Stream: t-lang

Topic: values of Rust


nikomatsakis (Apr 15 2020 at 21:06, on Zulip):

Hey @T-lang, so I've been thinking about this idea of stating the "values of Rust" or "design principles of Rust" more explicitly, so that we can use them to help us think about design questions.

I thought a good place to start would be brainstorming.

To that end, I've created a Dropbox Paper and I'm going to start dropping some notes in there from time to time. I don't know if this will turn out to be productive or not, but I thought it might be interesting at least. =)

simulacrum (Apr 15 2020 at 21:14, on Zulip):

@nikomatsakis do you want to keep that lang-only? :)

Josh Triplett (Apr 15 2020 at 21:22, on Zulip):

@nikomatsakis

it should not be possible to have undefined behavior without the unsafe keyword.

Is it "undefined behavior" you want to flag here? That statement is true, but it seems somewhat separate from the primary things unsafe exists to address.

Josh Triplett (Apr 15 2020 at 21:23, on Zulip):

I feel like that's related to what unsafe means, but not directly what unsafe means.

Josh Triplett (Apr 15 2020 at 21:34, on Zulip):

I added a subsection under "Portability" regarding the ability to use non-portable features of a platform (but the desire that doing so requires intent rather than accident).

Lokathor (Apr 16 2020 at 07:17, on Zulip):

Safe in rust usually just means memory safe but that's only of value _because of_ the UB when you break memory safety

Lokathor (Apr 16 2020 at 07:18, on Zulip):

UB is the real foe

nikomatsakis (Apr 16 2020 at 15:02, on Zulip):

simulacrum said:

nikomatsakis do you want to keep that lang-only? :)

not necessarily

nikomatsakis (Apr 16 2020 at 15:03, on Zulip):

I was expecting folks to add things

nikomatsakis (Apr 16 2020 at 15:03, on Zulip):

I just didn't want it to like show up on reddit or something

mark-i-m (Apr 16 2020 at 15:36, on Zulip):

I would add two other major things:

Also, under performance: fearless concurrency
And under maintainability: stability/backwards-compatibility guarantees (without stagnation)

Lokathor (Apr 16 2020 at 19:43, on Zulip):

Unfortunately, outside of our community, we have a reputation of being an extremely toxic community

Lokathor (Apr 16 2020 at 19:44, on Zulip):

I've heard from multiple people in multiple places that they don't even want to learn Rust the language, regardless of the merits as a language, because of the Rust community.

Josh Triplett (Apr 16 2020 at 19:56, on Zulip):

Could you elaborate a bit on the flavor of "toxic" that the community is perceived as? Because that's new to me.

Josh Triplett (Apr 16 2020 at 19:56, on Zulip):

Is this an issue of the loud RIIR/RESF crowd being perceived as part of the community?

Lokathor (Apr 16 2020 at 19:57, on Zulip):

Yes exactly that, and the, uh, "actix event" really put a pin on it.

Josh Triplett (Apr 16 2020 at 19:57, on Zulip):

Gaaah.

Josh Triplett (Apr 16 2020 at 19:58, on Zulip):

I find myself wondering if there'd be value in putting out a statement from the lang and core teams basically saying that the whole RESF joke is not something that we appreciate and is doing more harm than good, and we'd appreciate people not doing it?

Josh Triplett (Apr 16 2020 at 19:58, on Zulip):

It might not stop everyone from doing it, but it would at least say "this isn't welcome here".

Lokathor (Apr 16 2020 at 20:00, on Zulip):

I think that, "No, that wouldn't help at all, the kind of people who do this aren't listening to you to begin with", but also "Software is like a bridge or a house, and if you build an unsafe thing someone has to tell people to not walk on that bridge or live in that house because it's dangerous; so I somewhat see their point" and also "the internet has to learn to not dog-pile on situations (which of course it won't)".

Josh Triplett (Apr 16 2020 at 20:03, on Zulip):

So, regarding the first of those three points, the message wouldn't be primarily for the people who do this. It would be for the people affected by people who do this.

Josh Triplett (Apr 16 2020 at 20:04, on Zulip):

Saying "this is neither appreciated nor welcome in our community" has some value, at least, in setting an example and helping people know "any sufficiently popular thing will have its trolls" versus "the trolls are part of the community".

Lokathor (Apr 16 2020 at 20:05, on Zulip):

I don't think that it'd hurt.

simulacrum (Apr 16 2020 at 20:06, on Zulip):

I would be on board with such a statement; I might want to go further and as part of this endeavor try to put it up as more than "just a blog post" but e.g. a values page similar to CoC (and perhaps even enforced, to some extent).

Lokathor (Apr 16 2020 at 20:06, on Zulip):

I think that one way to help things long term would be if there was a blessed team of people who would have crate soundness issues reported to them, then they'd actually raise it with individual crate maintainers, and thus communication with actual crate maintainers would go through a very limited number of people who are selected for being able to stay diplomatic as much as possible.

Josh Triplett (Apr 16 2020 at 20:07, on Zulip):

@Lokathor Do you happen to know if the set of people currently working on the secure code working group and the safety-dance project are such people?

Lokathor (Apr 16 2020 at 20:08, on Zulip):

With all due respect to the people involved, I happen to know that they're not really, because, well, that's how this happened in the first place.

Lokathor (Apr 16 2020 at 20:09, on Zulip):

Bugs need to be fixed, but there's probably a reasonable way to fix issues silently and then announce a fix after the fact, instead of opening a github issue that everyone can go to and jump on. At least for most bugs.

and sure, if the bug lingers then open an issue and let it be known that there's a bug that can't be fixed right away and so on,

Lokathor (Apr 16 2020 at 20:10, on Zulip):

but at "reddit speeds" things get toxic

Josh Triplett (Apr 16 2020 at 20:11, on Zulip):

I was just looking at their repo, and...ugh.

Josh Triplett (Apr 16 2020 at 20:12, on Zulip):

Yeah, you're right.

Lokathor (Apr 16 2020 at 20:12, on Zulip):

I know the Ring dev specifically has a declared and firm "only disclose publicly on the github issue tracker" policy, i bet most people would like to have private notice first though.

XAMPPRocky (Apr 16 2020 at 20:20, on Zulip):

I've also been thinking about writing a personal post about this topic. There have been multiple incidents recently that I've found quite troubling.

RalfJ (Apr 16 2020 at 21:19, on Zulip):

Bugs need to be fixed, but there's probably a reasonable way to fix issues silently and then announce a fix after the fact, instead of opening a github issue that everyone can go to and jump on. At least for most bugs.

I am very surprised by this. IMO that's exactly what github issues are for.
I don't feel like "a bug was properly and respectfully reported on github" is part of the failure chain that lead to the actix "event".

Josh Triplett (Apr 16 2020 at 21:21, on Zulip):

I wonder about that myself. The piling on and drive-bys shouldn't have happened, but was the filing of the issue in the first place a primary problem?

Lokathor (Apr 16 2020 at 21:23, on Zulip):

Just filing the issue, wasn't a problem, no. However, as soon as that issue if filed it quickly got put many places and the discussion between two or three people became watched by many many people and it all spiraled.

Shnatsel (Apr 16 2020 at 21:41, on Zulip):

Do you happen to know if the set of people currently working on the secure code working group and the safety-dance project are such people?

That's a no from me as well. It's mostly me who handles the organization of safety-dance, and I'm also the person who has set off the latest Actix incident. I am trying to improve, but I don't quite trust myself to do dramatically better quite yet.

Shnatsel (Apr 16 2020 at 21:44, on Zulip):

Plus reputation is also a factor. The last thing I want a recepient of a message about soundness issues to think is "Oh no, it's from the guy who destroyed Actix".

Shnatsel (Apr 16 2020 at 21:50, on Zulip):

FWIW I am trying to separate my views (like the HTTP clients article) from WG activities (such as safety-dance) and generally not associate my name with the WG. It seems to be working well so far.

Josh Triplett (Apr 16 2020 at 22:04, on Zulip):

@Shnatsel Self-awareness is a very admirable trait, especially when combined with a desire for improvement. :)

Josh Triplett (Apr 16 2020 at 22:04, on Zulip):

Could I ask you to please pick a different Twitter banner? :)

Josh Triplett (Apr 16 2020 at 22:05, on Zulip):

Something less "you're not smart enough to use unsafe" and more safety-related?

Shnatsel (Apr 16 2020 at 22:05, on Zulip):

Right. I don't use Twitter so I wasn't even aware of that banner. I'll talk to the people involved to put something less divisive in there

Josh Triplett (Apr 16 2020 at 22:08, on Zulip):

Thank you!

Shnatsel (Apr 16 2020 at 22:08, on Zulip):

I've messaged the relevant people just now. Thanks for bringing this up!

Josh Triplett (Apr 16 2020 at 22:10, on Zulip):

FWIW, positioning aside, I appreciate the work that safety-dance is doing.

Josh Triplett (Apr 16 2020 at 22:11, on Zulip):

It makes me happy that you're finding cases where programs can get what they need without unsafe, and in particular when you take those learnings and bring them to the language or libraries.

Shnatsel (Apr 16 2020 at 22:14, on Zulip):

We need to organize the identified issues better, by the way. There is a bunch of quite specific things that people are missing safe abstractions for and have to resort to hand-rolled unsafe that could be done once and for all, but that list is currently not published anywhere, or even written down.
While we're at it, any tips on organizing that? I was considering starting a repo under Secure Code WG and put those in the issue tracker, but I'm not sure it's a good path because that's quite removed from the places people would normally read. OTOH rust-lang/rust has so many issues that these ones would just get drowned.

Josh Triplett (Apr 16 2020 at 22:15, on Zulip):

You might start by tagging issues in the existing secure code WG with a "potential-pattern" tag or something like that.

Josh Triplett (Apr 16 2020 at 22:15, on Zulip):

And then opening issues tagged as "pattern-proposal".

Josh Triplett (Apr 16 2020 at 22:16, on Zulip):

You could brainstorm them, try to come up with an implementation or specification of the pattern in practice, and then bring that to internals as a pre-RFC.

Shnatsel (Apr 16 2020 at 23:16, on Zulip):

The Twitter banner is removed

mark-i-m (Apr 17 2020 at 15:41, on Zulip):

Hmm... well, I'm late to the game, but thanks for bringing that up @Lokathor ... I'm not on twitter or reddit, so I was unaware that anything happened at all until I saw Steve's blog post, and even then I didn't realize how big it was...

mark-i-m (Apr 17 2020 at 15:42, on Zulip):

That said, regardless of whether we do a good job at it or not, I still think "having an awesome community" is a value of rust -- that is, it's something we definitively work for, right?

Tshepang Lekhonkhobe (Apr 17 2020 at 16:58, on Zulip):

this topic seems to be about principles that help guide Rust design, so "awesome community" seems unrelated

Josh Triplett (Apr 17 2020 at 17:01, on Zulip):

It's not often something that directly informs language design, but we do think about the community and ecosystem impact of language changes. For instance, I know of at least one feature we're thinking about where we're talking about whether that feature would lead to a specific kind of strife between members of the community (making a specific thing opt-in per crate, which could generate a large number of "please enable this in your crate so I can use it when using your crate" messages).

Tshepang Lekhonkhobe (Apr 17 2020 at 17:08, on Zulip):

The compiler once allowed code accepted by ast-borrowck that got rejected by mir-borrowck, with just a warning, to give people time to fix their code. Would that be another good example?

Tshepang Lekhonkhobe (Apr 17 2020 at 17:09, on Zulip):

crater and perf runs too, I suppose

Josh Triplett (Apr 17 2020 at 17:11, on Zulip):

I mean, at the end of the day everything we do is trying to make things better for the Rust community, so I wouldn't want to overstretch that as a value, but I do think it's worth recording and keeping in mind.

nikomatsakis (Apr 17 2020 at 19:32, on Zulip):

in particular ones that may have implications for language design

nikomatsakis (Apr 17 2020 at 19:32, on Zulip):

I'm also quite interested, in general, in trying to find ways to make writing correct, efficient unsafe code more ergonomic.

nikomatsakis (Apr 17 2020 at 19:33, on Zulip):

It might be useful to have a kind of joint lang/secure-code brainstorming session to share thoughts and ideas?

nikomatsakis (Apr 17 2020 at 19:33, on Zulip):

Heck we could do a virtual workshop :)

nikomatsakis (Apr 17 2020 at 19:33, on Zulip):

/me gettin' crazy

scottmcm (Apr 17 2020 at 21:10, on Zulip):

I think I like the "[language] design principles" phrasing for this better -- I'm most excited for this as a starting point for "why do we reviewed/concern something?". Broader values are also a valuable conversation, but are a much bigger thing than a t-lang stream.

nikomatsakis (Apr 18 2020 at 10:57, on Zulip):

@scottmcm I like that too

nikomatsakis (Apr 18 2020 at 11:04, on Zulip):

one other thing. I thnk this document is in danger of being "all the things" -- i.e., rust language tries to be everything. Of course, that's true, but it's good for us to put some hard thinking also into the places where we fail (or choose not to) uphold a given principle, and why.

nikomatsakis (Apr 18 2020 at 11:05, on Zulip):

As an example, I was thinking about "stability"

nikomatsakis (Apr 18 2020 at 11:05, on Zulip):

(maybe encapsulation is the right name?)

nikomatsakis (Apr 18 2020 at 11:06, on Zulip):

basically the idea that making changes to your fns doesn't cause your callers to stop compiling (nor, ideally, to stop Working)

nikomatsakis (Apr 18 2020 at 11:06, on Zulip):

I think we do a lot of work to maintain this, but there are some places that we fail, notably adding AsRef impls

nikomatsakis (Apr 18 2020 at 11:06, on Zulip):

I guess the "modularity in the abstract sense" goes in this direction

Last update: Jun 05 2020 at 23:20UTC