Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Posted Jul 14, 2021 15:28 UTC (Wed) by peter-b (guest, #66996)In reply to: Announcing Arti, a pure-Rust Tor implementation (Tor blog) by ncm
Parent article: Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Hi, C++ standards committee member here.
You can't get "equivalent safety" in C++ to Rust "by other means", because the Rust programming language can express abstractions that C++ cannot, and because Rust has different and irreconcilable semantics with respect to references which are necessary for the compile time checks that the Rust compiler performs.
If the type of "correct by construction" programming model that Rust provides is appealing, then I recommend adopting Rust. Insisting that C++ has equivalent safety is silly, because it does not.
Posted Jul 15, 2021 5:41 UTC (Thu)
by ncm (guest, #165)
[Link] (5 responses)
C++ can express abstractions that Rust (still) cannot. But both languages are evolving rapidly.
Posted Jul 15, 2021 6:21 UTC (Thu)
by roc (subscriber, #30627)
[Link] (1 responses)
Posted Jul 18, 2021 21:53 UTC (Sun)
by tialaramex (subscriber, #21167)
[Link]
But we are on the Internet, and so it is of course also possible ncm is a dog (I have verified that the committee member was not a dog).
In the former case, maybe we can say Nathan is trying to get C++ to a better place. After all, I think implicit constructors were a bad idea, they're the wrong default, but they're only a default at all because of the "explicit" keyword, which is apparently Nathan's idea. So once the situation was "C++ constructors are inexplicably dangerous" and Nathan improved it to "C++ constructors are inexplicably dangerous by default". The correct fix (an "implicit" keyword) violates C++ backwards compatibility promises and (which of more practical upshot) breaks a bunch of working code. So "explicit" means as long as every C++ programmer is conscientious and never makes a mistake they avoid this particular footgun. "Hooray".
Posted Jul 15, 2021 13:42 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link]
The one I know of is "template template" parameters (basically higher kinded types). I suspect concepts can get one higher-ranked trait bounds as well, but I'm not sure about that. FWIW, both of these are being worked on.
On the other hand, C++ lacks useful destructuring (pattern matching is being worked on, but I don't see it being anywhere near as ergonomic), is stuck with terrible macro expansion rules, bad move semantics, and a blissful unawareness of lifetime analysis at the language (as opposed to the documentation/review) level.
I know which set *I* find more useful, but that's obviously not all that universal since there are many niches in the programming space.
Posted Jul 15, 2021 17:11 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link] (1 responses)
This is trivially true, since one of the goals of Rust is to make it difficult or impossible to express some kinds of bugs. Greater expressivity is desirable only to the extent the things you're expressing are themselves desirable. Adding lots of foot guns makes the language more expressive, but in a way that's likely to make the final output worse rather than better.
Posted Jul 16, 2021 22:30 UTC (Fri)
by marcH (subscriber, #57642)
[Link]
C++ is safe, you're just "holding it wrong". Well, too bad a couple lines of code "held wrong" are enough for a vulnerability or elusive concurrency crash.
Standard committee-level discussions matter, but how that translates into what happens in the trenches matters even more.
Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Announcing Arti, a pure-Rust Tor implementation (Tor blog)
ncm
Announcing Arti, a pure-Rust Tor implementation (Tor blog)
Announcing Arti, a pure-Rust Tor implementation (Tor blog)
C++ can express abstractions that Rust (still) cannot.
Announcing Arti, a pure-Rust Tor implementation (Tor blog)