Iterator invalidation is a sweet example, which strikes at the heart of C++
developer (those who never ran into it, please raise your hands).
However it is just an example, anytime you have aliasing + mutability, you
may have either memory issues or logical bugs.
Another example of memory issue:
foo(left: &Option<Box<str>>, right: &mut Option<Box<str>>) {
let ptr: &str = *left.unwrap();
right = None;
match ptr.len() { // Watch out! if left and right alias, then ptr
is no a dangling reference!
// ...
}
}
The issue can actually occur in other ways: replace Box<str> by enum Point
{ Integral(int, int), Floating(f64, f64) } and you could manage to write
integral into floats or vice-versa, which is memory-corruption, not
segmentation fault.
The Rust type system allows, at the moment, to ensure that you never have
both aliasing and mutability. Mostly at compile-time, and at run-time
through a couple unsafe hatches (Cell, RefCell, Mutex, ...).
I admit it is jarring, and constraining. However the guarantee you get in
exchange (memory-safe & thread-safe) is extremely important.
> I'm writing this from a phone and I haven't thought of this issue very
thoroughly.
Well, think a bit more. If you manage to produce a more refined
type-system, I'd love to hear about it. In the mean time though, I advise
caution in criticizing the existing: it has the incredible advantage of
working.
On Sat, May 31, 2014 at 7:54 PM, Alex Crichton <[email protected]>
wrote:
> > Sorry for the brevity, I'm writing this from a phone and I haven't
> thought of this issue very thoroughly.
>
> You appear to dislike one of the most fundamental features of Rust, so
> I would encourage you to think through ideas such as this before
> hastily posting to the mailing list.
>
> The current iteration of Rust has had a great deal of thought and
> design poured into it, as well as having at least thousands of man
> hours of effort being put behind it. Casually stating, with little
> prior thought, that large chunks of this effort are flatly wrong is
> disrespectful to those who have put so much time and effort into the
> project.
>
> We always welcome and encourage thoughtful reconsiderations of the
> design decisions of Rust, but these must be performed in a
> constructive and well-thought-out manner. There have been many times
> in the past where the design decisions of Rust have been reversed or
> redone, but these were always accompanied with a large amount of
> research to fuel the changes.
>
> If you have concrete suggestions, we have an RFC process in place for
> proposing new changes to the language while gathering feedback at the
> same time.
> _______________________________________________
> Rust-dev mailing list
> [email protected]
> https://mail.mozilla.org/listinfo/rust-dev
>
_______________________________________________
Rust-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/rust-dev
