That is a genuinely great idea.
maybe one day domains, limits and code/proofs will be a single entity in source
With rust this is built into the default tools installed by rustup.
Write doctests in your docstrings, run python -m doctest
Not if you're behind my corporate proxy, unfortunately. I set the HTTPS_PROXY environment variable properly (which is annoying -- other apps are able to deal with the proxy transparently) so that I stop getting 407 errors, and then I get:
info: caused by:  SSL connect error (schannel: next InitializeSecurityContext failed: Unknown error
(0x80092012) - The revocation function was unable to check revocation for the certificate.)
EDIT: I was actually able to workaround this, finally, based on this github desktop issue. It involves registry hackery and disabling cert validation in SCHANNEL which is not ideal (and I will be reverting it once rust is installed). I certainly don't have the mentioned Russian crypto library installed on my machine, so I have no idea what could be ultimately causing cert revocation check to fail on my machine...
I'm not suggesting this is a good idea, but I'm tired of the linked list argument which kind of implies Rust is much harder than C for an equivalent linked list implementation. If you explicitly choose to lose the extra guarantees, Rust is about as easy as C to write a linked list in.
Working through the Entirely Too Many Linked Lists book in general is super helpful, since it deliberately runs into the cases that are hard.
Implementing a hash table in Rust would probably be fine as a toe dip too. It's that multiple-references-to-each-object part that really burns you in the doubly-linked list case.
These are probably the two best sites for small, exercise training programs in Rust. Once you've gotten through a few of them, you'd probably be ready to build something useful, which might be more interesting.
Ok, so author needed to know C extremely well (i.e. "language lawyer"), comfortable with separation logic, able to turn informal requirements into specifications, use of ghost code, and have a SMT solver. The solvers often fail on some stuff that requires formal proof by rare experts. However, that expert was able to automatically verify a singly-linked list with just 113 ghost statements for the 90 statements in C. That's more specs than code! Industrial case studies in other article give more examples. More importantly, when making the C code as verifiably safe as Rust, the effort required had developers cranking it out at rate of two lines of code per hour.
Both manual and automated proof with separation logic has a lot more automation since then. Yet, I think programmers will more easily learn to intuitively and heuristically structure their programs to pass Rust's automated, formal checker than learning expert-level C, separation logic, and/or formal proof. And Rust can still do reference counting or unsafe operation in event it can't check something.
This write-up you all keep linking doesn't prove what you think it proves. Unless you're just saying verified handling of mutable state with cycles is extremely difficult in any language with Rust just one example. That would be true. The article also proves Rust ecosystem comes with nice guides on doing that stuff with minimal effort vs what it takes to learn same stuff for C code.
Yeah but aren't these formal proof methods a lot more general, and thus more widely applicable? In other words, does Rust provide the right balance between security and complexity?
Also note that the problems the borrow checker handles are really hard to do safely in general without overhead. They're hard to test for and debug, too. So, the use of a limited logic with automation just for that makes sense. It's why the other tools for C code were developed, too. Before that, people were using things like SPIN model checker for such things. Again, that looks like overkill to get just a few safety properties vs Rust's built-in method that's simpler.
When I try to learn a new language, I typically want to: (a) read a lot of code people have written in that language and (b) implement algorithms that I understand well, while keeping in an idiomatic style.
When I tried to do this with Rust, I was shocked by how difficult it was to implement certain algorithms (specifically, operations on Linked Lists and Graphs). Maybe I'd do better if I chose a small project to work on, but it disturbs me to know that such elementary problems are so difficult to solve.
- It is certainly difficult
- Strategies and approaches from low-level languages which are at least cosmetically similar will probably be unavailing
- In some (many?) cases, crates (Rental, Petgraph, Spade) exist that already implement them. Their design can be studied
- There's an entire book (http://cglab.ca/~abeinges/blah/too-many-lists/book/) devoted to writing linked lists in Rust. It's highly informative
Without wishing to explicitly criticise your approach to learning Rust, I'll note that for the vast majority of programmers, it's likely to be frustrating for quite a while.
The FFI story seems to be overshadowed, but if you want to use things like Vulkan, DX12, etc... then C FFI performance becomes absolutely critical, and many languages are really bad at it.
You pretty much get interop with every major language for free. I've embedded Rust in Python, Java, C# and WASM/ASMJS pretty much with just that one feature alone.
Also makes the migration story really strong, which I think was largely driven by needing to be integrated into FireFox in a sane way.
Over OCaml/Standard ML: more control over performance. It's also imperative first rather than functional first, which isn't neccessarily an advantage, but it is to people coming from a imperative programmig background.
Over D: much more momentum behind the ecosystem.
If you like OCaml/Haskell/etc but find yourself wishing you could make mutability and ownership more safe, or write very fast code more easily, and are willing to give up higher-order type system features for it, consider Rust.
Go is a very different language than Rust even though both superficially resemble C. If you're using Go because you want something C-like but better, consider Rust.
Go is more like (a better) PHP or Java on a webserver.
With its type system and support for generics (in C++: templates), Rust has much more in common with C++ than it does with C.
Wow, I strongly feel the opposite about C. It is hardly simple or clear - understanding what your code will do after the compiler's done with it seems almost impossible, reasoning about runtime behavior similarly so. The complexity involved in managing memory, etc, is so significant.
But it is extremely powerful.
I see go as being extremely simple, but also very weak in terms for expressiveness, relying on the runtime for memory and concurrency management.
I agree that Rust has more in common with C++.
I describe C as "simple" in the sense that it's A) not a large language, by specification and B) somewhat by virtue of the former, there's generally a small range of possible implementations of any given problem (which helps C programs have "clarity"). Go is very C-like in that it also has both of these attributes, quite deliberately. C could be considered complex, however, by virtue of the amount of behavior that is unspecified/at the compiler's discretion. In that sense its safety often is difficult to reason about, but C programs themselves are generally easy to reason about. Go luckily doesn't have many opportunities for programs to be "complex" in that way.
C is "powerful" in the sense that it offers programmers deep control over memory. Given that, (effectively) anything that can be implemented in any other language can be implemented in C, with varying levels of difficulty. It isn't "powerful" from the language perspective itself — in terms of expressiveness or the features that it affords programmers — in the same way that C++ or Rust are "powerful".
A lot of the adjectives we use to describe languages aren't particularly well-defined, so some disagreement about them is almost a given. But hopefully that clarifies.
Think about all the low level resource management: network ports, files, heap memory... That's what rust does better.
Check ATS for a ML-inspired language with some resource semantics closer to rust and stronger control and correctness primitives. http://www.ats-lang.org