The Rust Programming Language
in the words of its practitioners.
Rust is a systems programming language that is perhaps most notable for being memory safe without garbage collection. It was designed to solve problems observed maintaining the millions of lines of C++ in the Firefox web browser. It is fast, reliable, and runs on most anything, and its enthusiasts are exceptionally enthusiastic about its potential.
On December 29, 2016, Steve Klabnik, author of The Rust Book and member of the Rust core team, blogged, "Rust is more than safety", saying that memory safety alone is not convincing for some prospective Rust users. This catalyzed a blogsplosion the likes of which Rustaceans had never seen (and Rustaceans love blogging), where Rust's creators and users offered their opinions about what makes Rust so exciting.
This is a summary of that.
In this initial post, Steve claims that "Rust is most well-known for its features around writing low-level code in a safer way than its predecessors. But it’s also a lot more than that." He suggests that Rust brings established modern programming language theory to the domain of systems programming, emphasizing a slogan from Rust's creator, Graydon Hoare:
Technology from the past
come to save the future from itself
The rediscovery and application of old, reliable, and sometimes forgotten technology is one of the themes the name "Rust" evokes. Rust applies some established techniques from academia to industry. Steve doesn't elaborate, but two obvious examples are that Rust includes algebraic data types, common in the ML family of languages, and in Rust known as "enums"; and traits, which enable polymorphism similar to Haskell's type classes, but fairly unlike C++ classes and templates.
How Rust innovates the greatest is by statically tracking ownership and lifetimes of all variables and their references. The ownership system enables Rust to automatically deallocate and run destructors on all values immediately when they go out of scope, and prevents values from being accessed after they are destroyed. It is what makes Rust memory safe and thread safe, and why it doesn't need a GC to accomplish that.
And that's cool. But, as Steve goes on to say, "your marketing should be focused on what problems your product solves for the consumer". Being memory safe (i.e. "not crashing") is nice, but many programmers of languages with garbage collectors enjoy that comfort today, and some C and C++ programmers are dismissive of the value of memory safety, possibly believing they have a handle on the matters of memory management and concurrency.
So in response to Steve's post there were a number of opinions expressed about Rust, and about the importance of "safety". In this response, Graydon Hoare, Rust's erstwhile creator, reminds us that "safety in the systems space is Rust's raison d'être. Especially safe concurrency."
Graydon has strong words for C++ programmers who deny the importance of memory safety:
When someone says they "don't have safety problems" in C++, I am astonished: a statement that must be made in ignorance, if not outright negligence. The fact of the matter is that the further down the software stack one goes, the worse the safety situation gets. Our engineering discipline has this dirty secret, but it is not so secret anymore: every day the world stumbles forward on creaky, malfunctioning, vulnerable, error-prone systems software and every day the toll in human misery increases. Billions of dollars, countless lives lost. Can one really say "I don't have safety problems" in systems programming?"
He asserts that "Rust's success in raising the bar for safe, concurrent systems programming — in ways that the niche finds usable, performant and compatible — cannot (imo) be overstated. That is its purpose, and that has been its great success."
The fireflower in the title is a metaphor drawn from Super Mario Bros. In the game, when Mario eats a Fire Flower, he becomes Fire Mario, a fireball-throwing badass. In the metaphor, which Dave attributes to Samuel Hulick, one wants your users (Mario) to feel like Fire Mario when they use your product (Fire Flowers).
And Dave's point is that safety is the Fire Flower that enables Rust developers to be Fire Mario.
He then goes on to talk about the superpowers the Rust Fire Flower gives to Rust Fire Marios:
So what's badass about programming in Rust? I think it's being a systems programmer. There's nothing a systems programmer can't do: write an OS from scratch; drive micro-controllers; outcompete the fastest software in a crowded category; it's all within reach.
But for most programmers, the prospect of writing C or C++ code — and certainly the thought of actually shipping it — is so terrifying we don't usually even waste much time considering it.
This is why I believe hack without fear resonates: safety clears one of the biggest obstacles preventing people from seeing themselves as systems programmers.
Steve is into the "fearless" theme and suggests that being fearless makes you Fire Mario, whereas safety remains just the Fire Flower: "I’m not saying that we get rid of fire flowers. I’m saying that we focus on 'Rust makes you Fire Mario', not 'Rust is made of fire flowers', when talking to people about Rust." (But "Rust is made of fire flowers" sounds amazing, right? I don't think that can be disputed.)
He drives the point home:
I think one of Rust’s greatest potentials ... is bringing a ton of new people into systems programming. But my point is this: “memory safety without garbage collection” doesn’t speak to that at all. That is, memory safety without garbage collection is the mechanism of how that’s accomplished, but it’s not the accomplishment itself. It’s the Fire Flower, not Fire Mario.
I’d like to make sure we’re talking about being Fire Mario, rather than being Fire Flower enthusiasts.
Well, that wasn't the end of it, just the end of what I've summarized. Here are some others' thoughts on the subject:
As to what we should learn from this,