top | item 28336939

(no title)

xucheng | 4 years ago

Compared with Rust’s Result monad, which allows developers to clearly see the effects of error handling, there are two other hidden fallible effects in Rust that are much harder to tackle:

* Panic rewinding. I am not sure how to ensure your Rust function being panic safe. It is quite easy to cause soundness issue if some invariants no longer hold due to panic. I see `PanicGuard` sometimes used in Rust std library.

* Future cancellation. `tokio::select` is one of the infamous examples, where it is quite easy to introduce bug if the future cannot handle cancellation gracefully.

When trying to handle them properly, it feels more like writing traditional C code than Rust.

discuss

newpavlov|4 years ago

>I am not sure how to ensure your Rust function being panic safe.

You could use the linking trick in which your panic handler uses non-existent extern fn. For example, this approach is used in the no-panic crate. Of course, this approach is nothing more than a clever hack with several significant limitations.

>Future cancellation

I would say it's a more general problem of Rust lacking linear types.

api|4 years ago

IMHO both panics and async are a mistake. The latter should be a standard library with some macros and the former should be replaced by proper error handling everywhere.

Yes out of memory errors should be able to be handled. You might not care when writing web backend slop designed to run under orchestrators but for systems code it is necessary sometimes and Rust is a systems language.

It’s possible to work around both shortcomings but they contradict the languages mission and are warts. Async is a big “excessive cleverness” mistake.

steveklabnik|4 years ago

It is not possible to implement async/await efficiently and safely with macros, and so doing so would be “contradicting the language’s mission.”

They were considered and even originally built that way, but empirically it was worse.