sugar coat Rust.
[0]: https://www.reddit.com/r/rust/comments/5kytg5/rust_is_softwa...
I think the main hype danger for rust right now is that the number of killer applications written it will fall short of the hype. But the linked article is from someone writing redox-os, so it's hard to criticize this article specifically for contributing to overhype.
Ruby had the opposite problem, which is that a lot of people were writing amazing applications, but it fell down technically (applications got messier and slower; or at least that is the perception). In theory the same thing could happen to rust, but it seems less likely.
Having said this, Go got its killer application in the form of the main language driving container implementations.
Rust might eventually get its one beyond the current browser implementation and get adopted by an OS vendor.
Just with Apple doing Swift, Microsoft .NET Native and C++/GSL, maybe it is left for Google and their Fuchsia project or an embedded OS vendor to do it.
It's a vast oversimplification of the real issues while ignoring the reasons programming or are hard.
Of course it's possible. Say you would fork gcc (or clang) and teach it a few extensions for the C type system that allow some more safety checks at compile time (for example something similar to Rusts borrow checker). Since those checks don't change the generated code, you now have a language that's safer than C, but equally fast. Now you add some language primitives that make it easier for the compiler to understand the intend of the programmer, making it easier to optimize the code (there are already plenty of opportunities used by C extensions, like signaling that some if branch is unlikely to be taken. More opportunities exist if you modify the language more heavily). Now you have a language that's both safer and faster than C.
I don't want to make any claims about Rust performance in practice, I haven't run enough benchmarks for that. But it's perfectly possible that the statement could be true.
Maybe not faster than C but at least as fast while bringing modern patterns and better safety.
It's actually entirely possible. For example it's how Fortran has been traditionally faster than C, by not allowing for aliasing (which is also an unsafe feature) it can give the compiler more room from optimization.
That's C's limitation: it can only be as fast as the compiler geniuses can make it, or as concurrent as its users can explicitly make it. Given that almost all computers where you care about raw performance are multiprocessing now, that's a huge deal. Languages with primitives like async/parallel map() are going to have a hard time keeping up with those that do.
Sure, you can write ultra fast code in C or assembly. The fastest way to do so might be to write it first in Erlang, Go, or Rust and reverse engineer it from the resulting machine language.
Rust's safety guarantees dont extend to logic or protocol implementation problems or misconfigured security settings.the part of the article about service providers leaking creds or other info...Rust all the things and that will still happen.
Some of this stuff is just too much. Also, why not work on lifetime and memory safety in a c based language? Rust looks like Klingon to me. functional-ish-ness is really hot right now. (Like Hansel.)
There's this really sophomoric theme that this seems to be a part of that keeps resurfacing here. its almost like a conspiracy of influences made the wrong tech choice in the past and everything would be ok now if we used X. Where X could be haskell, rust, os2, plan 9, lisp, lisp, lisp, go...theres quite a few saviors out there they resurface every now and again.
https://hoverbear.org/2016/10/12/rust-state-machine-pattern/
https://blog.tarn-vedra.de/posts/phantom-types-for-safe-apis...
https://insanitybit.github.io/2016/05/30/beyond-memory-safet...
https://scribbles.pascalhertleif.de/elegant-apis-in-rust.htm...
Some libraries use such features to prevent certain kinds of nonce-reuse during encryption (one of the more common ways of screwing up encryption). These constraints are checked at compile-time.
Such guarantees are not possible with weaker type systems like that of C.
I'm a huge strong typing fan! I'm just saying, type systems can get you a long way toward correct construction. (Or correctness by construction...) The issues with the software/computing world are bigger than array bounds checking and type correctness.
It's worse than the phase Java went through when it hit its peak.
I'll be honest. Until we start seeing some more balanced (frankly, I'd settle for nuanced) discussion about the compromises made to get Rust's strengths, I'm staying the hell away from it.
It's a combination of two things, as far as I know.
1. The LLVM backend is slow.
2. The Rust frontend has historically abused the LLVM backend badly, by feeding it large amounts of barely optimized code. This is being worked on, but it's going to take a while.
What you aim for and what you achieve are different things. These things take time. We've been getting faster every release. 10x faster within a single six-week period is not realistic.
(Borrow checking is not generally the slowest part; it's the codegen. Which is LLVM. But also is the IR we feed to LLVM.)
Every time a new release happens, it takes around one hour to update all VSCode related tooling.
To an outside observer (me), seems like Rust evangelicism tries to cast a too wide net, ending in "meh" response from many.
That's a bold, yet generalized statement.
It performs on par with C++, on the other hand, for what that's worth.
Many of the others boil down to "explicit SIMD isn't in stable yet."
http://www.anthropic-principle.com/?q=anthropic_principle/do...
I don't hate C, like some here, but I am receptive to the many objections to it: it makes a lot of sense.
But I would be a lot more receptive to this particular attack on C (which is pretty reasonable) if it wasn't so melodramatic: claiming that Rust will "save software" and that C is some kind of garbage with no advantages of any sort. Both are false (although the latter has some truth to it: C has many issues).
The truth is strongly in your favour: No need to stretch it.
A hilariously wrong/misleading analogy in an otherwise compelling and agreeable blog post.
There could be though. Maybe the successor language to both Rust v4.4 and C++26 will be named Silver Bullet. You never know.
I like Rust. I just don't think doing things in a better C than C is going to yield as much of a payoff as these guys think it will.
I was able to replace pages of "cleverness" with a few lines of code in the same language.
These guys are very impressed with their improved hammer. It might not be the best tool for the job.
I don't write new languages any more, I figured this out 20 years ago, it's something that is very very hard to suceed at, and rather a crap shoot.
The same goes for OSs.
Oh, and BTW, functional languages, the very best thing since sliced bread, for, what? the third time around now?
That's... not saying all that much.
> Better performance than C
In 2014? Objection, your honor. Assumes facts not in evidence.
About problems with C:
> Maybe a bug in GCC outputted the wrong machine code
And Rust compilers will never have bugs?
> Maybe a race condition in Linux gave an unprivileged process the ability to tamper with your program
And writing your program in Rust is going to save you? Nope.
Now, in the previous two points, the claim may be that GCC/Linux is written in C, rather than that my program is written in C. But a compiler written in Rust can still output the wrong machine code, and the borrow checker won't save you.
> [ ... ]
> Maybe a bug in GCC outputted [sic] the wrong machine code
How does Rust protect against a bug in Rust outputting the wrong machine code?
> Maybe a race condition in Linux gave an unprivileged process the ability to tamper with your program
Too bad the race-condition free Rust OS that can replace Linux isn't here yet.
As a person who lived through the 1990s Java hype and had a bookshelf full of the official Java books (Addison-Wesley white books)[1], the Rust evangelism is nowhere near that level.
To refresh the memory, 1990s Java evangelists predicted:
1) C/C++ would become obsolete because in the age of abundant desktop resources (cpu power and more RAM), the GC would take care of all that
2) Java's "write-once-run-anywhere" JVM would render the Windows operating system obsolete and weaken the evil Microsoft
3) Java applets so you could create rich dynamic websites in the browser
As we now know, none of that actually happened. Java is still a success but it couldn't match the breathless press it initially received.
Yes, this particular Rust blog promising "salvation" seems to defy Fred Brook's more conservative "no silver bullet".[2] But relatively speaking, Rust's enthusiastic community is fairly tame.
For example, the internal wars between Windows and DevTools divisions at MSFT, were the biggest reason for Longhorn's failure.
MSR with Midori has proven the viability of using C# for systems programming, when no politics are in play and everyone is focused on technical improvements.
> Until we start seeing some more balanced (frankly, I'd settle for nuanced) discussion about the compromises made to get Rust's strengths, I'm staying the hell away from it.
If all you see about Rust is what hits Hacker News, you're probably not going to see much of that. The narrative about Rust's safety and the terrible state of software engineering today and dangers of all of the existing C and C++ code is a strong one that resonates with a lot of people, and so posts about that are likely to be voted up on HN. Posts about how Rust isn't a perfect language and has some flaws, well, maybe not so interesting, because every language has flaws, so there's nothing all that noteworthy there.
Also, FWIW, the post you're commenting on is written by someone who believes what they're saying in the post so strongly that they're writing an entire unix-like OS, including kernel and applications, in Rust. So it's no surprise that they're talking about what excites them about Rust and why they're using it to write a whole OS, rather than any flaws it might have.
Err, the title of this article is "Rust is Software's Salvation". The previous one was "Rust is mostly safety". No discussion of trade offs, no negatives to be found. From the original article: "[Rust is] Technology from the past come to save the future from itself"
> Not sure why marketing Rust implies that the community is trying to defend it
The original article was a call for marketing material, because they don't feel enough people are using it. Those people are, to paraphrase the sentiment from the comments in the first article, wrong for thinking they write safe C or C++ code.
Look into the issues surrounding the borrow checker, that's one of Rust's main pain points. Long compilation times are another common issue.
To Rust fans, I realise both of those issues will be addressed to some degree as MIR matures, but I'm looking for flaws as things stand now.
- It will be super hard to hire for Rust for a long time. It would be a very bold move to write your app in Rust if you plan to grow your tech team anytime soon.
- I havn't tried learning Rust myself, but I have read that little that it can be a little tricky to start thinking the rust way (borrowing?) Plus the language "looks" hardcore. I wonder if that will put off new devs.
That's from the linked article 'Rust is Software's Salvation' (bullet point 3).
Now we have UWP as that idea was brought back to life.
That's what I heard 2~3 years ago.
This is my personal view of the matter, based on MS blogs, talks, papers and how their technology has been presented to those more MS savy.
https://news.ycombinator.com/item?id=11828585
If you follow the OP of the comment there is another view being presented.
There are lots of conspiracy theories about what went wrong, regardless how much truth each one has, the real matter is that politics played a bigger role than technical issues.
(It's not built in, but that's a good thing IMO. :-))
The thing is that even with unique_ptr I can easily reach in via get() and I've broken the shared mutable state contract. It's trivial for me to trace what modifies things in Rust, I just follow the 'mut' annotations and since only one thing can hold it at a time it's very straightforward.
Rust also has one the best package managers I've seen. Union types which are the best way to represent states and state machines bar none. An iterator class that's the best I've seen(seriously has anyone actually used <algorithm>? How man begin/end pairs do I need?).
Plus the community is super-welcoming, there's more reasons but those are my top ones right now.
Who said it does? And why would it have to?
It'a just about catching those "certain class of errors that the Rust compiler will check that will still give you a segfault in C++".
Plus a nicer looking language, with a more modern design.
There will always be that compiler or team that doesn't have any kind of reviews, static analysis, making use of binary libraries or legacy code.
Hence why safety at language level is much better than third party tooling, as tools can be ignored.
Interestingly, Go picks up a lot of Pascal (and of course Modula) tradition, as Robert Griesemer worked with Wirth before. A lot of the Wirth language family's ideas made it into Go clothed into a C syntax.
http://m.cacm.acm.org/blogs/blog-cacm/176450-python-is-now-t...
Annoyingly, these bugs still bring down our systems in an age when we're on the verge of self-driving cars. Can you imagine that? Your car can crash because somewhere a programmer messed up a simple bounds check.
By removing the possibility of these small annoying bugs, you leave the programmer free to focus on the big picture. That is the entire point of abstraction, and a language which strives to provide these abstractions at no cost to performance is inherently better than one that
a) doesn't provide these abstractions
b) doesn't provide mechanisms to handle the unabstracted layer safely.
Rust isn't the only solution. There are mechanisms that can be used in C++ to make a program memory safe by construction. I'm not even saying that Rust isn't a good solution. (I am saying I don't like the syntax...I'm sure I could get used to it at some point.)
I just get very wary when something has this kind of "evangelism" behind it. That's all. I'm really looking forward to seeing what Mozilla does in Firefox with it.
ADT's have been known to be a superior way to express state machines for ages but C++ for both technical and non-technical reasons will never actually get them. Rust solves this problem by starting over.
In this specific case, as projects scale, extra performance is important. So they've started deploying Rust services to address that need.
Like this post: https://blog.sentry.io/2016/10/19/fixing-python-performance-...
Look at that CPU graph. That's actual, important, business value.
> ending in "meh" response from many.
Most of this thread is complaining about people having a _too enthusiastic_ response to Rust, not too little.
I commented on the fact that saying Rust is for everyone you're watering down your marketing message.
https://blogs.msdn.microsoft.com/vcblog/2015/12/03/c-core-gu...
Java, Python, etc actually compile at run time so the comparison is invalid. You can measure the full iteration speed, but then image based wins (Smalltalk, Common Lisp).
Good programmers aren't strongly bound to language. Hire any systems programmer and have that person learn Rust.
The original article that kicked off the 'Rust is mostly safety' article was a call for a change in the marketing material[1], away from the 'Rust is safe' narrative. It's not an attractive narrative (IMO) and the point that Klabnik was making was that Rust is more than 'just' safety.
'Rust is mostly Safety' was written in a sense disagreeing (depends on your interpretation) with Klabnik's article that Rust is much more than safety. Now, yes, these posts (namely the 'Rust is more than safety' and 'Rust is mostly safety' are not discussing the negatives of rust, absolutely, but it's not the scope of the posts to do so, it's not what that particular discussion is about and they should be exempted from this broad brush.
You've taken a quote from the Klabnik post, which is itself quoted from an initial release announcement, which is basically guaranteed to be a spot of marketing. As always, there is a time and a place for the discussion of trade offs and negatives.
A release announcement is not the place for this.
Nor is a discussion of changing the tone of the marketing of the language.
Now, finally turning my attention to the article in the post...well, that strikes me as a place to discuss some negatives. I am not super comfortable with basically listing all the cons of C and well, not even discussing the pros of Rust but presenting it as a panacea.
I think it doesn't quite hit the point of Klabnik's article which to me was more about stopping marketing based on what Rust stops you from doing and marketing Rust more on what it lets you do.
This is absolutely not true. I would love for Rust to have more users, but that's because I love Rust, and want to share that with people. But really, just like we try to make software better, I'm interested in how to make our pitch better.
You would think Hacker News, of all places, would understand that.
Rust should be roughly the same, speed-wise.
[...]
If young coders want to be the future intelligentsia and harbingers of a better kind of programming, they need to foster a set of subcultural norms that best leverages collective knowledge. Programming has to become a field that remembers its own history and can learn from its mistakes.
Graydon has consistently pointed out Rusts influences, indeed it is one of the reasons behind its name - ie. 'rusty old ideas'. But the influences of the creator are not enough. We need to promote the value of a historical perspective in our discourse, and so I I'm glad for your post. As a young developer I see it in my peers, but even sadder I also see it in my mentors and elders. So often there is two extremes of fervent excitement and lack of imagination that things could be better beyond ones own experience... both borne out of a lack of historical literacy.
That said, I don't mind reinventing the wheel in new ways - every time our wheels get better and better. But perhaps they could get better faster with fewer steps backwards with a little schooling on the foundations of our field.
Not always. Pry debugging Ruby can be pretty awesome but still often leaves a lot to be desired compared to the VisualWorks Smalltalk debugger+environment. Then there's the One Laptop Per Child project. How many developers were trying to recreate things that already existed in Smalltalk? What if they could've freed up the developer power wasted in that wheel reinvention? Seriously, a lot of the advanced state saving/rollback features would've just come for free in Smalltalk.
How many Smalltalks were not closed source and with commercial IDEs and toolsets?
You may be interested in Graal/Truffle. One of the main aims is to make it a playground for experimenting with programming language design by reducing the work that goes into the underpinnings of these new languages. It's also meant to offer fairly decent performance.
https://medium.com/@octskyward/graal-truffle-134d8f28fb69#.n...
Look at all the research and prototyping in aviation. What's weird about programming is the amazing longevity of experimental ideas vs. heavily engineered products.
I like that very much! Also strange are the obscurity and outright myths surrounding heavily engineered products, followed by hyped reinvention.
No. In fact even in the actual field of "wheel manufacturing", we have been re-inventing the wheel since for ever.
Those who don't like "re-inventing the wheel", would they rather use stone or wooden wheels for their cars? Or perhaps some of the crude early metal ones? Or they rather use the re-invented modern mix of alloys and plastic?
My university did a pretty good job teaching the ways of the past.
Sadly things seem to have changed for the worst in the last 20 years.
That's because the past then was still modern.
Those majoring in systems programming had a good glimpse of OSes and programming languages.
> I just don't see Mozilla having enough resources to keep-up the momentum long-term.
Did you forget about Samsung? Mozilla and Samsung aren't the only two companies backing Rust.
http://www.tiobe.com/tiobe-index/
Call it money or whatever, but Go seems to be getting substantial TLC from the people working on it for every point release.
Of course, this could just be an easier thing for them to do since their approach is not as ambitious as Rust's.
Google is not a language company and doesn't hire good language people so I don't see this changing.
Disclaimer: I work for Google
If I have to write native code, right now it'll be C++ precisely because it's able to express complex problems with a high degree of getting-it-right (because while I would never claim to understand C++, I feel confident in my understanding of the subset of C++ that I use). I really like Rust and look forward to it being a better fit for what I want to do, and every time I look at it it's getting closer.
Within a couple weeks you will get the hang of what the borrow checker can actually handle and you'll mostly not have problems except when you are actually making a genuine mistake.
I don't know if it helps you or not, but you can specify that a type parameter need not be sized with the ?Sized bound. e.g., The `Path::new` constructor is defined as `fn new<S: AsRef<OsStr> + ?Sized>(s: &S) -> &Path`. This means `S` can, for example, be `str`, which is an unsized type.
I don't think it's description of an issue.
It is if it drives potential community members away.
BTW - this reaction is why I continue to work with Rust; the community is awesome!
(Dealing with trait objects and generics...less so)
Look, it's not an issue for all time, there are plans to improve it, I'm just suggesting it as a point of friction right now. If you seriously don't think it's an issue, what would you say are the issues? You won't do yourself any favours if you try to pretend Rust is perfect.
The only people who have issues are people who've used Rust for less than a week and still do not understand the basic rules of the borrow checker. I've explained it many times to people already. Once you know the rules, it's easy peasy, and you'll never have another complaint from the borrow checker ever again.
The only improvements that I could see for Rust is landing non-lexical borrows, macros 2.0, and faster compile times, albeit compile times are largely fixed now. A 100K combined LoC project can easily compile a release build using 1 core in 3 minutes or less.
Since you chose to be cute, I'm going to take a guess that you think this means the comparison between the tools is unfair. If that's an accurate interpretation, then I will say that your question is irrelevant because ripgrep is faster or as fast as GNU grep on benchmarks using a single thread too. In fact, that's the whole point! It says so right in the project's README.
Let's be careful not to overstate Rust's benefits and understate Rust's costs. Of course, I do happen to think the benefits are overwhelming compared to the costs. :-)
Optimization tricks in Rust are the same as you'll find in C++. It might be worth you comparing the C++ implementation of Snappy with my Rust implementation, for example. You'll see the same kinds of tricks employed in C++ as in Rust (avoiding memcpy in favor of unaligned loads/stores).
The learning curve for manual memory management in C is a major issue, but not the principal of manual memory management itself.