There's also no reason to have a separate borrow checker if it could just be integrated in the compiler.
When a compiler has a borrow checker that means the language was already designed to enable borrow checking in the first place. And if a language can let you do borrow checking why would you use a separate tool?
because it gets it out of the fast path compile cycle. do you need a borrow checker for `ls`? Probably not. don't use it. do you need it every time you work through intermediate ideas in a refactor? probably not. just turn it on in CI.
> do you need a borrow checker for `ls`? Probably not.
Does ls use references and objects with lifetimes? I bet it does. And if so, the answer is yes. You do need the borrow checker in rust to make sure it uses memory and lifetimes correctly.
If your program somehow doesn’t use references or owned objects, then the borrow checker doesn’t have any work to do. So there’s no harm done in leaving it on.
The borrow checker is not the slow part of the Rust compiler and lets me avoid bugs, why would I not always want to use it?
And if you put the borrow checker in the CI you massively increased the latency between writing the code and getting all relevant feedback from the compiler/tooling. This would do the opposite of what you intended.
You don't have to query all checks at all times. You only have to borrow check when you pr to main. What is the sum latency of the coder dealing with conceptual problem of satisfying the borrow checker at every stage during an arduous refactor where they don't fully have the destination model in mind (and might want to try things out only to discard them). Versus, just ignoring it, seeing how the chips fall, and fixing ownership errors in one or two passes at the end once you've settled om the code structure? Of course you don't have to take the full round trip-to-someone-else's-computer latency either. If you can run it in CI, I presume you could run it locally too, and borrow checking is not particularly slow for the computer.
You're also not (because one can't) quantifying the problem of a developer getting exasperated and saying, fuck it, it passes the borrow checker, good enough, instead of actually taking the time to make their code legible first and then making sure it is memory safe. This absolutely happens.
I don't. I think compile time static analysis is great. Upthread you said this:
> there's no reason why the borrow checker must be in the compiler proper.
On a technical front, I completely agree. But there's an ecosystem benefit to having the borrow checker as part of the compiler. If the borrow checker wasn't in the compiler proper, lots of people would "accidentally forget" to run it. As a result, lots of libraries would end up on crates.io which fail the borrow checker's checks. And that would be a knock on disaster for the ecosystem.
But yes, there's nothing stopping you writing a rust compiler without a borrow checker. It wouldn't change the resulting binaries at all.
> lots of people would "accidentally forget" to run it
yeah, like how the sel4 guys accidentally forget to run their static analysis all the time.
You put a badge on CI. If you "forget to run" the static analysis, then people get on you for not running it. Or people get on you if you don't have the badge. Just like how people get on people for not writing programs in rust.
Q: If we can get men on the moon, why is my lawnmower such a piece of junk?
A: The engineers who got us in to space didn’t design your lawnmower.
The SeL4 team won’t forget to run their static analysis checks. But most people aren’t at their level. Most people just want to get on with it. The borrow checker is a pain in the neck to learn - and if it were optional, you better believe lots of people would avoid it forever. I may well have been in that camp too - I found it really hard to get my head around it!
If you want a modern C-like language without rust’s borrow checker, Zig or Odin is probably a better bet. They’re both fine languages.
> Just like how people get on people for not writing programs in rust.
"But seatbelts would also work if everybody was just choosing to use them rather than us mandating their fitment and use, so I don't understand why facts are true"
Amusingly this is even true for the linter, nobody ran the C linter, more or less everybody runs the Rust linter, the resulting improvement in code quality is everything you'd hope. All humans love to believe they're above average, most are not and average is by definition a mediocre aspiration. Do better.
what the hell are you talking about. if you are writing security conscious software you should turn on a static checker and proudly show a badge that says "this code is memory safe". if youre writing a custom data pipeline to be used in a niche scientific field where the consumers are you and anyone that wants to repro your pipeline, and everything is in arenas, who the fuck cares. don't bother with static analysis.
If everything is in arenas, lifetimes get much easier.
But, the borrow checker doesn't just check lifetimes. It also checks ownership, and that variables either have a single mutable reference or immutable references. The optimizer assumes those invariants are maintained in the code. Many of its optimizations wouldn't be sound otherwise.
So, if you could compile code which fails the borrow checker, there's all sorts of weird and wonderful sources of UB eagerly waiting to give you a really bad day - from aliasing issues to thread safety problems to use-after-free bugs. The borrow checker has been around forever in rust. So I don't think anyone has any idea what the implications would be of compiling "bad" code.
Point being, there are many many individual programs where none of those things you talk about exist. So why not have a programming system where you can actually turn those things off for development velocity.
I'm rejecting the idea that "opt-in" is bad. Opt-out is of course better, but "no choice" is not good.
> there are many many individual programs where none of those things you talk about exist
Which things? Programs without mutable references and aliasing concerns? Can you give an example?
Having worked in rust for a few years now, I’m not convinced you’d gain much velocity by disabling the borrow checker. Some code would be a little simpler without lifetime annotations, but you’d also end up spending a lot more time debugging your code. The borrow checker and rust type system are insanely good at finding bugs at compile time. It just takes awhile of working in rust before you stop stubbing your toe on the borrow checker’s (sometimes silly) rules.
If you want easy to write rust, you can always just lean heavily on Box and Rc, and .clone() everywhere. The trade off is your code won’t be as performant - but that doesn’t matter much if you’re prototyping.
If you care that much, rust is opensource. Fork it and turn the borrow checker off when compiling. It’s probably not even that hard to do. I’d love to hear about the experience - and what it’s like using rust without the borrow checker.
When a compiler has a borrow checker that means the language was already designed to enable borrow checking in the first place. And if a language can let you do borrow checking why would you use a separate tool?