[milesrout]

Maybe he meant net advantages. Rust has some advantages (ADTs, no constructors, no overloading, no preprocessor, well thought out set of string types) and some disadvantages (compile times, debug performance, heaps of wrapper cruft to step through when debugging, explicit lifetimes, pervasive type inference, ad-hoc polymorphism, no ABI stability, poor support for dynamic linking, anemic standard library, pervasive one-element-thinking encouraging millions of separate allocations all over the place, culture of simplifying code by adding copying and reallocation everywhere because the borrow checker makes sharing verbose and difficult ("just use clone"), general complexity, dramatic and dogmatic community with a penchant for social media bullying (eg serde, actix)).

What is an advantage or a disadvantage depends on who you are. Personally, I find the disadvantages (as I see them) outweigh the advantages. Others believe that some of those disadvantages are actually good things. And some of them depend on whether you are comparing to C or C++: compared to C, Rust has many disadvantages, but C++ has many of the same disadvantages, and often is worse.

I don't think Rust will ever have more new code being written in it than C and C++ combined. I doubt it will overtake either individually.

[amluto]

> compile times

C++, especially “modern” C++, can have truly horrible compile times. The lack of a usable module system makes it worse.

Variadic templates helped some. Fold expressions will help some. I expect concepts and if constexpr and such to help some: relying on SFINAE never did the compiler any favors.

But, in general, C++ template programming is quite nasty for compile times.

[milesrout]

Yes as I said "And some of them depend on whether you are comparing to C or C++: compared to C, Rust has many disadvantages, but C++ has many of the same disadvantages, and often is worse."

C++ compile times can be as bad as Rust's or worse. It does depend on how you structure things and how much you use templates. You don't need to have 10 layers of "zero cost abstraction" around everything. But that is the "proper" way to use it and what is now taught, so there is a lot of it out there and the standard library does it pervasively.

Variadic templates don't fix much compared to just writing straight line code or doing a tiny bit more work at runtime using stdarg.h.

[amluto]

Variadic templates help quite a lot compared to what older libraries did or even still do to approximate them. Check out boost::variant’s shenanigans — I recall a single-line file that includes <boost/variant.hpp> and doesn’t even instantiate the variant template taking several seconds to compile.

[kobebrookskC3]

all those advantages and disadvantages you list are basically insignificant compared to rust being memory safe by default and c/c++ not. governments aren't bugging projects about any of those, but are about memory safety.

[milesrout]

You might think so. I strongly disagree. I think Rust's supposed memory safety advantages are a distraction. If people really cared about that above all else they would use a memory-safe language, which Rust is not, such as Java or Python or Haskell or something. There are tons.

Governments aren't "bugging" anyone about memory safety and if they were, they wouldn't want you to use Rust. Rust isn't memory-safe.

[kobebrookskC3]

> If people really cared about that above all else they would use a memory-safe language, which Rust is not, such as Java or Python or Haskell or something.

people already use languages like java or python or js in most cases! it's only in rare cases it made sense to write stuff in c or c++. now with rust, that niche becomes even smaller.

> Governments aren't "bugging" anyone about memory safety

idk this report sounds like bugging from governments (plural) to me: https://www.cisa.gov/sites/default/files/2023-12/The-Case-fo...

no one who isn't being obtuse would say rust isn't memory safe. the linked report also deems rust a memory safe language.

[oneshtein]

Safe Rust is memory-safe enough for practical needs, while maintaining top performance.

[menaerus]

Is it still safe even if it depends on the dependencies which are not safe?

[whytevuhuni]

Note that memory-safe languages like Java and Python will also depend on libraries which are not safe, e.g. in their implementation of the interpreter/VM, standard library, native libraries like numpy, etc.

In practice unsafe Rust tends to be less than 1% of the code (or around 5% in low-level things like kernels), which is a similar ratio of trusted/untrusted code. The top-level application code is generally expected to have 0%.

[milesrout]

This statistic is based on the lines of code bounded by the "unsafe" keyword but that is not the full picture. Unsafe code relies for its safety on the logical correctness of safe code. In theory, as "proper practice", the trust boundary should be the crate. In other words, the safety of a particular "unsafe" block should be verifiable by checking the correctness of code within the same crate. In practice, this is not true: much unsafe code relies for safety on correctness properties in external code, especially from the standard library, like the fact that "Vec" stores elements contiguously in memory in order of index.

That isn't to say the concept is useless. But it is not the case that you just need to inspect code marked "unsafe". A change to code not marked "unsafe" can break the invariants and assumptions that unsafe blocks elsewhere rely on.

[kobebrookskC3]

seems pretty safe in practice https://security.googleblog.com/2024/09/eliminating-memory-s...

[menaerus]

I know it's an unpopular opinion but tbh those Google security blogs always read more as a marketing material than engineering effort. Why I think so it's because statistics always has two side of the coins - if you want to make something look better or worse than it really is, it's trivial to do so. There's simply not enough data or methodology or different angles taken for me personally to take these blogs as a very relevant source of information but YMMV. We are all different.

[oneshtein]

Any and all safe code depends on unsafe code to do something, including Java and Python. Yep, unsafe code may contains bugs, but their surface is much smaller, so, at same ratio of bugs to code, numbers of bugs is much smaller.

[menaerus]

If you're open to a bit different and perhaps thought provoking perspective let me say that for your hypothesis to be true we would need to assume that the distribution of memory-safety bugs is uniform across the codebase. From my experience this is not true, it usually follows uni-modal or at most bi-modal distribution, so it follows that the surface is not much smaller.