Proposal: a moratorium on adding unsafe features to the safe subset of Rust

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Proposal: a moratorium on adding unsafe features to the safe subset of Rust

Tony Arcieri
I really love the semantics of the safe subset of Rust.

Recently there has been a call to introduce an optional feature flag which
removes bounds checks to the *safe* subset of Rust (i.e. outside of unsafe
blocks)

I think this sort of suggestion imperils Rust's goals as a language.

Adding off switches for Rust's safety features complicates the language's
implementation and increases the likelihood a language implementer will
make a mistake and turn a safety switch off when it should be on.

I would like to make a general proposal that the unsafe subset of Rust be
improved to the point where it can answer these sort of concerns, and that
those who make requests to flip off Rust's various safety features in the
safe subset of the language be gently guided towards the unsafe set of the
language while keeping the safe semantics exactly how they are.

--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140328/ac80692c/attachment.html>

Reply | Threaded
Open this post in threaded view
|

Proposal: a moratorium on adding unsafe features to the safe subset of Rust

Brian Anderson
I appreciate your concern, but I don't think a moratoreum is necessary;
memory safety is parament to Rust, so the idea of adding 'unsafe
features to the safe subset of Rust' is an oxymoron.

On 03/28/2014 08:12 PM, Tony Arcieri wrote:

> I really love the semantics of the safe subset of Rust.
>
> Recently there has been a call to introduce an optional feature flag
> which removes bounds checks to the *safe* subset of Rust (i.e. outside
> of unsafe blocks)
>
> I think this sort of suggestion imperils Rust's goals as a language.
>
> Adding off switches for Rust's safety features complicates the
> language's implementation and increases the likelihood a language
> implementer will make a mistake and turn a safety switch off when it
> should be on.
>
> I would like to make a general proposal that the unsafe subset of Rust
> be improved to the point where it can answer these sort of concerns, and
> that those who make requests to flip off Rust's various safety features
> in the safe subset of the language be gently guided towards the unsafe
> set of the language while keeping the safe semantics exactly how they are.
>
> --
> Tony Arcieri
>
>
> _______________________________________________
> Rust-dev mailing list
> Rust-dev at mozilla.org
> https://mail.mozilla.org/listinfo/rust-dev
>


Reply | Threaded
Open this post in threaded view
|

Proposal: a moratorium on adding unsafe features to the safe subset of Rust

Tony Arcieri
Exactly what I wanted to hear ;)


On Fri, Mar 28, 2014 at 8:26 PM, Brian Anderson <banderson at mozilla.com>wrote:

> I appreciate your concern, but I don't think a moratoreum is necessary;
> memory safety is parament to Rust, so the idea of adding 'unsafe features
> to the safe subset of Rust' is an oxymoron.
>
>
> On 03/28/2014 08:12 PM, Tony Arcieri wrote:
>
>> I really love the semantics of the safe subset of Rust.
>>
>> Recently there has been a call to introduce an optional feature flag
>> which removes bounds checks to the *safe* subset of Rust (i.e. outside
>> of unsafe blocks)
>>
>> I think this sort of suggestion imperils Rust's goals as a language.
>>
>> Adding off switches for Rust's safety features complicates the
>> language's implementation and increases the likelihood a language
>> implementer will make a mistake and turn a safety switch off when it
>> should be on.
>>
>> I would like to make a general proposal that the unsafe subset of Rust
>> be improved to the point where it can answer these sort of concerns, and
>> that those who make requests to flip off Rust's various safety features
>> in the safe subset of the language be gently guided towards the unsafe
>> set of the language while keeping the safe semantics exactly how they are.
>>
>> --
>> Tony Arcieri
>>
>>
>> _______________________________________________
>> Rust-dev mailing list
>> Rust-dev at mozilla.org
>> https://mail.mozilla.org/listinfo/rust-dev
>>
>>
>


--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140328/940f8ee2/attachment-0001.html>

Reply | Threaded
Open this post in threaded view
|

Proposal: a moratorium on adding unsafe features to the safe subset of Rust

Patrick Walton
In reply to this post by Tony Arcieri
I'm uninterested in features that make Rust memory unsafe outside of the "unsafe" sublanguage, and so (as I said in the thread) I am strongly opposed to the noboundscheck flag or any other similar features.

Patrick

On March 28, 2014 8:12:36 PM PDT, Tony Arcieri <bascule at gmail.com> wrote:

>I really love the semantics of the safe subset of Rust.
>
>Recently there has been a call to introduce an optional feature flag
>which
>removes bounds checks to the *safe* subset of Rust (i.e. outside of
>unsafe
>blocks)
>
>I think this sort of suggestion imperils Rust's goals as a language.
>
>Adding off switches for Rust's safety features complicates the
>language's
>implementation and increases the likelihood a language implementer will
>make a mistake and turn a safety switch off when it should be on.
>
>I would like to make a general proposal that the unsafe subset of Rust
>be
>improved to the point where it can answer these sort of concerns, and
>that
>those who make requests to flip off Rust's various safety features in
>the
>safe subset of the language be gently guided towards the unsafe set of
>the
>language while keeping the safe semantics exactly how they are.
>
>--
>Tony Arcieri
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Rust-dev mailing list
>Rust-dev at mozilla.org
>https://mail.mozilla.org/listinfo/rust-dev

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140328/35f91ea4/attachment.html>

Reply | Threaded
Open this post in threaded view
|

Proposal: a moratorium on adding unsafe features to the safe subset of Rust

Brendan Zabarauskas
In reply to this post by Tony Arcieri

On 29 Mar 2014, at 2:12 pm, Tony Arcieri <bascule at gmail.com> wrote:

> Recently there has been a call to introduce an optional feature flag which removes bounds checks to the *safe* subset of Rust (i.e. outside of unsafe blocks)
>
> I think this sort of suggestion imperils Rust's goals as a language.

I agree that our philosophy should be formalised in a design document, but I hardly think that the language is in peril. Whilst those making the mentioned proposal have been extremely vocal in the past few days, rest assured that they are a tiny minority, and in no way represent the views of those actually working on the language.

~Brendan