Update C++ interop goal #193
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nikomatsakis
approved these changes
Dec 17, 2024
baumanj
reviewed
Dec 18, 2024
| @@ -39,7 +39,7 @@ Roughly speaking, there are three axes to adoption of memory safety: Social, Tec | |||
|
|
|||
| For example, safety has become more socially desirable in many technical communities over the years, which has led to the development of mitigation measures and the adoption of languages like Rust. This has come partly as a result of the recognition of the economic costs of memory safety vulnerabilities. | |||
|
|
|||
| For C/C++ this has led to an improvement along the technical front in terms of automated checking, in both static and dynamic tooling. However, this protracted effort has also revealed the limits of such an approach without language changes. While there have been growing calls for C++ to adopt memory safety features,[^safe-cpp] they have not gained traction within the body that controls the C++ standard for a combination of structural, technical, social, and economic reasons.[^corentin-profiles] The cost to adopting such features in C++ is too high for a combination of technical, social, and economic reasons. | |||
| For C/C++ this has led to an improvement along the technical front in terms of automated checking, in both static and dynamic tooling. However, this protracted effort has also revealed the limits of such an approach without language changes. While there have been calls for C++ to adopt memory safety features,[^safe-cpp] they have not gained traction within the C++ standards body for a combination of technical, social, and economic reasons.[^corentin-profiles] | |||
There was a problem hiding this comment.
I think some would argue that safety profiles are addressing the safety issues, but the approach is fundamentally different to Rust, so perhaps it would be more accurate to say that the standards body has reviewed a proposal for evolving the language to add a Rust-like safe-by-construction subset and is currently opting to pursue a previously proposed, less-invasive alternative in an attempt to speed and simplify adoption, but which does not provide guarantees against undefined behavior or data races that are core to Rust's value proposition.
|
|
||
| The fact that all of these options exist and undergo active development is a testament to the value developers see in Rust adoption. However, they leave out a large portion of production use cases today: Projects that make rich use of an API in a language like C++ where comparatively limited interop support exists for Rust, and that link in enough code to make rewriting infeasible. | ||
|
|
||
| Furthermore, the limitations of current interop tooling are not simply a matter of adding features. Many of them stem from a mismatch in the expressiveness of the two languages along various axes. As one example, C++ and Java both support overloading while Rust does not. In some cases this mismatch is broadly accepted as a missing feature in Rust that will be added in time. In others, Rust's lack of expressiveness may be considered a feature in itself. |
There was a problem hiding this comment.
Probably worth calling out a few of these differences:
- Rust's different approach to inheritance (or perhaps the orientation towards composition)
- Generics vs templates
- Value semantics and default relocatability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change the title to reflect that we are not actually solving the problem yet and emphasize calling C++ from Rust, since that is where many of the hardest problems lie.
Generalize the wording a bit around incremental adoption in large codebases, since the problems apply equally to any project that needs to call a rich C++ API.
Add a design axiom:
cc @baumanj