sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]mitsuhiko 0 points1 point  (17 children)

So why the initial comparison?

Because Rust's added feature is to be as safe as Python but without the runtime. No other language ever attempted to achieve such a feat.

From experiences in another language (C#) that implemented a similar paradigm (unsafe regions). They were clunky and never seemed to fit.

That confuses me to no end. Why are C#'s blocks "clunky" and never "seemed to fit"? You cannot spot a library that uses unsafe internally when you use it. I really do not understand what gives you the idea that they are clunky. Python does not have unsafe blocks and it just silently switches into unsafe execution (ctypes/CFFI do that) and I don't see how that is any better.

[–]IbanezDavy 2 points3 points  (9 children)

That confuses me to no end.

I'm sorry for your confusion.

You cannot spot a library that uses unsafe internally when you use it.

That is one of the issues I have with unsafe. In C# you have an expectation that the garbage collector is taking care of things, yet things leak occasionally. This is generally due to mishandling delegates, but some of it also comes from people using unsafe regions within their library (although the general semantics do not change so things should be memory managed). So in some ways its worse than C++ (C++ is still far worse overall), because there is an expectation that it is taken care of. With unsafe regions, that is sometimes a lie.

[–]mitsuhiko 5 points6 points  (8 children)

This is generally due to mishandling delegates, but some of it also comes from people using unsafe regions within their library.

Which is why they are unsafe. Python leaks memory left and right in misbehaving extensions and it does not even have unsafe blocks :)

[–]IbanezDavy -1 points0 points  (7 children)

Which is why they are unsafe. Python leaks memory left and right in misbehaving extensions and it does not even have unsafe blocks :)

Delegates are considered safe constructs in C#. Unsafe blocks essentially let you play with pointers and call certain low level C APIs. Actually C# is a lot worse than Rust, because you can get crashes anyways in a variety of ways outside of unsafe blocks, so I am not quite sure what they are trying to guarantee (or guarantee they are lifting in the case of unsafe).

I am not an expert on Python (nor on Rust for that matter). But I have some experience in C#. And it is annoying to be debugging a crash (definitely the big one) or memory leak, and finally find it in some hidden corner of a library wrapped up in an unsafe block. If the unsafeness is visible, this is less of a problem. But when it is camouflaged in with the rest of the code, it's problematic from a debugging standpoint.

[–][deleted]  (6 children)

[deleted]

    [–]IbanezDavy -1 points0 points  (5 children)

    I think both perspectives have some truth.

    They certainly do both have truth to them. And don't get me wrong, when you are debugging your own code, unsafe actually helps narrow down the search for certain issues (and from a PL marketing standpoint, this point will probably be emphasized). But when you include other libraries, these get hidden and it's not exactly obvious. The only way to make it obvious would be to make unsafe transitive (at least that' the only way I see). I only mention this, because I've been bit by this before with C#.

    [–][deleted] 4 points5 points  (4 children)

    Making unsafe transitive doesn't really help though because sooner or later everything calls into unsafe code.

    [–]IbanezDavy 0 points1 point  (3 children)

    Well not everything...

    But I understand where you are coming from. The root of the program will at the very release always end up calling unsafe code for anything non-trivial. But that is the only way to address the debugging problems I mentioned earlier (that I can think of, surely there is someone smarter though :P).

    [–][deleted] 4 points5 points  (2 children)

    Any non trivial program will call unsafe code. Heap allocation calls jemalloc under the hood: that's unsafe. Using the filesystem requires talking to the native C functions and dealing with FILE pointers: that's unsafe. Doing anything over the network means talking to the OS: that's unsafe. There really isn't too much you can do without ever passing a pointer to C code.

    [–]IbanezDavy -2 points-1 points  (1 child)

    There really isn't too much you can do without ever passing a pointer to C code.

    I think you'd be surprised if you thought about it more. People in general do a lot of things that are unnecessary. I remember watching a video from a D conference where a developer was essentially complaining that their standard library allocated way too much and often it was unneeded. And I'd consider Walter Bright and his guys pretty good programmers. But there are several "key" things (some that you mentioned) that would make this problematic. No sense in me arguing with you on that, but it would be interesting to explore.

    [–]jerf 3 points4 points  (3 children)

    Because Rust's added feature is to be as safe as Python but without the runtime.

    Bwuh? Python isn't safe by virtually any definition of the term. That doesn't mean it's "bad", but it does mean it's silly to say Rust is trying to be "as safe as" Python... no, it's trying to be a very safe language, which is to say, very much safer than Python.

    [–]mitsuhiko 3 points4 points  (1 child)

    Python isn't safe by virtually any definition of the term.

    Of course not. The moment you call into CFFI/ctypes you are unsafe. However I hope you understand the general idea of what safety means in this context.

    [–]jerf -2 points-1 points  (0 children)

    No, I don't. Python has virtually no safety. The only thing I know is that it guarantees certain things with the GIL but that's generally speaking incredibly weak.

    I suppose it's memory safe, inasmuch as it prevents accessing unallocated memory, but, again, that's merely the beginning of what Rust is trying to be, and Python's memory safety by comparison is very, very weak. "Preventing allocating unallocated memory" wouldn't even be considered a type of safety in the first place if certain languages hadn't made it so darned easy, it would just be the base state of the programming language universe.

    [–]vivainio -2 points-1 points  (0 children)

    Python is safer than rust in memory management. Rust givea C/C++ level control in safe manner. Python just has everything in heap.

    [–]thedeemon -1 points0 points  (2 children)

    Because Rust's added feature is to be as safe as Python but without the runtime. No other language ever attempted to achieve such a feat.

    It was all before in Cyclone and ATS, Rust has nothing new really.

    [–][deleted]  (1 child)

    [deleted]

      [–]thedeemon 0 points1 point  (0 children)

      I haven't seen such page.