- has been around stable for over 6 years and was already somewhat popular years before that
- is the first real contender to C in the Linux kernel, with support from its BDFL and a lot of work going on, and well those devs know a bit more of pain points in complex systems that need to go fast.
- is used in of the major Browsers while the most popular one is contemplating starting to use it
- allows refactoring and cleaning up code so nicely, it's just marvellous if one actually worked on big code bases previously to rust, as either one had ten static checkers and three times the amount of CI pipelines as required bolted on, or just risk quite a bit every time something was touched.
- deep and mature integration of tests and docs and doc-test (those are damn nice)
- want me to continue? I got a few more points
surely is a fad ;-)
Look, you do not need to use Rust if you do not want too, but living in denial about that Rust has seen a good rate of adoption and that it also has its uses as valid Language to do stuff nowadays, is just not a good thing to do mentally nor socially.
Even stranger: people that insist on writing their (loops; like; ++this) in 2021 as if doing so is in any way superior or something.
The information provided in the article shows beyond any reasonable doubt that both C++ and Rust are exactly equally safe regarding integer overflow.
Rust checks for overflow in debug builds, but it does not check for overflow in release builds.
The same happens in C++. All decent C++ compilers have options for overflow checking, but most developers do not use these options in release builds, for fear that it would affect the performance.
Rust is a little better because it enforces the overflow checking option on debug builds, but C++ is better because the developer may choose to keep the option also in release builds.
So this myth is not busted, it is confirmed.
> C++ is better because the developer may choose to keep the option also in release builds
You can enable overflow checks in release mode if you like: https://doc.rust-lang.org/cargo/reference/profiles.html
The final behavior is decided by the programmer, by using or not using "-fsanitize=signed-integer-overflow" or equivalent options for the compilation.
So after the programmer makes a decision, the behavior in C++ is defined and it is either like in debug Rust or like in release Rust, depending on the programmer's decision.
While I hate undefined behaviors in C/C++, I prefer to be able to make my own decisions on the behavior of integer overflow, instead of being forced by Rust to ignore overflows in release builds.
Edit: Thanks for the Cargo link. If you can change the overflow checking option in the Cargo profile, then there remains absolutely no difference between C++ and Rust regarding integer overflow.
The Rust RFC "Integer overflow #560" is totally misleading in this case.
If you set -fwrapv then they're the same. But that's not standard and not default.
With the appropriate compilation options the C++ compiler will not make any optimizations that depend on the undefined beahvior for overflow.
The only defect here is that the options to do unsafe optimizations are default and you have to give explicitly an option to forbid them, instead of the safe option being default.
Since the overflow check is also controlled by a compilation option in Rust and the default for release builds is no checking, there is no difference. Even if Rust might have done less optimizations, an unchecked overflow will still cause a bug.
To the point though, while some of the points in the article are well-taken, especially how one can pick-and-choose scenarios where one language or the other has a noticeable implementation issue or design misfeature - the article is still problematic for at least two reasons:
1. Mixing up a comparison of the languages and of the results of specific compilations by a specific compiler.
If C++ semantics allow doing something easier, but Rust semantics do not, e.g. because of avoiding undefined behavior, then regardless of whether a specific compiler makes use of this fact - it is still a benefit, speed-wise. Specifically, in Rust, if I take two non-negative numbers and multiple them using the square() function discussed in the article, then check the result for being negative - with C++, the check is redundant and can be dropped in favor of a true value during compilation; with Rust, it cannot. Now, will some version of LLVM do that? I don't know - but it could (and it should).
2. Misrepresenting how the langue affects the behavior of the compiler back-end.
The article says:
> Rust is based on LLVM, which is the same back end that Clang is based on. Therefore, Rust has inherited "for free" and shares with C++ most of the language-independent code transformations and optimizations.
That's simply not true. That is, LLVM is _capable_ of most of the same transformations and optimizations; but the question of which of them it is _allowed_ to use depends on various kinds of semantic information specific to the programming language.
This is apparent even in trivial examples. Here's one:
https://godbolt.org/z/rMW3vsEvo
where the same function is compiled in Rust:
pub fn check(num: i32) -> bool {
let y = if num < 0 { -num } else { num };
return y >= 0;
}
auto check(int32_t num) {
auto y = (num < 0) ? -num : num;
return y >= 0;
}
example::check:
mov eax, edi
neg eax
cmovl eax, edi
test eax, eax
setns al
ret
check(int): # @check(int)
mov al, 1
ret
C++ will of course always return true.
> In Rust, an undefined-behavior arithmetic issue like that is literally impossible.
... but that's only true if the safeties are on, specifically overflow checking.
What is scary is, I don't doubt that some people will read your comment and think it could be true!
These are the three things that matter most.
> Spoiler: C++ is not faster or slower – that's not the point, actually. This article continues our good tradition of busting myths about the Rust language shared by some big-name Russian companies.