Rust/coreutils is now available in Debian, good enough to boot a Debian with GNOME, install the top 1000 packages, build Firefox, the Linux Kernel and LLVM/Clang. Even if I wrote more than 100 patches to achieve that, it will probably be a bumpy ride for many other use cases.
Fascinating initiative, and a hell of a lot of work. Rust seems to be gaining ground left, right, and centre.
I should be researching this, but whatever, I am lazy and I will ask instead: Does this mean any arrays in those coreutils are bounds-checked?
They’d be bounds-checked by default.
Any language capable of replacing C or C++ has to give a crappy programmer the ability to make a stupid decision and opt out of bounds checking without first doing the benchmarking to prove it’s worth the risk.
ssokolow,
Yes, although what rust does is pretty performant anyways because one of the goals of rust is to validate the code access patterns at compile time so as to not incur runtime overhead. This is much safer than C without having to sacrifice runtime performance like a managed language such as .net.
I scanned the source of this project and it contains 40 unsafe code section. For those unfamiliar with rust, the programmer must explicitly declare unsafe sections to generate any code that the rust compiler is unable to validate itself (the most common reason to do this is calling an external C function). This is extremely handy in rust projects because it significantly narrows downs the amount of code one has to check to find possible bound violations / segment faults.
Rust doesn’t do bound-checking the way Java does (or C++ vectors). It’s type system prevents the programmer from doing out-of-bounds accesses: either you’re using an iterator to access a container which is always safe (and prevents mutation to the container, a common error that can occur in C++ and Java) or you’re accessing random elements of the container in which case you have to explicitly handle the out-of-bounds case because what you get is a type (Option or Result) that either contains an object or contains none. The latter is a type rather than a value which means that you can’t possibly propagate it causing further errors down the line.