[LtdJorge]

Yes, that's a very common misconception.

Of course, if your program compiles, that doesn't mean the logic is correct. However, if your program compiles _and_ the logic is correct, there's a high likelihood that your program won't crash (provided you handle errors and such, you cannot trust data coming from outside, allocations to always work, etc). In Rust's case, this means that the compiler is much more restrictive, exhaustive and pedantic than others like C's and C++'s.

In those languages, correct logic and getting the program to compile doesn't guarantee you are free from data races or segmentation faults.

Also, Rust's type system being so strong, it allows you to encode so many invariants that it makes implementing the correct logic easier (although not simpler).

[irishcoffee]

> However, if your program compiles _and_ the logic is correct, there's a high likelihood that your program won't crash (provided you handle errors and such, you cannot trust data coming from outside, allocations to always work, etc).

That is one hell of a copium disclaimer. "If you hold it right..."

[kibwen]

Rust certainly doesn't make it impossible to write bad code. What it does do is nudge you towards writing good code to a noticeably appreciable degree, which is laudable compared to the state of the industry at large.

[irishcoffee]

Rust is just a tool. It’s as fallible as any other tool. I wish we took it off the pedestal and treated it as such.

[steveklabnik]

Are all tools equal in all dimensions or can they be compared for fitness of purpose?

[estebank]

A hand saw, a table saw and a SawStop are all tools, but they have different characteristics even though they all are meant to cut the same wood.

[irishcoffee]

Ada, C, and lisp are all tools, but they have different characteristics even though they are all meant to cut through the same problems.

[yuriks]

...yes?

[wakawaka28]

>In those languages, correct logic and getting the program to compile doesn't guarantee you are free from data races or segmentation faults.

I don't believe that it's guaranteed in Rust either, despite much marketing to the contrary. It just doesn't sound appealing to say "somewhat reduces many common problems" lol

>Also, Rust's type system being so strong, it allows you to encode so many invariants that it makes implementing the correct logic easier (although not simpler).

C++ has a strong type system too, probably fancier than Rust's or at least similar. Most people do not want to write complex type system constraints. I'm guessing that at most 25% of C++ codebases at most use complex templates with recursive templates, traits, concepts, `requires`, etc.

[simonask]

Comparing type systems is difficult, but the general experience is that it is significantly easier to encode logic invariants in Rust than in C++.

Some of the things you can do, often with a wild amount of boilerplate (tagged unions, niches, etc.), and some of the things are fundamentally impossible (movable non-null owning references).

C++ templates are more powerful than Rust generics, but the available tools in Rust are more sophisticated.

[sunshowers]

Note that while C++ templates are more powerful than Rust generics at being able to express different patterns of code, Rust generics are better at producing useful error messages. To me, personally, good error messages are the most fundamental part of a compiler frontend.

[wakawaka28]

Concepts make it possible to generate very clear (even user-friendly) template errors.

[sunshowers]

True but you lose out on much of the functionality of templates, right? Also you only get errors when instantiating concretely, rather than getting errors within the template definition.

[wakawaka28]

No, concepts interoperate with templates. I guess if you consider duck typing to be a feature, then using concepts can put constraints on that, but that is literally the purpose of them and nobody makes you use them.

If you aren't instantiating a template, then it isn't used, so who cares if it has theoretical errors to be figured out later? This behavior is in fact used to decide between alternative template specializations for the same template. Concepts do it better in some ways.

[aw1621107]

> but you lose out on much of the functionality of templates, right?

I don't think so? From my understanding what you can do with concepts isn't much different from what you can do with SFINAE. It (primarily?) just allows for friendlier diagnostics further up in the call chain.

[wakawaka28]

I don't agree that Rust tools are more sophisticated and they definitely are not more abundant. You just have a language that is more anal up front. C++ has many different compilers, analyzers, debuggers, linting tools, leak detectors, profilers, etc. It turns out that 40 years of use leads to significant development that is hard to rebuild from scratch.

I seem to have struck a nerve with my post, which got 4 downvotes so far. Just for saying Rust is not actually better than C++ in this one regard lol.

[simonask]

I think it’s because you misread my comment by skimming over the important parts.

This isn’t about tooling, it’s about language features and type systems.