Posts by Phil Lord

Re: "Reference Counted"

Rust by default does not use reference counting at runtime. Rather it determines statically at compile time when the value associated with a variable can be deallocated and does this automatically for the programmer. There is no runtime cost associated with this.

This is not always possible, of course, for example if you intern strings created across a program to save memory. For those cases, Rust has support in the standard library for a reference counted pointer. Actually two. One for single threaded use and one for threaded use. Using the wrong one (i.e. using the single threaded one across threads) is a compile time error.

So, you pay the costs for what you need and pay no cost for what you do not need.

Re: Garbage Collection

I don't know what a reference counting variable is either. References counting is done at the level of the value. The whole point is for where you cannot determine whether multiple variables point to the same value.

To bring it to the question of Rust, it does not reference count. The language uses a system of lifetime analysis to ensure that only one variable owns a value and that value outlives all references to that value. Mostly this is done statically. For the situation where it's too complex, Rust also provides library support for reference counting values. There are also libraries which do mark-and-sweep GC. I don't know how widely used they are.

Most people who use terms like "fanboi" and accuse others of being "clueless" do not actually have "inquiring minds", they just lack civility.

Re: Garbage Collection

GO uses "critical sections" to address the realtime problem. I'm not sure that I would distinguish between reference counting and GC. Reference counting is a form of GC as far as I can see.

Rust doesn't GC by default, but it does provide a reference counting system -- so some of the values in a program are effectively GC'd and some not.

Re: Someone have to say it

The semi-colon in Rust has some semantic beyond the end of the line actually. Or more the lack of one. Without a semi the line becomes a function return expression.

Feels a bit ugly when you start, but works out nicely once you are used to it. Having learned it, though, I find my python code keeps breaking, when I forget to put a return statement in a one line function.

Re: about that steeper learning curve...

"C [...] is still a bit faster according to the article".

Yeah, the article is probably wrong there. It's very hard to compare across languages, of course, but where it has been done Rust and C come out about as fast as it is possible to come out, and much the same. GO is also very fast, even with GC.

The article is also wrong about concurrency. Rust had this well before version 1.39, it just didn't have async/await as keywords. That should be obvious really. Who would design a single-threaded programming language in the 21st century?

I think most of the articles conclusions (lone programmers vs big groups) are equally suspect. Still, the title is fun.

Re: about that steeper learning curve...

There are more C/C++ programmers out there than Rust, so obviously, there are more people who can teach it also.

Having said that, Rust has produced quite a large quantity of fairly good documentation, freely available, as well as a number of books that you can buy. They have also a very good and supportive community. All of which is available world wide via the magic of the web. It's how I learned Rust.

Decreasing the learning curve, indeed, is a good thing. Some of that comes from your background. Javascript programmers will probably have an easier time than C programmers, because Rust is fairly functional. And some will come from the many "quality of life" improvements that Rust has made particularly to lifetime handling. I think it is easier now than it was four years ago when I learned it, although that's hard to measure.

Re: Congrats

Also, alas, high competent programmers write unreliable programs.

Looking for better tools to write code with has been happening since the beginning of computer time. Why would it stop now?

Re: Build back better?

It does have it's own package management system. It's rather better integrated with python than pip is which feels (and is!) a bolt on.

In terms of "3rd party" packages that it is a more complex question. Rust has gone the route of a small core, with add on packages for non-core functionality. That means it can offer somewhat different stability guarantees between the core/standard library and more extended functionality. How well this works we will see in time, but it should avoid the python/java standard library of cruft issue.

The hard bit of "3rd party" is, of course, that Rust is not a product of an standard organisation. The core/std library is produced by "3rd parties" in the sense that the code is not written by the company (or foundation) that owns Rust. So some "3rd party libraries" are effectively part of Rusts extended library support. Consider clap, for example, which does command line parsing. It isn't part of the standard library, but is used by rust-lang.org in their command line documentation. Would bringing it into the standard library magically make it more secure? Or just mean that it's release cycle would be tied to Rusts?

Re: dis-un-de-throne C in the Linux kernel?!

"C++/Rust/OOP further that sacrifice by the concept of a v_table (jump, jump)."

Rust isn't OOP though, and doesn't use a v_table. Most calls are statically determined at compile time. Polymorphism is achieved through the use of generics and the code is monomorphised to allow this.

There are exceptions because a dynamic dispatch allows you to do things that are hard otherwise. One of the changes with the Rust 2018 edition is the introduction of an optional keyword to mark usage; that will become a hard requirement for Rust 2021.

Re: Another dimension of complexity

Well, C was a modern language once, so clearly you think that it lived to it's hype.

In the end, while there will always been some guess work, the real solution is to try things out, slowly and cautiously, see if they work and make an judgement at the end of it, rather than just assuming that "C is the safest bet" based on your prejudices.

Rust is designed to fill a hole and address a variety of problems that C does have. There is no serious doubt that C has its problems and allows a wide variety of bugs which occur with regularity. Rust is designed to address these; whether it will do in the context of the linux kernel or not is what we do not know yet. This is an attempt to answer that question.

Re: Rust - the language for coders who can't.

I struggle to see how this makes sense. Good coders will use the tools that are available to them.

Rust is one of those tools, and having the code compile does indeed detect lots of errors that you might need to test for in other languages. More time fighting the compiler in its sometimes baroque ways; less time writing tests. That's an engineering compromise like any other.

I've stopped worrying about lift doors shutting one me also, and don't use a cloth when taking an light bulb out any more, so perhaps I am becoming sloppy and have too much blind faith.

Re: Too bad

I can see that you have some problems with Rust, but it's a shame that you don't say what they are, rather than alluding to other languages. What part of the Steelman requirements is it that you think Rust needs?

And the idea that Rust has a weak type system similar to Python sits poorly with me. Rust's type system is really nothing like Python. What is the weakness in Rust's type system that you dislike? Rather than just referring to Python?

Re: At last! Reasonable reasons!

It's really nothing to do with the IDE. It's a fundamental problem that the ending of a block is implicit. No editor can ever no with certainly while moving text, where the end of the block is, nor where you as the user intend the end of the block to be.

Curiously you see the same problem in Word. If you have a piece of text in Italics and you cut and paste this, or paste any text to it, you cannot tell Word whether you have intend to be inside the end of the italic block or past the end of the italic block. Now in the case of Word, there really is an end of Italic thing in the data model, but it makes no difference at all, because you, the user, cannot see it. You cannot tell Word whether to include it or not and Word cannot tell you whether it has included it or not.

Practical upshot, sometimes when you cut and paste, suddenly a pile of text will appear in Italics when it shouldn't or vice versa. It's an inconsistent user experience and that inconsistency is irritating.

I don't use a modern IDE. I write code in Emacs or Vim, both of which are forty years old.

Re: Why do some people not like python's indentation=code block container

I'd agree whitespace doesn't cause bugs. But it makes the editor experience more clunky, because the editor has to infer when a block ends.

Imagine you are copying a piece of text into a function, behind a for loop. Your editor doesn't know whether you are pasting at the level of the function or the for loop. If it gets it wrong, you have to manually re-indent the code. That's fine is the pasted cost is all at one level, but if it includes indented blocks itself, that can break as well but not indenting correct. Still at least it is not all bad. You used to be able to mix tabs and spaces; I used to do this in an exercise with my students -- the code only ran if it looked badly indented. Python3 has killed this off, I believe.

With other languages there is an explicit start and and explicit end. Of course, there are famous bugs where white space indentation and blocks were mismatched. Python's approach sought to avoid all of those which it does. But that was 30 years ago. No one indents their code nowadays.The IDE does it. And, in languages with good tools, you run the code auto-formatting tool and lint check in your git hooks/CI.

It's not a biggie, it's a not a disaster for python and it's now not worth fixing. But, while it was an interesting design feature of the original language, 30 years on, it is clear that it was a mistake.

Re: pip is part of all python distributions now

pip is nowhere near as good as tools used elsewhere.

Take for example, cargo and rust. I download a project, type "cargo build", "test" or "run", and it will do precisely that.

With python no. First, the project may or may not be using requirements.txt because there are several different options. pip, of course, will try to do a system wide install, unless you tell it do a user install. Although that will break if there are already dependencies with a different version number. Unless you use a venv. Which you can set up, of course. Although, if you type "python file.py" in that directory, it won't use the venv. Unless you have activated it if you shell. Or in your IDE, if you are launching from the IDE. But, that's okay. You can use pipenv which does all of this for you. Except for using requirements.txt. And it was a bit broken, although then poetry came along which is nicer, although for some reason still ignored the python version requirements, and now pipenv is better and maintained again, but perhaps poetry is still the way to go.

It works in python. But only just. You need to pick a workflow and then you need to set up your environment and then you need to follow the rules quickly and be able to debug when it goes wrong. I can get it working. But I also teach this stuff to 300 students who never done dependency management before. It's really, really not easy.

Re: Valgrind says 'hi'

> What is in some respect surprising is that 50 years on we are (in general) still developing code (whether it be ASM, C, Rust etc.) in exactly the same way as we were back then...

Perhaps that is not so surprising. All the massive changes in technology that we have both seen over the years, and here were are, writing short notes to each other in English. Not that different from a bulletin board in the late 70's.

But the languages have changed, and so have the idioms and standard practices. I routinely hack on one piece of software that has been in continuous development for 40 years. You can see the change and flow of the decades, sometimes in pieces of code that sit next to each other in the same source file. How much of this is a fashion cycle? When I see people getting excited about functional programming, like it's new, I wonder at times.

Re: Valgrind says 'hi'

> No what was being advocated was to adopt a disciplined aka Software Engineering approach, where you will have worked out the logic and associated data structures before even opening the code development toolset.

Yes, if that helps you. But how do you do that? Keep it all in your head? Or do you use some design tool to record those data structures before you open up your code development toolset? Some clicky, pointy, UML type tool?

Personally, I've never particularly liked those. I'm just not much of a figure person; I don't draw flow charts when writing documents either. I'd rather write a set of outline notes, with some comments, which I gradually expand in to a long document. With code, I do the same thing, just using comments in a code, with some rough outline of the data structures, in code. I can't see the point of using a tool that at some point you have to say "now we stop and write these things in Rust".

The OP was advocating the same thing. Writing comments first. So straight into a code development environment.

Re: Valgrind says 'hi'

Advocating for use of valgrind and static analysis is just suggested that people use better tools, to help them avoid problems. That makes sense. Choice of language is, likewise, just another tool.

In terms of comment driven design, rust has an integrated documentation format, which allows inline, examples that compile down to tests. This is in addition to its unit testing features. And it's support for "examples" -- longer free form source files that again are compiled and run as tests. All doable in C, all standard in Rust.

With respect to logic errors, indeed, no language can stop you from just coding the wrong thing. Although, it can stop you forgetting to handle specific cases, it can stop you from forgetting to handle return values, it can stop you from dead code, all of which are common sources of logic error.

In the end, I think, contrary to your statement are acknowledging their development process is faulty. One solution is to switch parts of the code away from C.

Not sure where you get the bit about Rust and casting. Do you have an example?

Re: But///but...this is routine programming

Rust does neither. You can access arrays either safely (with bounds checking) or unsafely (without). The unsafe portions are marked syntactically and semantically and clearly identifiable as such.

In actual use it favours richly functional iterators. This fulfil 95% of the use cases where C would use array access. This high level functionality is bounds safe. The underlying low level code uses non bounds checked array access, and so is unsafe, as a result of which has been heavily checked and audited.

Result: Most rust code cannot array out of bounds, and this is achieved without runtime bounds checking. It's a key example of a Rust high-level, zero cost abstraction.

Re: eliminating the entire class of errors.

These projects were done in C because there are lots of C programmers, it's fast, and when these projects were started, it was the obvious choice. Some of these are still key points: there still lots of C programmers; others are not so: C is fast, but no faster than Rust or Go. If Rust and Go continue their climb in usage, the availability of knowledge will probably change.

Is it worth moving? A whole sale re-write, almost certainly not. Whether it could be done incrementally, and whether that would be useful, I don't know. It would certainly require a substantial investment and that is perhaps the bigger issue. I am not and would not advocate wholesale porting to Rust of anything.

Could it make better use of tools? Maybe, but I doubt that the developers have not thought of using these tools. It maybe that the code is old enough that the tools work poorly, either missing problems or more likely giving a high false positive rate. For a piece of software as old and critical as GPG, changing code to avoid these kind of false positives would not strike me as good practice either. Perhaps you could try them on GPG?

In the end, though, C is just a tool. It is and will remain a useful tool, but it's not the only one and it has serious flaws. Ignoring this and blaming people for their lack of skill is and remains not sensible.

Re: Stick to your channels and get back after you have learned some basic developer workflows ...

To me, this doesn't sound arrogant, but someone who is bit pissed off that after years of maintaining a piece of software, they only get any attention when they get something wrong. Then loads of people jump up and tell them how they could do it better; but no one actually helps them to make it better.

Re: eliminating the entire class of errors.

"You still need to take care in your work and be professional, only in software is that considered a burden."

At the end of the day, the programmers that introduced this bug have been maintaining a complex piece of software that has been a cornerstone of internet and software distribution, allowing signing and identification, as well as encryption. It's fair to say that the are careful and professional in this work in almost every sense, except for the "getting well paid" bit.

And, yet, these bugs happen. And have happened again and again. "They should have taken more care" is not a sensible response.

Re: My first thought:

I think that would be a good argument if we didn't continually the words we use because we are industry where fashionable buzzwords are part of our meat and drink.

I mean this happens all the time, so really changing "slave" to "dependent" is really going to get lost in the noise.

Re: Political correctness gone mad

Here is the justification.

It is a small change, which simply moves one name for another. It took them no time at all, because they were sensible enough to lock the pull request before a bunch of right wing nutjobs descended it. The change means that one of the more unpleasant parts of human history will no longer be used as a metaphor for a piece of computing.

So a low impact change; won't make things a lot better, won't make anything worse.

Re: Bollocks.

Really. It looks to me like you are saying that because someone has made a small and technically inconsequential change to their project on the basis of it reflecting in a mood change in society, you are not going to use their software. At the same time, you are saying that the maintainers lack technical focus. Even though you are prepared to make a decision without any reference to the technology at all.

Makes no sense at all. Why don't you just drop the facade of "technical focus" and say "I will not use a piece of software whose maintainers make political decisions I disagree with". You'd have my vote on the underlying principal there, regardless of whether I agreed or disagreed with your politics.

Re: The language might be super-safe, not so sure about the installer

If someone hacks rustup.rs, then could put anything they like up there and people would run it now? On the other hand, if someone hacks an .deb, or RPM server, they could put random binaries up there, but they couldn't sign them.

It's not, perhaps, ideal, although as it's non-root, it's a little less of a disaster.

Re: On speed

Trait implementations have overhead if you cannot determine what the trait implementation is at runtime -- you end up with a virtual method call. However, if you use traits as a generic bound, you can work out the implementation at compile time, so no over head. Array bounds checking, yes, also, although if you iterators like the `for` loop does, it does not array bounds check. For some uses of arrays in C, Rust uses tuples which again do not bounds check (at runtime -- they are type safe at compile time). Memory dropping is worked out at compile time in most cases. You can explicitly use reference counting where it's too complex to work out where dropping should occur at other times and yes, this has some overhead.

Finally, all of this you can turn on with unsafe code. And, of course, all of the above is true on the Rust side; in practice even when Rust thinks it is array-bound checking, LLVM may be optimizing it away.

What I am saying here is not that Rust is faster or that C is faster. I am saying that you cannot reason it; you have to build it and check.

Re: On speed

Rust does very few runtime checks -- the majority are done at compile time, and the runtime ones are normally explicit at development time (that is, you know you will be getting a runtime check). In all cases, if you *really* care about performance you can run time checks and do most of the things you can do in C, sacrificing the safety guarantees in those areas.

I would also say that Rust has fewer undefined behaviours than C, so the Rust one can optimize to run faster than the C one. Of course, it might not, but I think the idea that C is going to be faster is not true.

Re: The language might be super-safe, not so sure about the installer

This doesn't install rust, it installs rustup which installs rust. Everything else is underneath that. You can install it in other ways if you like, but this approach is nice because it's non-root and updated at the same time as Rust is.

Re: Haven't looked back

The Rust library ecosystem is a little biased toward the systems programming end, but it's actually a pretty rich environment overall, and because the tools (esp cargo) are good, it's easy and low cost to add dependencies to your own projects. There have been significant efforts to cover the few remain holes that exist.

Having said that, my own experience is that it can be hard to find a the right library out of several choices, and the rust community has got a bit obsessed with semantic versioning, meaning that libraries tend to sit at version < 1 for ages; bit like googles tendency to call everything beta.

Re: sCeptic

Oh, that's easy. It is all achieved at compile time. So, *efficiency* in the runtime sense of the word is not affected at all. The "portability" bit largely comes from LLVM which Rust uses to produce the final binaries. Or to look at it another way, Rust achieves memory management through it's type system.

The compilation process is a little bit slow, though, partly because of this checking, although, in practice this time is far outweighted by LLVM doing it's thing, especially when running under full optimisation.

The original poster is also simplifying things somewhat; actually, Rust has a "safe" subset that does all of this. It also has an "unsafe" set -- you lose the guarantees, but can do any memory manipulation that you want, including referencing invalid memory locations. You don't need to do it that often, but the option is there if you need it.

I thought long and hard about Rust or Go, when I was starting a new project that I wanted to be fast.

In the end, I went for Rust; it seems to have fulfilled it's promise to be honest. The code is clean, succinct and even with a naive implementation is more than an order faster than Java equivalent that I wanted to replace (I realise that Java is not a speed monster, here). In terms of usage, the tooling is very nice and comfortable, and the language really gives the impression of being carefully thought out, and as equally carefully developed and updated. Of course, there is only so much time in the world, so how much of this would be true of Go, I cannot say, because I tried it less.

In the end, there were a three main reasons for choosing Rust. First, although it is indeed a fussy language, the community is very supportive and has helped me when ever I needed it (and as probably the first local adopter I needed it). Secondly, it's backed by Mozilla who are, I think, less likely to be evil than google; in particular, there is a strong community ownership of Rust. And, finally, the killer issue, which is reason enough to choose all by itself: Go uses tabs by default; and not just tabs it uses combined tabs and spaces; it is too hideous for words.