undefined | Better HN

0 pointsedflsafoiewq2y ago0 comments

Certainly it is a question of degrees.

But to say the gap in safety is very small is essentially to say Rust's lifetime system is close to zero-value.

Unsafe code still exists, the goal is to localize it to small, auditable blocks. However safety often depends on non-local properties. For example, unchecked iteration over a vector requires we know the vector's lifetime exceeds the iteration lifetime, and that the backing buffer won't change. Rust's lifetime system allows this to be expressed, so the "critical zone" can be localized within a single block in the library implementation. If the library is correct, all consumers are safe. In C++, these cannot be expressed, so the critical zone for this safety guarantee is smeared across all code executed during the iteration. No consumer is guaranteed safe.

0 comments

1 comments · 1 top-level

germandiago2y ago

It is not that the borrow checker is zero value.

But the borrow checker enters the game also depending on your code style. And when it does it gets quite viral with annotations and the like.

That is why I like more a model like the one found in Hylo language. It sidesteps the rigidity of the borrow checker and it can do very well.

Also, the code style I try to keep in C++ is quite "value-oriented" to avoid the typical lifetime pitfalls.

Nowadays I try to use STL with debug mode but not escape iterators. I am actually considering using a library like Flux because I think that, as fast as the iterator model is, it is basically playing with fire. Flux seems to be very competent performance-wise and safer, besides compatible with ranges.

I am quite happy with C++ at the moment. That does not mean I won't use Rust in the future. Who knows.

I hope more work towards safety will be fone in C++. I would not want a borrow checker, but avoiding as many pitfalls as possible is a good thing. I always use compilers with the maximum warning level and warnings as errors. It is actually a good thing to do.

j / k navigate · click thread line to collapse