specification VS rfcs

Many people misunderstand how software is written in regulated industries, and assume that a standard is necessary. In practice, this is not the case. Note that Ferrocene[1] had to produce a specification[2] in order to qualify the compiler. But there isn't a requirement that it must be a standard in any way, only that it describes how the Ferrocene compiler works. Nor that it be accepted by upstream.

1: https://ferrous-systems.com/blog/officially-qualified-ferroc...

2: https://github.com/ferrocene/specification

If by "no standard" you mean that there is no language specification for rust, then there is no standard. However, a language specification is not sufficient to verify program correctness, nor is it required.

A standard may (and the C standard for example does) leave parts of the behavior as "implementation specific" and there's quite a few edge cases - and that's not even talking about "undefined behavior", of which there is plenty. An even in the behavior that is neither implementation specific nor undefined you'll find enough rope to hang yourself (all the beautiful pointers).

On the other hand, the rust language - while having no formal spec - is fairly well described, in the form of its RFCs and testsuite. We (the ferrocene team) were able to derive a descriptive specification from the existing description fairly easily. So while there is no ISO standard, and no spec that would be sufficient to write a competing implementation, there is a description of what the language behaves like. You can read up on it at https://spec.ferrocene.dev/

As for verification of correct behavior of such a program, you can employ a host of different techniques depending on what your requirements are - down to verification of the produced bytecode by means of blackbox testing or other.

They created a specification for Ferrocene because Rust does not yet have a language standard:

https://spec.ferrocene.dev/

>> But does the language need a standard?

Yes, Rust needs a standard.

>> And if so, then for what purpose?

For the same purpose that all standards have--to formally define it in writing.

Ferrocene's web site (https://ferrous-systems.com/ferrocene/) shows that it meets the ISO 26262 standard (https://en.wikipedia.org/wiki/ISO_26262).

Why does ISO 26262 matter? What purpose does it serve? Couldn't a vehicle manufacturer just say "our vehicles are safe"? Which would you trust more: a vehicle that is verified to meet ISO 26262 standards, or a vehicle whose manufacturer tells you "it's safe"?

https://github.com/ferrocene/specification

They do say any differences between it and upstream behavior or documentation is a defect in the spec, not upstream. So it isn't authoritative. Unless we all decide it is.

>> The spec does not define the software. The software is as the software does. Having or not having a spec doesn't protect from bugs - people do.

>> What you're taking about is covering one's ass, not specification.

They are related.

In safety-critical software, bugs can cause people to die. Without a spec, no one will use Rust for safety critical software. It would be too risky and no company would accept that level of risk.

For example if software that controls an airplane is written in Rust and an error occurs during flight, what happens? The software can't just panic and crash or the airplane might crash.

The Ferrocene project (https://ferrous-systems.com/ferrocene/) is working on producing a safety-critical Rust specification (https://github.com/ferrocene/specification) because having a language specification matters for safety-critical work.

I'd like to clarify a little here: There's an ISO certifiation in here - but it's not an ISO standard for the language.

Essentially, the ISO 26262 certification verifies that the compiler release process conforms to a certain standard. It does not create an ISO standard for rust, not does it aim to. At part of the certification process we had to write a spec for the rust language, but it is a descriptive spec of how certain aspects of the rust language behave for one specific release of the compiler.

The certification builds on this to ensure that tests catch deviations from the spec, known problems are documented etc. So rust as a language is unaffected, as is the rust project. The spec is open source and might be useful to others, you can find it at https://spec.ferrocene.dev/

The target sectors for ISO 26262 and related industrial certification are clearly sectors that require such certification: automotive, medical, etc.

Ferrocene itself however, is not only the ISO certified downstream of the rust compiler, it also offers for example long term support and tracking of known issues which the rust project does not provide. This is also important for certain applications that do not strictly require certifications.

>> Rust is defined by the implementation.

Hopefully not for long:

https://github.com/ferrocene/specification

https://ferrous-systems.com/blog/the-ferrocene-language-spec...

Hopefully Ferrocene can lead to Rust itself being standardized.

To me, it seems inevitable that there will be multiple implementations of Rust, especially if Rust continues to be more widely adopted and used in new domains.

I would also not be surprised if Rust were to adopt optional language extensions for specialized use cases, similar to Ada's language annexes:

http://www.ada-auth.org/standards/22rm/html/RM-1-1-2.html

Why? Because the Rust implementation you use for video game programming does not need all of the same features as the Rust implementation that you use for safety-critical embedded systems (for example: railroad control software).

That’s an easy enough problem to solve (though time consuming), and Ferrocene is working on it. Having >1 compiler implement the spec is just a human fuzz test that finds edge cases, and that’s a good thing.

I don't know what ISO-26262 requires, but for IEC-61508 only requires "The language should be fully and unambiguously defined." - which I think Ferrocene has taken a decent stab at with https://spec.ferrocene.dev , and an accompanying ISO standard is not a hard requirement.

RFC: Add large language models to Rust

https://github.com/rust-lang/rfcs/pull/3603

Man, SO and family has really gone downhill. That top answer is absolutely terrible. In fact, if you care, you can literally look at the RFC discussion here to see the actual debate: https://github.com/rust-lang/rfcs/pull/582

Basically, `for x in y` is kind of redundant, already sorta-kinda supported by itertools, and there's also a ton of macros that sorta-kinda do it already. It would just be language bloat at this point.

Literally has nothing to do with memory management.

Congrats!

> Similarly, uv does not yet generate a platform-agnostic lockfile. This matches pip-tools, but differs from Poetry and PDM, making uv a better fit for projects built around the pip and pip-tools workflows.

Do you expect to make the higher level workflow independent of requirements.txt / support a platform-agnostic lockfile? Being attached to Rye makes me think "no".

Without being platform agnostic, to me this is dead-on-arrival and unable to meet the "Cargo for Python" aim.

> uv supports alternate resolution strategies. By default, uv follows the standard Python dependency resolution strategy of preferring the latest compatible version of each package. But by passing --resolution=lowest, library authors can test their packages against the lowest-compatible version of their dependencies. (This is similar to Go's Minimal version selection.)

> uv allows for resolutions against arbitrary target Python versions. While pip and pip-tools always resolve against the currently-installed Python version (generating, e.g., a Python 3.12-compatible resolution when running under Python 3.12), uv accepts a --python-version parameter, enabling you to generate, e.g., Python 3.7-compatible resolutions even when running under newer versions.

This is great to see though!

I can understand it being a flag on these lower level, directly invoked dependency resolution operations.

While you aren't onto the higher level operations yet, I think it'd be useful to see if there is any cross-ecosystem learning we can do for my MSRV RFC: https://github.com/rust-lang/rfcs/pull/3537

How are you handling pre-releases in you resolution? Unsure how much of that is specified in PEPs. Its something that Cargo is weak in today but we're slowly improving.

In the early days of Rust there was a debate about whether to support "green threads" and in doing that require runtime support. It was actually implemented and included for a time but it creates problems when trying to do library or embedded code. At the time Go for example chose to go that route, and it was both nice (goroutines are nice to write and well supported) and expensive (effectively requires GC etc). I don't remember the details but there is a Rust RFC from when they removed green threads:

https://github.com/rust-lang/rfcs/blob/0806be4f282144cfcd55b...

I did some more digging. By RFC 899, I believe Alex Crichton meant PR 899 in this repo:

https://github.com/rust-lang/rfcs/pull/899

Still, no real discussion of why unbuffered stderr.

Rust has had a stable SIMD vector API[1] for a long time. But, it's architecture specific. The portable API[2] isn't stable yet, but you probably can't use the portable API for some of the more exotic uses of SIMD anyway. Indeed, that's true in .NET's case too[3].

Rust does all this SIMD too. It just isn't in the standard library. But the regex crate does it. Indeed, this is where .NET got its SIMD approach for multiple substring search from in the first place[4]. ;-)

You're right that Rust's standard library is conservatively vectorized though[5]. The main thing blocking this isn't the lack of SIMD availability. It's more about how the standard library is internally structured, and the fact that things like substring search are not actually defined in `std` directly, but rather, in `core`. There are plans to fix this[6].

[1]: https://doc.rust-lang.org/std/arch/index.html

[2]: https://doc.rust-lang.org/std/simd/index.html

[3]: https://github.com/dotnet/runtime/blob/72fae0073b35a404f03c3...

[4]: https://github.com/dotnet/runtime/pull/88394#issuecomment-16...

[5]: https://github.com/BurntSushi/memchr#why-is-the-standard-lib...

[6]: https://github.com/rust-lang/rfcs/pull/3469