[Info-vax] Rust as a HS language, was: Re: Quiet?

Tue Apr 5 16:22:26 EDT 2022

In article <jb3j5nF8k0uU1 at mid.individual.net>,
Bill Gunshannon  <bill.gunshannon at gmail.com> wrote:
>On 4/5/22 14:55, Dan Cross wrote:
>> [snip]
>> I don't think it has much to do with what I said above at all,
>> frankly.  I never said that the language was a panacea that
>> prevents _all_ bugs.  But it significantly raises the bar over
>> just about everything else out there.
>
>And then provides a way to override all the safeties because sometimes
>you just need to get the job done.  By the way, for the few remaining
>Ada advocates out there, Ada did the same thing with allowing safeties
>to be turned off so you could write "unsafe" but functional code.  So
>did most versions of Pascal.  C just doesn't make you turn the safeties
>on and off.

Yes, but you'd be surprised how often you can avoid it.  I sure
was, coming from 25 years of C.  Indeed, learning Rust made me a
better C programmer because it started forcing me to pay
attention to things that simply never rose to my attention in C.

C has no way to express much of the safety properties that Rust
can give you _at all_.  Take ownership as a simple example;
often that is specified in comments.  By contrast, in Rust, by
default an assignment for non-trivial types is a move, and once
you'ved moved a value out of a variable, using the variable
again is an error.  Hence, ownership can be transferred in a way
that the compiler can track.  For example:

struct Foo {
    a: u32,
    b: u32,
}

fn broken() {
    let a = Foo { a: 0, b: 0 };
    let r = &a;
    // The following line is an error:
    // we are trying to "move out of a"
    // while a reference to a is still
    // alive.  Here, was say that
    // "r outlives a."
    let b = a;
    println!("b.a = {}, b.b = {}", b.a, b.b);
    println!("r.a = {}, r.b = {}", r.a, r.b);
}

Note that if we get rid of the second print, this will compile
(though we'll get a warning because we never use `r`), so the
language is smart enough to ignore a pointer that's not used
after the thing it points to goes away.  If we simply move the
second print before the assignment to b, it'll just work
without diagnostics.

	- Dan C.