On 28/03/14 03:48, Daniel Micay wrote:
On 27/03/14 11:04 PM, Tommi Tissari wrote:
Case by case is all fine and good. But you're trying argue what a programmer
*should* do if he knew what was good for him.
Rust doesn't view the programmer as an infallible, trusted entity.
Actually, I believe it does, with this policy. The "infallible
programmer" it imagines, however, is not the developer; true. It is
worse: this policy currently assumes that the policy makers / compiler
creators themselves are infallible; that language users (even language
users of the future, who may have much more knowledge and experience
than anyone participating in this discussion today) are idiots who don't
know what they're doing, or at least, will never know more than the
language creators. This is NOT trusting the tireless work of a
compiler: it's being arrogant, and trusting yourself more than others,
whose abilities and circumstances you do not even know.
Worse: it is failing to learn from history. The very reason that C /
C++ succeeded is that they don't force things on developers: they
assist, give options. They choose defaults, yes, and make things
easier, yes; but they always provide the option to move out of the way,
when it turns out that those defaults are actually making things
harder. The very reason that many other languages fail is that they
failed to provide the ability to adapt to changing needs.
Forcing bounds checking on everyone is really not that different from
forcing garbage collection on everyone: it may seem like a good idea to
some --- even many --- but to others, it is overly limiting.
As another point of consideration, you should probably bear in mind that
Rust's boundary checking IS very limited, and people may actually want
to override it because they have something better. QA, as mentioned
before, can do it better (once, at the right time, on the right
variables, only for the right values of those variables, before each
release, and only for the code touched in that release), but so might a
separate static analysis tool, for another instance.
There seem to be a few people saying that providing an option to disable
boundary checks would constitute an ABI change. If so, that's fine:
maybe it makes it more trouble than it's worth to do. Maybe that's
scary. OR, maybe the fact that it requires an ABI change is an
indication of a deeper design flaw. Maybe that's even scarier. But,
one way or another, these knee-jerk reactions to a simple request to
disable a feature do smack of fear. I would suggest that people face
that fear, and acknowledge the real problem, rather than telling people
they shouldn't be asking for the freedom to build a program as they see fit.
--
Lee
_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev
