Rust's memory safety is as much a social convention as it is a language feature. The language has something better described as "mutation safety," and it's the job of library developers to use that to design UB-free APIs.
I think many people understand this subconsciously, and that this is what drives some of the more performative security culture in Rust spaces (superfluous safety comments, shunning of certain crate authors, `forbid(unsafe)`, push-back against syntax sugar, etc.).
EFLKumo 2 days ago [-]
though said for education purpose, keep finding these boundary-pushings playful. I can recall early days arrested by "several ways to access private members in C++" lol
himata4113 2 days ago [-]
I personally hate access controls in general since it always made be release a big sigh as a I was typing .getClass().getMethod()/getField() knowing that it hurts performance.
estebank 2 days ago [-]
That kind of code doesn't have to hurt performance, as long as monomorphization, inlining or JITting are available to the toolchain. If every single method access is a virtual-table call, then yes, there's an "unnecessary" cost. But you shouldn't be writing high-level looking code in such a language if you care about that level of performance.
himata4113 2 days ago [-]
it's more about the fact that the servers are java and invoking a reflection method does have a non-zero cost that isn't substantial but still makes you sigh as you either eat the performance cost or spend 10 minutes creating a patch and recompiling the server.
extraduder_ire 2 days ago [-]
Cool idea. I was expecting more than just turn_off_the_borrow_checker in you_can though.
Maybe with time, as more counterexamples are needed for things "you can't just..." in rust.
space_ghost 2 days ago [-]
This reminds me of Perl's ACME modules and I'm here for that.
tmtvl 2 days ago [-]
I would go for a Rust version of Acme::Bleach.
himata4113 2 days ago [-]
I usually just box it and then Box::into_raw when I need multiple mutable references in a singlethreaded application where there's no deallocation or cleanup has to occur post shutdown.
2 days ago [-]
codedokode 2 days ago [-]
Macros can secretly add "unsafe" blocks into the code?
kibwen 2 days ago [-]
If you're paranoid, you can use the `forbid(unsafe_code)` attribute, which will produce a compiler error when any code in its scope attempts to use `unsafe`, which includes macro expansions.
EFLKumo 2 days ago [-]
Yes. It assumes author of the macro guarantees the safety. Common cases are not adding unsafe{} and leaving this to user, relying on audit tools or [highlighters](https://lukaswirth.dev/posts/semantic-unsafe/), etc. However, it's indeed allowed to silently add unsafe blocks in macros. I'm not working on rust frequently btw, mistakes may exist.
mplanchard 2 days ago [-]
Macros are just text in, text out, so yep
estebank 2 days ago [-]
Rust macros are Token Trees and provide namespace hygiene, so not quite "text in, text out".
0x1ceb00da 2 days ago [-]
Token list, not token trees. There are official libraries for parsing token stream as rust code but you can parse it as anything (eg json, html) if you want to.
estebank 2 days ago [-]
I think you meant TokenStream. They are trees, behind the scenes, because matching delimiters happens early on between lexing and parsing. By the time the rustc_proc_macro::TokenStream is exposed, the rustc_ast::tokenstream::TokenTree is hidden to the proc macro API.
You know, I was going to say tokens rather than text, but the AI discourse has me so burnt out on the term that I edited it. Regardless, one can emit unsafe blocks from a macro, provided they are valid tokens.
Pesthuf 2 days ago [-]
I wonder if this has any measurable impact on compile times.
[0] https://github.com/tsoding/crust
https://github.com/bext-lang/b/blob/main/src/bgen.rs
I think many people understand this subconsciously, and that this is what drives some of the more performative security culture in Rust spaces (superfluous safety comments, shunning of certain crate authors, `forbid(unsafe)`, push-back against syntax sugar, etc.).
Maybe with time, as more counterexamples are needed for things "you can't just..." in rust.
https://doc.rust-lang.org/stable/nightly-rustc/rustc_ast/tok...
https://doc.rust-lang.org/stable/nightly-rustc/rustc_proc_ma...