[Argorak]

Rust only saves you from simple races, not more complex ones. That's quite a lot already.

Most importantly, though, it preserves _memory safety_ in concurrent situations, so your stuff won't randomly crash, but properly panic.

It's no silver bullet, but it _is_ the "magic sauce" behind Stylo.

[qznc]

More precisely, Rust saves you from data races but not race conditions.

https://blog.regehr.org/archives/490

[deckarep]

I’m pretty sure Rust saves you from ALL data races so long as you stay within the boundaries of safe code. Do you have anything at all to reference otherwise that says only certain data races are detected while others are not?

To my knowledge you can defeat the compile-time data race detection if you are either doing unsafe or certain scenarios with Cell/RefCell but even in that case you are guaranteed runtime detection rather than compile time detection.

These feature alone is worth its weight in gold.

[s17n]

Given the a "data race" is essentially defined to be the class of races that Rust's type system guards again, yeah it saves you from all of them.

[kibwen]

Rust's definition of "data race" isn't just "what the Rust compiler rejects", it has a specific meaning:

"Safe Rust guarantees an absence of data races, which are defined as: 1. two or more threads concurrently accessing a location of memory, 2. one of them is a write, 3. one of them is unsynchronized."

https://doc.rust-lang.org/nomicon/races.html

[Argorak]

qznc puts that better then I do. It saves you from data races, but not from race conditions.

Cell and RefCell are both not Sync (that means they can't be used from multiple threads) for a reason. RefCell does, however, allow borrow checking at runtime, for wrapping it with something that establishes Sync.

[wahern]

Here's a potential use-after-free, listed in my query:

  https://github.com/servo/servo/issues/14014

Of course it's using unsafe code and doing other crazy stuff--a lot of these issues are related to shared, mutable, tree structures. But that's precisely my point. When you're implementing something as sophisticated as Servo and trying to keep things performant and multi-threaded, concurrency is hardly fearless. Servo does this and they have bugs.

Indeed, being "fearless" is precisely how you end up with these bugs, in Rust or any other language. If you're fearless you're more apt to move from a big lock to a fine-grained locking mechanism. That's error prone, including in Rust.

It's like that dude in Florida whose Tesla flew under the tractor trailer. He was fearless in the same way inexperienced engineers using Rust will be when they hear "fearless concurrency". They'll push the envelope when they have no need to, because that's what inexperienced engineers do who haven't been burned, especially when they think their tools make them fire-proof.