Poke Poke. Unapproved because of a lot of citations.

In that scenario the moved-from object's lifetime has ended, and this is clearly defined. Neither the move's semantic nor the object's lifetime are undefined, and these were the claims that I rejected. This should be hard to overlook in code because you have to trigger moves explicitly so it is unlikely this will happen to you by mistake, and also you get tool support too to diagnose such mistakes if they do happen.

Even if you don't promote it to an error, you get a warning, and in the scenario that you are worried about, the user actively chooses to ignore this warning. That's the user's fault. I also don't see how promoting warnings to errors and not being able to compile in C++ is much different from Rust not letting you compile the same error for the same reason by default. Puff, you needed to add a compile flag manually, so what? Certainly not a reason why Rust is better than C++ (even though it is, for other/unrelated reasons).

There is no reason to worry about addresses returned by allocation functions such as malloc (or new), as these are guaranteed to return a pointer with sufficient alignment for any type. The only (rare) exception is when working with SIMD. Other cases, like when doing manual type punning / recasting a pointer from one type to another, the compiler can (and given the right flags, will) warn you.

You keep making that assertion. Please provide a factual and verifiable reference that LLVM is not trust-able.

Yeah because getting dependencies quickly and easily is such a nightmare.

I completely agree with you, but that in itself is a point in Rust's favor. Modern C++ using standard algorithms is a great language for systems programming, but often you have even experienced people coding like they are writing in C. (raw loops, manually manipulating things instead of using STL, using inheritance, etc.) I think you can blame academia in some sense for poorly teaching the language, and in some ways it may be a cultural thing also, where people are used to doing things in a low level way. At least people don't use new/delete anymore...

There is some benefit in starting with a new language with the proper expectations up front, engrained into the culture at the start. I think if all C++ programmers were made to watch experts like Sean Parent describe the ideal way to program then things would change for the better. Having the compiler straight up yell at you is not a bad alternative though.

Umm arm-none-eabi is supported by Rust. I'm running Rust on an arm machine as well as a risc-v little board. It's a "3rd stage support" so basics only (core, no std) but that's what you want usually for embedded anyway.

Exactly right. Working at Google doesn't make you a good programmer. Sean has a good story about a code review he did at Google where he explains how this complex logic involving windows in ChromeOS is really just a rotate. I can't find the clip of the complete story, but he ends up saying that while doing the code review, he actually got the programmer involved to admit that it was a rotate after a few days, but because every code review at Google involves a "mentor" who is senior to the code reviewer, the mentor actually disagreed with him and ended up forcing the original code into the repository. That's why he says he only lasted a year at Google lol. So even "experienced" people aren't necessarily good programmers. We've come a long way since C++ was first introduced, and the problem is that many people are still carrying around the mental baggage of the earlier years.

But nobody claimed that.

Well, yes. If you're lucky you get a warning, if your compiler is new enough.




There is a difference between actively ignoring and overlooking. If you don't have a process at work where warning free builds are enforced, it surely is the user's fault. But that is also the case for writing the bugs in the first place.

The big advantage of the rust compiler is that things which are obviously wrong are errors people cannot ignore. This is maybe a case of "better defaults".
Usually, big shared code bases don't have -Werror enabled because it breaks compilation for existing (and working code) if you use a different compiler.
The trouble about warnings in C++ code is that every compiler warns about different things in different releases.

We were talking about aliasing, not alignment, were we?

Tip: gcc/clang -Werror=switch: I think it should be obligatory

However, the real problem is that default disables this warning/error – a dilemma if you have coding policies that mandate use of default (such as MISRA). Example:

Rust is a relief in this case, because this was never allowed to compile in the first place, so you don't have dilemmas with differing practices and obsolete policies around it.

The pain point is that different compilers need different flags on different platforms. And certain compiler versions yield false positives for certain things. I recall using a switch with an enum class and all switch arms issued a return with some value. So basically, any code after the switch statement was unreachable. But still, some gcc version ( I think it was gcc7) forced me to return something after the switch statement as it didn't understand that the return was unreachable. So I could not enable that flag and we had to live with the false positive warning with that compiler version. Which we had to support, as it was part of the toolchain for some platform we still support.


Nevertheless, personally, I think a newer C++ standard should force such things to be errors by default. But it is never going to happen.