Rust: In it for the Long Haul

Title: Rust: In It for the Long Haul
Date: Friday, November 1, 2019 12 PM ET / 9:00 AM PT
Duration: 1 hour

SPEAKER: Carol Nichols, Co-Founder, Integer32; Co-Author, The Rust Programming Language

Resources:
TechTalk Registration
The Rust Programming Language (Skillsoft book, free for ACM Members)
Programming Rust
(O’Reilly book, free for ACM Members)
Learning Rust (O’Reilly Video, free for ACM Members)
Beginning Rust: From Novice to Professional (Skillsoft book, free for ACM Members)
Learn Rust & Build Reusable Code from Scratch (O’Reilly Learning Path, free for ACM Members)

I don’t see the link to watch this on Nov 1st. How do I watch?

The link is in the resource list above. It is: https://webinars.on24.com/acm/nichols?partnerref=dis

I see the problem now … that link takes me to the registration
(which I had already done), and after registration you have to click
on one of the 2 “add event to calendar” at bottom.
If you don’t click on those, you can’t see the view URL.
So I re-registered, and then did click on “add to calendar”.
One suggestion for the future is to mention above the
calendar links that you MUST click on them to get the view URL.
Thank you so much for organizing this event, I look forward to it!

2 Likes

Part of (?) the confusion may be because the announcement here states:

…, but per:

…, the webinar actually will be on 2019-11-01. :wink:

Thanks for letting us know! Fixed.

Thanks for your feedback, Glenn, we’ll take a look.

FYI, whenever you register, you do receive an immediate confirmation and then 2 more reminders before the webcast begins, with the link to access the talk (the link is the same as the registration link, and if you have already registered, you’ll be able to go directly to the live or recorded webcast).

Never mind. Found my answer here.

Not sure I agree with the rationale, being a long-time C++ developer, but that’s a different (my) issue. :wink:

How ready is Rust for the low-powered embedded, e.g. ARMv4 family? There is Tock OS, but it targets more powerful CPUs.

1 Like

From Jake Goulding (our moderator today):

Rust the language is well-suited for all types of embedded development. Specific device support relies on what platforms LLVM supports targeting. The current list of platforms is available at https://forge.rust-lang.org/release/platform-support.html. This includes at least one ARMv4 device.

1 Like

Regarding the webinar discussion of Rust as a “universal” language…

Don’t give up yet! Of all the new languages that have come out in the last few years (Kotlin, Dart, Go, etc.), I feel Rust has the best chance of attaining that goal, mainly because it concentrated on low-level performance (esp. embedded), safety, and programmer ergonomics first and the fortunate coincidence of WebAssembly coming out at about the same time to provide access to the high-level end of the spectrum, web development. Now if Rust could just add a JVM backend to cover that popular middle ground :wink:

In the vein of language cross-pollination…

Your example of DSLs and XSL, in particular, was a good one. Maybe add language features to make Rust better at creating DSLs (e.g., see Kotlin’s DSL creation features (my second favorite new language :slight_smile: ))?

Rust is close to being that universal, safe, extensible language for a wide range of software domains. Don’t give up yet!

But being an old retired C++ programmer, Remember the Vasa!

P.S. Fuchsia (at least the Zircon kernel) is primarily written in C/C++, I believe. They have added the ability to write Component and Modular parts that interface with the kernel in Rust.

Now, the Redox OS is completely written in Rust.

Have you looked at Ada/SPARK languages? They really address the short comings of C/C++. It might be interesting to look into how one might add the Rust memory allocation approach to Ada and make it safer. It could probably be done with a library.

Ada has controlled types, which are the equivalent of RAII for C++ types. When you say make Ada safer, what aspect of Ada are you referring to?

I think the main differences between C++ and Ada are:

  1. Ada is strongly typed and C++ is weakly typed

    1. Ada has a much better packaging of the software then the
      include files of the C pre-processor.
  2. Ada has much better typing:
    a. arrays can have indexes that start with a number
    other than zero and the upper and lower bounds are always checked.
    There are no buffer over or under flows.
    b. Enumerations can be used as indexes of arrays.
    c. There several other features that are checked at
    run-time to verify correct operation.

  3. Supports multi-threading in the language.

  4. Strongly typed templates

    1. Object copying by the assignment operator not a subroutine
      call.

    2. The Ada language does not allow subsets or super-sets. SPARK
      is a subset of Ada that improves the reliability of Ada.

    3. The Ada standard is available online for free,
      . It is very readable
      and smaller than the C++ and standard template library. There is
      also a Rationale for the new features. The standards for the older
      versions plus rationales (1983, 1995, 2005) are also available.
      There are also test suites as well.

    In summary, my defect rate is about 1.2 defects per 1,000 lines
    of C/C++ and Java code over about 20,000 lines of code. With Ada,
    it is about 0.3.

    It takes a little more thought to write an Ada program, but when
    you get it to compile, it usually works.

Following the ACM TechTalk, Carol Nichols and Jake Goulding were kind enough to answer some additional questions we were not able to get to during the live event. These questions and answers are presented below:

Q: As someone who primarily uses C plus plus, what are some strategies I can do to convince my employer to try and use Rust given that the code would need to easily integrate into our current build system (CMake)? Would it be better to write one off internal tools?

CAROL NICHOLS: Ashley Williams did a great talk on this subject of convincing your employer to use Rust (https://www.youtube.com/watch?v=GCsxYAxw3JQ). Rust can also be used with CMake (https://flames-of-code.netlify.com/blog/rust-and-cmake/) in general; not sure if you have particular requirements that would add complexity.

Q: On C and security: that is why I use Java for most of my code and C/assembler only where is strictly required. Comments? How does Rust do on this?

CN: That is a perfectly valid strategy! The biggest difference is that Java uses a garbage collector at runtime to provide memory safety, while Rust uses the borrow checker at compile time. The resources needed at runtime may or may not be a concern for you. See this whitepaper on how a startup saved money by using Rust instead of Java.

Q: Are pointers possible in Rust? If so, how to use?

CN: Yes, you can use raw pointers in Rust, but dereferencing them is unsafe. See the Rustonomicon for lots of details!

Q: I wonder how the ownership rules works for collections like linked lists or dictionaries. Or any structure that can store "pointers”?

CN: Doubly linked lists are interesting in Rust because of the ownership assumptions! Check out Learning Rust with Entirely Too Many Linked Lists for more info.

*Q: I’ve heard many hospitals use old technology because of regulation, and newer tech needs to go through various approval processes, leading to use of old software with vulnerabilities. Do you think that further regulation is a step up from where we are today?

CN: I think we need better regulation that takes into account the need to update software to patch vulnerabilities. This is a complex issue though and isn’t going to be fixed overnight!

Q: Memory safety is just one class of errors: does Rust have any features for correctness e.g. static proofs/models?

CN: The language doesn’t have built-in features for this, but there are project such as RustBelt that are investigating using formal methods with Rust.

Q: How does Rust defends against thread safety problems?

CN: By using the ownership/borrowing concepts and the type system; see the Concurrency chapter in the book for detailed information.

Q: With what languages does Rust have fully functional interop capabilities?

CN: Rust has a C Foreign Function Interface (FFI) and can interface with any language that also has a C FFI. See Jake’s Rust FFI Omnibus for some examples!

Q: Does Rust have an independent compiler or does it use the LLVM only?

CN: There are some efforts in progress to create independent compilers; mrustc is one such effort.

Q: One big way to bring the adoption is to bring this to web world. Like http web framework or front end world frameworks. Where does rust stand today on this front or is the community not focusing on it as of now?

CN: Pieces of web frameworks exist, and there’s a lot of experimentation going on. Async/await support in the language just stabilized as of Rust 1.39.0, and that will likely lead to even more experimentation. AreWeWebYet is a resource tracking Rust’s progress in this area.

Q: Why is it that the same syntax in other languages is “borrowed” by rust to mean slightly different things. Like plain let expressions being immutable and plain = assignment meaning change ownership (which is a much stricter concept than assignment in most other languages). Can you comment on why these language design choices were made? And does rust also have an automatic assignment operator meaning “move ownership OR borrow” that would more closely mirror assignment in other languages?

CN: I’m not sure about those particular design decisions, but a lot of thought goes into the “complexity budget” we have to be different or familiar in terms of syntax. See this discussion for some thoughts on Rust syntax design in general

Q: ADA with Spark could be proven for correctness; ADA is also used for 747 and Nuclear Plants control, also has a very small footprint to be used in embeded devices. Which areas could Rust compete with a language such as ADA?

CN: We are hoping that Rust will someday be competitive with Ada in any domain; we do have a lot of work to do in the areas of standardization, certification, and correctness proving to get there.

Q: Do you know of other programming languages that are borrowing concepts from Rust?

CN: Yup! D is considering adding ownership and borrowing. C++ is incorporating many ideas from Rust; someone recently proposed implementing something similar to the Rust editions concept I discussed.

Q: Are you aware of any examples of Rust being used for high performance scientific computing?

CN: Yes, there’s a company called 10x Genomics who uses Rust to analyze genomes. You may also be interested in this blog post series on Scientific Computing: a Rust adventure.

Q: Do you believe that Rust is something that you see being used to build systems such as telcom switching and packet forwarding systems?

CN: Yes, quite possibly! I’m not very familiar with those domains, but we hope to make Rust general purpose and appropriate for any systems context.

Q: What was that repository link?

CN: is.gd/rustLH

Q: Does Rust use reference counting? In your first example both x and y referred to the same string.

JAKE GOULDING: Rust the language does not use runtime reference counting. The example of let x = y transfers ownership, and let x = &y takes a reference. This counting is checked at compile time by the borrow checker. The Rust standard library has opt-in reference counting to allow for shared ownership (the Rc and Arc types).

Q: You just demoed that compiler catches dangling reference (or variant of use after free). Is it possible to prove that the Rust compiler catches ALL such situations, no matter how complex is the passing of references, etc?

JG: The Rust compiler is conservative. Safe Rust will never allow memory unsafety, but it might disallow code that is actually safe but is too complicated for the compiler. This is a case to use unsafe Rust.

Q: Is Rust Strongly typed like standard C++?

JG: Yes, Rust is a strongly-typed language.

Q: Doesn’t Rust take a performance hit from runtime out-of-bounds checking?

JG: I want to clarify the response I gave; I mentioned turning off bounds checking in release mode but I was thinking of turning off integer overflow checks in release mode. Typically, you wouldn’t turn off all bounds checks in release mode; you’d use iterators so that many bounds checks can be elided or unsafe methods like get_unchecked for when you can guarantee to the compiler that bound checks aren’t necessary. There’s some more information in this stack overflow question, answer, and comments.

Q: What’s a Fuzzer?

JG: https://en.wikipedia.org/wiki/Fuzzing is a technique to generate random data as input to your program to explore the various conditional branches of your program and exercise it thoroughly.

Q: Is Rust proactive in implementing safety/security or does the user need to act proactively?

JG: The Rust language is always safe by default, but be aware that we use a specific definition of safety: memory safety.

Q: What is the prospect for getting the Rust toolchain (and a sufficiently usable set of support libraries) certified in a manner that would allow it to be used in safety-critical applications such as airbags, avionics, and medical equipment?

JG: It’s something we’d like to see happen, but as always it requires time, money, and human power. Another Rust consultancy has put out a call for participation to help this along. https://ferrous-systems.com/blog/sealed-rust-the-pitch/

Q: Is it possible to link Rust code with C plus plus with the MSVC compiler?

JG: Yes, although the C ABI is not a standard (and varies by platform), so you need to utilize the C ABI for FFI, which is less-featured than either Rust or C.

Q: What is the latest /current version of Rust?

JG: The current version of Rust is 1.38 and can always be found at the Rust home page: https://www.rust-lang.org/.

Q: As someone who knows Rust but has not contributed to open source projects before where can I start with contributing to the Rust compiler?

JG: Some links to go with the answer I gave: The Rustc Book that walks you through the compiler’s architecture, and This Week in Rust, a newsletter that includes a Call for Participation section containing issues with mentors that would be good first issues.

Q: How is ‘borrowing’ implemented in different physical (OS and hardware) platform configurations?

JG: Borrowing is checked at compile-time, so the target platform does not come into play.

Q: Can you share the rustfix repo url?

JG: https://github.com/rust-lang/rustfix

Q: How about libraries? Are they stable or yet to be?

JG: The Rust standard library has the same stability guidelines as Rust. Third-party libraries follow semantic versioning and each library chooses their own stability timelines.

Q: Who is funding the Rust group?

JG: It’s open source, but most of the funding comes from Mozilla currently.

Q: Are there any IDEs that support Rust?

JG: Yes, there are multiple. Most IDEs use the language server protocol. Visual Studio Code is a popular one, as is emacs, vi, CLion, NetBeans.

Q: I would have thought that the runtime implementation of borrowing would have depended on things like memory address register spaces and physical memory access (whether on bus or networked)

JG: There is no runtime implementation of borrowing; the generated code of a reference is the same as a pointer.

Q: Under which applicable license the language can be used?

JG: The Rust language imposes no requirements on the licensing of your code. The compiler itself is dual-licensed as MIT and Apache 2. Many libraries follow this pattern.

Q: Is there an exception handling mechanism?

JG: Rust has panics for very fatal errors, but most Rust programs return a Result, which is a discriminated union of a success or error type. https://doc.rust-lang.org/stable/book/ch09-00-error-handling.html

Q: How about unit testing or assertions support?

JG: Yes, basic testing support is included. https://doc.rust-lang.org/stable/book/ch11-00-testing.html

Q: Do you have any links to performance comparisons between Rust and C?

JG: The techempower benchmarks compare web framework performance; actix-core and actix-pg are Rust web frameworks that are currently at the top of many of the benchmarks. The benchmarks game also has a number of comparisons of Rust with C. ixy-languages is a project that has implemented a high-speed network driver in a number of languages and has analyzed the performance.

Q: Can you mention the complier book’s names once again that walk you around Rust compiler?

JG: https://github.com/rust-lang/rustc-guide

Q: How can new contributors join in on developing the Rust compiler? And is Rust a part of the LLVM project?

JG: The Rust compiler is open source at https://github.com/rust-lang/rust and there are some instructions available at https://www.rust-lang.org/community. Rust uses LLVM, but is not a part of the project.

Q: The last language I used in anger was FORTRAN. Can I learn Rust?

JG: Absolutely!

1 Like

Preaching to the converted and all that… I agree with all your points, and there are many more.
Readability is one. Anyway, you had some idea on memory management you thougth could be borrowed from Rust into Ada. Curious what you had in mind.