Re: The Case for Rust (in any system)

From: David Chisnall <theraven_at_freebsd.org>
Date: Fri, 06 Sep 2024 07:25:41 UTC
On 5 Sep 2024, at 20:20, Karl Denninger <karl@denninger.net> wrote:
> 
> To argue that the answer is to put a diaper on a child so it does not drop excrement on the carpet is to forever treat said human as an infant without control of its sphincters. 

Not only is this argument insulting, it’s also unhelpful. You could make the same argument about structured programming. Good programmers can hold the entire control-flow graph in their head, they don’t need a language that enforces a call-return discipline. Or about C’s decision to have multiple data types rather than BCPL’s single WORD values: good programmers know which things are addresses and which are data. Good programmers know how they laid out their data and don’t need struct types, they can just add constants to words to get fields.

Saying that you want to use all of the safety improvements in system-language design up to the late 1980s but none of the ones that came later is not the compelling argument that you think it is.

It’s much more helpful to think in terms of cognitive load. You have a finite amount of brain power available to work on any problem. You have a a machine that can handle any of the mechanical tasks. Do you use up your own mental resources on things that can be mechanically checked or do you let the computer do those and let you think about the underlying problem?

With Rust or modern C++, I spend far less of my time focusing on low-level implementation details of data structures or on memory-management policies because those are abstracted behind types. I can change them later by swapping the types out. I can focus on the important bits of the design. For the same amount of effort, I get better code.

Going back to a language without even RAII, where I have to manually clean things up on every error path requires me to write code that is entirely generic boilerplate and wastes my time writing it and reviewers’ time reading it. Going back to a language that doesn’t give abstractions over data types and requires me to write a load of boilerplate that could be automated, which wastes my time, wastes reviewer time and makes the code more fragile and harder to refactor.

You may enjoy digging foundations with a spade as a proof of some aspect of your self identity, but the rest of us will use a digger.

David