Following the ACM TechTalk, Carol Nichols and Jake Goulding were kind enough to answer some additional questions we were not able to get to during the live event. These questions and answers are presented below:
Q: As someone who primarily uses C plus plus, what are some strategies I can do to convince my employer to try and use Rust given that the code would need to easily integrate into our current build system (CMake)? Would it be better to write one off internal tools?
CAROL NICHOLS: Ashley Williams did a great talk on this subject of convincing your employer to use Rust (https://www.youtube.com/watch?v=GCsxYAxw3JQ). Rust can also be used with CMake (https://flames-of-code.netlify.com/blog/rust-and-cmake/) in general; not sure if you have particular requirements that would add complexity.
Q: On C and security: that is why I use Java for most of my code and C/assembler only where is strictly required. Comments? How does Rust do on this?
CN: That is a perfectly valid strategy! The biggest difference is that Java uses a garbage collector at runtime to provide memory safety, while Rust uses the borrow checker at compile time. The resources needed at runtime may or may not be a concern for you. See this whitepaper on how a startup saved money by using Rust instead of Java.
Q: Are pointers possible in Rust? If so, how to use?
CN: Yes, you can use raw pointers in Rust, but dereferencing them is unsafe. See the Rustonomicon for lots of details!
Q: I wonder how the ownership rules works for collections like linked lists or dictionaries. Or any structure that can store "pointers”?
CN: Doubly linked lists are interesting in Rust because of the ownership assumptions! Check out Learning Rust with Entirely Too Many Linked Lists for more info.
*Q: I’ve heard many hospitals use old technology because of regulation, and newer tech needs to go through various approval processes, leading to use of old software with vulnerabilities. Do you think that further regulation is a step up from where we are today?
CN: I think we need better regulation that takes into account the need to update software to patch vulnerabilities. This is a complex issue though and isn’t going to be fixed overnight!
Q: Memory safety is just one class of errors: does Rust have any features for correctness e.g. static proofs/models?
CN: The language doesn’t have built-in features for this, but there are project such as RustBelt that are investigating using formal methods with Rust.
Q: How does Rust defends against thread safety problems?
CN: By using the ownership/borrowing concepts and the type system; see the Concurrency chapter in the book for detailed information.
Q: With what languages does Rust have fully functional interop capabilities?
CN: Rust has a C Foreign Function Interface (FFI) and can interface with any language that also has a C FFI. See Jake’s Rust FFI Omnibus for some examples!
Q: Does Rust have an independent compiler or does it use the LLVM only?
CN: There are some efforts in progress to create independent compilers; mrustc is one such effort.
Q: One big way to bring the adoption is to bring this to web world. Like http web framework or front end world frameworks. Where does rust stand today on this front or is the community not focusing on it as of now?
CN: Pieces of web frameworks exist, and there’s a lot of experimentation going on. Async/await support in the language just stabilized as of Rust 1.39.0, and that will likely lead to even more experimentation. AreWeWebYet is a resource tracking Rust’s progress in this area.
Q: Why is it that the same syntax in other languages is “borrowed” by rust to mean slightly different things. Like plain let expressions being immutable and plain = assignment meaning change ownership (which is a much stricter concept than assignment in most other languages). Can you comment on why these language design choices were made? And does rust also have an automatic assignment operator meaning “move ownership OR borrow” that would more closely mirror assignment in other languages?
CN: I’m not sure about those particular design decisions, but a lot of thought goes into the “complexity budget” we have to be different or familiar in terms of syntax. See this discussion for some thoughts on Rust syntax design in general
Q: ADA with Spark could be proven for correctness; ADA is also used for 747 and Nuclear Plants control, also has a very small footprint to be used in embeded devices. Which areas could Rust compete with a language such as ADA?
CN: We are hoping that Rust will someday be competitive with Ada in any domain; we do have a lot of work to do in the areas of standardization, certification, and correctness proving to get there.
Q: Do you know of other programming languages that are borrowing concepts from Rust?
CN: Yup! D is considering adding ownership and borrowing. C++ is incorporating many ideas from Rust; someone recently proposed implementing something similar to the Rust editions concept I discussed.
Q: Are you aware of any examples of Rust being used for high performance scientific computing?
CN: Yes, there’s a company called 10x Genomics who uses Rust to analyze genomes. You may also be interested in this blog post series on Scientific Computing: a Rust adventure.
Q: Do you believe that Rust is something that you see being used to build systems such as telcom switching and packet forwarding systems?
CN: Yes, quite possibly! I’m not very familiar with those domains, but we hope to make Rust general purpose and appropriate for any systems context.
Q: What was that repository link?
Q: Does Rust use reference counting? In your first example both x and y referred to the same string.
JAKE GOULDING: Rust the language does not use runtime reference counting. The example of
let x = y transfers ownership, and
let x = &y takes a reference. This counting is checked at compile time by the borrow checker. The Rust standard library has opt-in reference counting to allow for shared ownership (the
Q: You just demoed that compiler catches dangling reference (or variant of use after free). Is it possible to prove that the Rust compiler catches ALL such situations, no matter how complex is the passing of references, etc?
JG: The Rust compiler is conservative. Safe Rust will never allow memory unsafety, but it might disallow code that is actually safe but is too complicated for the compiler. This is a case to use unsafe Rust.
Q: Is Rust Strongly typed like standard C++?
JG: Yes, Rust is a strongly-typed language.
Q: Doesn’t Rust take a performance hit from runtime out-of-bounds checking?
JG: I want to clarify the response I gave; I mentioned turning off bounds checking in release mode but I was thinking of turning off integer overflow checks in release mode. Typically, you wouldn’t turn off all bounds checks in release mode; you’d use iterators so that many bounds checks can be elided or unsafe methods like get_unchecked for when you can guarantee to the compiler that bound checks aren’t necessary. There’s some more information in this stack overflow question, answer, and comments.
Q: What’s a Fuzzer?
JG: https://en.wikipedia.org/wiki/Fuzzing is a technique to generate random data as input to your program to explore the various conditional branches of your program and exercise it thoroughly.
Q: Is Rust proactive in implementing safety/security or does the user need to act proactively?
JG: The Rust language is always safe by default, but be aware that we use a specific definition of safety: memory safety.
Q: What is the prospect for getting the Rust toolchain (and a sufficiently usable set of support libraries) certified in a manner that would allow it to be used in safety-critical applications such as airbags, avionics, and medical equipment?
JG: It’s something we’d like to see happen, but as always it requires time, money, and human power. Another Rust consultancy has put out a call for participation to help this along. https://ferrous-systems.com/blog/sealed-rust-the-pitch/
Q: Is it possible to link Rust code with C plus plus with the MSVC compiler?
JG: Yes, although the C ABI is not a standard (and varies by platform), so you need to utilize the C ABI for FFI, which is less-featured than either Rust or C.
Q: What is the latest /current version of Rust?
JG: The current version of Rust is 1.38 and can always be found at the Rust home page: https://www.rust-lang.org/.
Q: As someone who knows Rust but has not contributed to open source projects before where can I start with contributing to the Rust compiler?
JG: Some links to go with the answer I gave: The Rustc Book that walks you through the compiler’s architecture, and This Week in Rust, a newsletter that includes a Call for Participation section containing issues with mentors that would be good first issues.
Q: How is ‘borrowing’ implemented in different physical (OS and hardware) platform configurations?
JG: Borrowing is checked at compile-time, so the target platform does not come into play.
Q: Can you share the rustfix repo url?
Q: How about libraries? Are they stable or yet to be?
JG: The Rust standard library has the same stability guidelines as Rust. Third-party libraries follow semantic versioning and each library chooses their own stability timelines.
Q: Who is funding the Rust group?
JG: It’s open source, but most of the funding comes from Mozilla currently.
Q: Are there any IDEs that support Rust?
JG: Yes, there are multiple. Most IDEs use the language server protocol. Visual Studio Code is a popular one, as is emacs, vi, CLion, NetBeans.
Q: I would have thought that the runtime implementation of borrowing would have depended on things like memory address register spaces and physical memory access (whether on bus or networked)
JG: There is no runtime implementation of borrowing; the generated code of a reference is the same as a pointer.
Q: Under which applicable license the language can be used?
JG: The Rust language imposes no requirements on the licensing of your code. The compiler itself is dual-licensed as MIT and Apache 2. Many libraries follow this pattern.
Q: Is there an exception handling mechanism?
JG: Rust has panics for very fatal errors, but most Rust programs return a
Result, which is a discriminated union of a success or error type. https://doc.rust-lang.org/stable/book/ch09-00-error-handling.html
Q: How about unit testing or assertions support?
JG: Yes, basic testing support is included. https://doc.rust-lang.org/stable/book/ch11-00-testing.html
Q: Do you have any links to performance comparisons between Rust and C?
JG: The techempower benchmarks compare web framework performance; actix-core and actix-pg are Rust web frameworks that are currently at the top of many of the benchmarks. The benchmarks game also has a number of comparisons of Rust with C. ixy-languages is a project that has implemented a high-speed network driver in a number of languages and has analyzed the performance.
Q: Can you mention the complier book’s names once again that walk you around Rust compiler?
Q: How can new contributors join in on developing the Rust compiler? And is Rust a part of the LLVM project?
JG: The Rust compiler is open source at https://github.com/rust-lang/rust and there are some instructions available at https://www.rust-lang.org/community. Rust uses LLVM, but is not a part of the project.
Q: The last language I used in anger was FORTRAN. Can I learn Rust?