1. 30
  1. 7

    Copy-pasted verbatim from the other news aggregator:

    The borrow checker is the reason to use Rust, in spite of its annoyances (clunky syntax, limited type inference, non-interactive programming, long compilation times, etc.), so it’s always nice to see someone trying to provide the upsides of Rust without the downsides.

    That being said, your website is disappointingly terse regarding how Carp recovers the advantages of Rust in the context of a Lisp derivative. What makes this particularly suspicious is the fact that, in the past, Lisp programmers have claimed to recover the advantages of other statically typed languages in a Lisp setting, but there have always been huge caveats, like “the system can be very easily circumvented, reducing the benefits of static typing to nothing”.

    The main reason why I feel confident that Rust is a safe language isn’t just the fact that rustc seems to catch many bugs in practice. That alone wouldn’t distinguish it from the countless static analysis tools for C and C++ that have existed for decades. The main reason why, at least in my opinion, Rust is such a trustworthy language in spite of its ginormous complexity, is the fact that its core developers, in particular Niko Matsakis, do a terrific job of communicating the process by which Rust’s features are conceived and designed. When you read Matsakis’ blog, it becomes patently clear that Rust’s developers take into account the kind of corner cases. that in many other languages are only discovered months or years after the feature has been implemented.

    Other languages that inspire similar confidence in me are:

    • Standard ML. It has a formal proof of type safety.
    • Pony. It has a formal proof of type safety.
    • Haskell, as specified in the Haskell Report (i.e., without the crazy GHC-specific language extensions), because its type system is similar to Standard ML’s, and there are no reasons to believe the differences introduce any type safety holes.
    • OCaml, again without the crazy extensions (GADTs, first-class modules, etc.), for more or less the same reasons as Haskell.
    1. 1

      Although I see catnaroek’s point, I think this is similar to situation with us trusted software that has been tested vs reviewed vs thoroughly analyzed vs formally verified on top of it. The safety mechanism being analyzed thoroughly to catch as many corner cases as possible is great. That should do better than one where the author just thought a bit, tested it out, and fixed problems as he or she went. Yet, the latter scheme might still be useful for safety on at least the kinds of things the author was testing it on.

      There’s probably a spectrum of confidence with type or safety systems in languages much like there is for programs themselves. Carp has a chance of being useful at its goal.

      1. 2

        Unsoundness in the borrow checker is a pretty big deal when borrow checking is used as a justification for getting rid of automatic garbage collection.

    2. 2

      Carp compiles to C. This is an unusual design choice and seems almost anachronistic in a world where building a compiler more often than not means working with LLVM. It also likely doesn’t matter much, because chances are your machine has a C compiler.

      Actually in some context this would be a great advantage.
      For example, compiling to C means better portability if compared with something that depends on LLVM.

      Unfortunately, the current version of Carp is written in Haskell, and GHC (which unfortunately has become THE Haskell compiler) requires a huge effort to be ported on new OS.

      1. 1

        Would it be possible to get furtther performance benefits by compiling to rust, a language that probably is more apt at managing borrow checker enforced code, or by directly using llvm instead of c?

        My gut feeling is that you lose many of the inherit benefits to a lisp when you compile it to c and then to another language vs straightup interpreting it or compiling it directly to machine code, but I’m probably horribly wrong about that as I think I’ve seen many scheme to c compilers.