Rewriting m4vgalib in Rust
Cliff Biffle (via Bryan Cantrill, Hacker News):
The Rust implementation is simpler, shorter (in lines of code), faster, and smaller (in bytes of Flash) than my heavily-optimized C++ version — and because it’s almost entirely safe code, several types of bugs that I fought regularly, such as race conditions and dangling pointers, are now caught by the compiler.
[…]
Rust’s ownership rules produce a sort of bizarro-world of API design.
Some (uncommon, but reasonable) API designs won’t make it past the borrow checker. (In nearly every case, these are APIs that were easy to use incorrectly in other languages.
Some API patterns that are grossly unsafe or unwise in other languages are routine in Rust because of lifetime checking.
[…]
Because of Rust’s ownership and thread-safety rules, you can only share data between threads and ISRs if it’s packaged in one of these thread-safe containers. In Rust terms, the containers convert a type that is
Send
, or safe to move between threads but not safe to use concurrently, into a type that isSync
, or safe for concurrent use. If you add some new data and attempt to share it without protecting it, your code will simply not compile. This means I don’t have to think about data races except when I’m hacking the internals of a locking primitive, so I can think about other things instead.