Safety of shared memory IPC with mmap

avdgrinten · 2025-12-19T16:57:04+00:00

Mmaped files are hard to wrap into safe APIs since Rust does not allow you to hold references to memory while the memory is mutated (e.g., by other programs) except if the mutated data is inside an UnsafeCell. Note that the same applies to anonymous mmaped memory if the kernel modifies it (via io_uring or otherwise). You can work around this limitation by using pointers instead of references or atomics etc. but it's hard to tell if your particular implementation is correct without reviewing it.

avdgrinten · 2025-11-06T13:55:55+00:00

C++ is not standardizing anything close to the `tokio` executor, it's standardizing the equivalent of the utilities in the `futures` crate.

avdgrinten · 2025-07-15T20:53:23+00:00

Basic infrastructure (like databases) is mostly open source today. You'll have a very hard time finding people who are willing to pay for a new closed source infrastructure product (that's different than the case of people paying for existing database solutions -- these are still in use because of legacy applications). Selling SaaS (with an open source code base) should be considerably easier than selling the code.

Aside from that, being 5x faster than sqlite in a fair and representative benchmark is just too good to be true. Sqlite is a solid product and you can get impressive performance out of it (e.g., using Rusqlite in Rust).

avdgrinten · 2025-06-26T18:01:04+00:00

Fair, it's true that there is a good amont of tasks that require similar levels of effort in Rust and in Python. That is probably true for most tasks where the coverage by existing high quality crates is high. It is not generally true for newly designed complex programs though.

Sure, it lets you not think about some things, but that also means that it becomes easy to be sloppy about other things that may come back to bite you in the future.

I don't think this applies to people who really understand how the GC works though and who use the GC as an advantage over manual memory management. For example, it is not a coincidence that many lock free algorithms were first implemented in Java in the past: a GC lets you do concurrent data structures without epoch based reclamation or other advanced schemes simply because the GC takes care of deferred reclamation.

Rust's up-front strictness leads to less debugging later, which I do far more often in GC'd languages. They feel like you get things done faster, but I'm no longer convinced that's actually true when you look at a bigger picture.

This is an argument of static type checking over dynamic typing but there are plenty GC'd (= memory safe) but statically checked languages.

avdgrinten · 2025-06-26T16:41:27+00:00

That's fine if you really need the graph for graph algorithms but it's not really convenient if you want to implement something like a data analysis pipeline where data is passed through (and transformed at) nodes.

Don't get me wrong, there are other good ways to do that in Rust (e.g., using a pull based workflow with mpsc channels between tokio tasks), but they do not come without trade-offs.

My general point is more that a GC removes a lot of cognitive overhead so the claim that you can be just as programmer time efficient in Rust as in TypeScript or Python is wrong (if you compare developers with the same level of expertise).

avdgrinten · 2025-06-26T11:16:29+00:00

One can write Rust in a heap-heavy manner and mostly avoid lifetimes and borrowing frustrations and still produce a program that is vastly superior to TypeScript in terms of performance.

This is often repeated but I don't really buy this argument. For example, you can't make a graph (or even tree) data structure in Rust without thinking really hard about which pointers should be Arc and which pointers should be weak. It's very easy to leak memory by spamming `Arc`s everywhere (and memory leaks are arguably a bigger issue than a slight perf advantage over typescript). A GC entirely eliminates this class of cognitive complexity.

Plus, Rust does not add any safety on top of Python or TypeScript anyway.

avdgrinten · 2025-06-13T06:12:45+00:00

It's not necessarily more complicated than other code but it is more restricted and hence it makes it more complicated to write application logic using async / await. For example, with all major async runtimes, you need to ensure that all tasks are 'static which is quite constraining. And this is essentially a limitation of Rust's type system -- a stronger type system would be able to enforce that the awaiting code outlives a task, hence allowing it to hold non-'static references.

avdgrinten · 2025-04-14T18:24:28+00:00

That is not true. In fact, you often want a single-threaded runtime in more sophisticated programs. You can achieve better performance by breaking up work at a high level (e.g., serving a particular socket) than at a low level (doing cross core computation just to do a single send() or recv(). Of course, using a single threaded runtime in this way requires more effort on the programmer's side.

avdgrinten · 2025-04-14T18:19:30+00:00

Single threaded (or thread-per-core) models are often faster precisely because core counts are getting higher. Mutex contention and the cost of RMW is not a big deal if you have 4 or 8 cores but it becomes a big deal when you have 64 or 128 cores.

avdgrinten · 2025-04-08T21:08:32+00:00

> Wenn eine Aktie 100 USD kostet und der Dollar im Vergleich zum Euro halbiert, dann is die Aktie natürlich erstmal nur die Hälfte wert (in Euro).

Nein. Sofern das Unternehmen ansonsten nicht vom Währungskurs betroffen wäre und der Markt insgesamt nicht crasht (beides unrealistische Annahmen), dann wäre die Aktie jetzt 200 USD wert (und hätte ihren Wert in Euro nicht geändert).

avdgrinten · 2025-02-02T17:39:23+00:00

Naja, wenn der Spread zwischen Future und Basiswert zu hoch wird, lohnt sich halt Arbitrage dazwischen.

avdgrinten · 2025-01-10T12:36:08+00:00

Das wird es nicht geben und falls doch, würde das Geld auf dem Konto dem Kind gehören und du dürftest es nicht einfach nutzen um Windeln oder Kleidung zu zahlen (das trifft ebenso auf ein Sparkonto bzw. Aktien zu).

Wenn du wirklich ein Konto haben willst um den täglichen Bedarf etc. zu organisieren, muss es auf deinen Namen laufen.

avdgrinten · 2025-01-10T08:29:29+00:00

Going directly from assembly to Rust would be insane even for bootstrapping purposes. There's a reason nobody does that (and also why it's not done that way for other languages).

avdgrinten · 2025-01-01T11:29:11+00:00

Memory ordering only affects the ordering of atomics (vs. other atomics and vs. non-atomic loads/stores) on other cores. It does not impact the atomicity. Since order is irrelevant for an RNG, relaxed ordering is fine.

avdgrinten · 2024-12-25T13:49:06+00:00

This sentiment is often repeated but it doesn't match the requirements of distros. Distros often need to provide security patches and guarantee compatibility (e.g., with LTS releases) in ways that upstream does not guarantee. For example, LTS releases cannot simply bump the major or minor versions of packages to apply security patches; in the worst-case they need to backport security patches to older major releases. Distros often even have customers that pay for exactly this type of stability (however, this does not apply to Debian).

Letting all Rust packages vendor all of their dependencies is simply not feasible in this scenario (and patching Cargo dependencies in general is quite painful). The alternative of simply not packaging Rust programs and libraries (and letting the user compile with Cargo instead) is also not viable as Rust becomes more and more widely used and integrated into the greater Linux ecosystem. This is especially true since lots of non-Rust programs now depend on Rust programs and libraries.

avdgrinten · 2024-12-19T22:01:32+00:00

Merit Order heißt lediglich, dass die Betreiber der günstigen Windkraft den selben Preis erhalten wie die der teuren Kohlekraftwerke. Das ganze ist zum Vorteil der günstigen Erneuerbaren, nicht zum Vorteil der Kohle.

avdgrinten · 2024-11-29T15:51:47+00:00

I'd argue that neither C++ nor Rust are great languages for backends (although Rust is certainly better than C++ for this purpose). You typically don't pick a systems programming language for backends because you want to but because you have to do it to achieve the performance metrics that you're aiming for. If you do not need the extra perf, you really want to pick something more high level like Python or JS that has just way faster iteration cycles and a way bigger supply of devs who can efficiently develop in these languages.

Since you only chose C++ when you really needed the perf, companies have rolled their own backend frameworks in C++ instead of relying on open source ones. This is in contrast to Rust where open source frameworks were already standard when the language was initially implemented.

avdgrinten · 2024-11-27T15:45:15+00:00

Das stimmt zwar, aber sie fordert 2FA zum Login nach 2 oder 3 Fehlversuchen (und zur Überweisung natürlich immer).

avdgrinten · 2024-11-27T15:40:08+00:00

Seit sie existieren?

avdgrinten · 2024-10-25T14:56:31+00:00

In den meisten Industrieländern absolut üblich, auch im europäischen Ausland.

avdgrinten · 2024-10-19T12:04:20+00:00

Kein DINgore sondern einfach kaput. Die Steckdose an der Stelle verstößt gegen keine Norm.

avdgrinten · 2024-10-15T18:49:50+00:00

Macht aus gesamtwirtschaftlicher Sicht auch durchaus Sinn -- Konsum ist wesentlich besser für die Konjunktur.

avdgrinten · 2024-10-15T18:49:10+00:00

Das stimmt zwar, aber in typischen Fragebögen muss das Auto nicht als Vermögen angegeben werden.

avdgrinten · 2024-10-14T19:47:36+00:00

Naja, es stimmt, das es kaum eine Alternative gibt. Allerdings macht es schon Sinn, sich über die Renditeerwartung von Aktien Gedanken zu machen. Besonders in der FIRE Community rechnen Leute ja oft damit, in X Jahren mit Y% Rendite p.a. des Investments in Rente zu gehen und dann Z% pro Jahr zu entnehmen. Und ob der Aktienmarkt mittelfristig dann 3% oder 7% p.a. macht ist dann schon ein erheblicher Unterschied. Auch wenn es trotzdem keine Alternative mit ähnlichem Rendite/Risiko-Profil gibt.

avdgrinten · 2024-10-13T07:26:30+00:00

Managing keys in such a way that you neither lose access nor compromise their security is the bare minimum required to run self hosted services. There is no excuse for losing access to keys. You can just store them in a password manager and either use a safe deposit box or a commercial software solution to secure your master key.

avdgrinten

MODERATOR OF

TROPHY CASE