while we wait for rust libraries, go learn to code in C at lowlevel.academy :)

You could have said "Dynamic Library", i genuinely thought Rust Foundation messed up something big again about Libraries in Cargo like they did about the brand / logo last time.

ELF ABI isn’t actually a term. The ELF Format supports multiple ABIs, for example my gcc compiler uses the System V ABI

Btw, unsafe Rust code does NOT disable borrow checker. It allows unsafe function calls, raw pointer dereference and stuff like that, but does not disable borrow checker

FYI, Rust *absolutely does* have support for dynamically linked libraries, including all Rust features. The problem is that the ABI is unstable across compiler versions, not that it doesn't exist.

It's important to point out that compilation is only long on clean builds. Incremental builds are okay-ish, during development.

- Wait ?? It's all C/C++ ???? - Always has been *error: no matching function for call to ‘typename std::enable_if::type>::type>::value’ to ‘int’*.

"if i pass a mutable reference into a compiled binary, how is it possible for the borrow checker to make sure the reference is used in a way that is safe" the borrow checker would've already made sure of that when the library binary was compiled, then, the checker in your code would look at the function signature to enforce the rules at your side. if both sides were checked individually, and the interface contract (function signature) is respected, it should just works as if you checked them at the same time

As an embedded linux integrator (Yocto), this makes all our applications +10MB in size which will become a problem very soon with our 256B of RAM.

Over in WebAssembly land, they're working on something you could call an "ABI" with the Component Model, where the interface a component (=library or application) imports/exports is defined in a separate file (a .wit file), and then bindings from that file are generated for whichever language the component is written in (C, Rust, Go, ...). If other libraries or applications then want to use this component, they also generate bindings for their language from the same .wit file.

Didnt Google gave million to the Rust Foundation to improve C++ Interoperability, I think many more will ask and maybe donate to the Foundation to make devs there focus on this, so in near future i wouldn't be surprised to see good or somewhat good alternatives to improve this

It’s is totally possible to put rust libraries in their own shared objects and link them at compile time. The problem is that the ABI isn’t stable across compiler versions which limits the usage of those libraries by a lot. The only application I can think of for this is an embedded OS environment with very limited ram where you can set the rust compiler of a project to a fixed state and compile one shared object that you use across projects. This way the shared object is only loaded once into memory

Wait. C++ has the same problem and solved it in a pretty clean way: just encode type information in the ABI data. If you disassemble C++ library objects, you will notice that symbol names aren't clean function names from code and contain a lot of encoded information (such as constness of objects, calling convention and other). This technique is called name mangling. Can't Rust do the same? And regarding templates (static polymorphism): same state in C++ as in Rust: reevaluate every time and recompile. That's one of the reasons you still need header files for compiled libraries. Some libraries in C++ are so template-heavy that they go header-only and can not be built by themselves.

I don't see why the borrow-checker would not be able to work across boundaries for other libraries written in Rust. If the functions within the Rust library violate borrowing rules then the library shouldn't compile in the first place, right?

Looks to me that this is just Rust being relatively new. C has had decades to try and perfect itself. I can't wait to see what they do with Rust, since it is unironically one of the best languages I've ever learned. That or someone makes a language like Rust that works around the mistakes mentioned.

IMHO the original K&R C was essentially a super macro assembler. A way to code in a higher level format, using a compiler for the parts that weren't that time sensitive, and in-line assembly code for those parts that were.

The long compile times are actually not only compling but also linking. Loved this video, good work!

@1:00 easy solution: c++ instead of c. use smart pointers and std::array over manual memory management and c-arrays, and you wipe out 95% of memory issues.

Rust is a young language. I am a C++ veteran and not really fluent in Rust yet, but I can see the potential. And we need something better than old, unsafe languages. If Rust gains momentum, the library problem will be solved eventually. We'll see.

This video is evidence for my new hypothesis: Once a programmer starts learning about abstract syntax trees, and creating their OWN language, they start wanting to coble together programs with assembly from multiple compiled programs.

The best thing about this channel is he makes videos a lot shorter than the other channels. He does not use storytelling to make a simple thing turn into a 15-minute video.

You could say that binary interface is a bit. Rusty. ; ) WHY ARE YOU BOOING ME I AM RIGHT?!

In short: 1. rust does not have a stable ABI 2. Using shared libraries will break the static safety analysis. These things make shared libraries impossible in rust.

I've made dynamic libraries in Rust multiple times. These days you can easily reach for crates like stabby and abi-stable. The bigger question is why you would want to do that when static linking is better in most cases.

While the Rust ABI isn't stable, cargo still calls rustc for each crate separately, generating intermediate artifacts that get linked together in the end. While the ABI isn't stable between different versions of the compiler, it _does_ need to be stable across invocations of the same compiler. This reveals a very simple solution: separate library outputs by compiler rather just having a single version for each crate. Cargo actually has hashes for intermediate artifacts as well, encoding not just the crate and the compiler version, but several other build parameters as well. While these are currently local to each project, there's nothing stopping them from being global. Would this actually help? Honestly, probably not. This is because where as C projects specify the names of their dependencies and maybe a minimum version, Rust crates include a lock file that requests specific hashes of each dependency, and customization of the libraries' features is specified by the crate author as well rather than a third party packager. These, combined with distinguishing libraries by the compiler used for them, make the actual chance of two separate projects sharing the exact same configuration of the exact same dependency with the exact same compiler and the exact same compile flags is very slim. It really would be no different than it is right now, just with the overhead of dynamic linking to a library only actually used once. That hasn't stopped some people from treating each crate dependency as a separate package, but the only distro I know of where this isn't crazy is NixOS, since it already distinguishes packages by all of the factors mentioned previously and more. (In some ways, Nix acts more like a language package manager rather than a system package manager, despite generally being used as the latter.) This is still rather niche though, with most rust projects either being packaged as a single unit, or sometimes with all the dependencies as a single separate package linked into the final package.

very interesting topic and well explained too! thank you!

Shared libraries are one of the worst things that ever happened. I remember when we used to compile linux programs from source and you'd get a ton of errors since libraries weren't compatible. Or when a Windows app needs a specific dotnet version because they're not backwards compatible. Having an entire app package makes the most sense.

Reading, "For instance, passing a string" as "For example, passing an instance" amuses me. 😄 6:31

Maybe the next big step in static analysis (like borrow-checking) is inventing a practical way to NOT cross module boundaries. To somehow record all the relevant information about a module in its interface, which can be then saved into an _auto-generated header file,_ which then will be used for checking the program that includes it.

I like that programs does not depend on precompiled libraries. Like that, you don't have to care about which version is installed on your system by your package manager, you always have the most up to date version (or even an outdated one if you need it), and as everything is managed by cargo you don't need to compile and install the library (and it's dependancies) yourself if you have an exotic setup.

I've seen some people talking about how this is a problem for a security standpoint as well (as if we ship our code statically linked with a library which contains safety vulnerabilities then all of our programs will need to be updated individually to fix it). But this appears to be a one-sided reasoning, because it can work the other way around as well. You can have a bunch of working programs that relies on the same safe package, then it became vulnerable and suddenly all the programs in the system that shares are in risk as well instead of just the ones that had it updated (which means more chances for a potential attacker to explore the vulnerability as most programs in a system tends to be sparsely used).

This is a valid problem to work towards but static binaries should def still be the default, or at least the default for release builds. Packaging for different OS's is just so much more simple

Devs hate shared libraries, I get it. BUT... As a user, I will NOT want 30 executables that use 50 statically linked libraries each, which might have another 50 statically linked libraries packaged as an "application". That is NOT AN APPLICATION, that is a piece of storage and memory mallware. Exponential memory requirements for a working system is not acceptable.

A similar issue can be found in C++ when using templates. If you write template code it needs to be recompiled for basically every use (you generally can't put it into the cpp file it needs to be in the h/hpp file). Working around that is possible and since it's only a part of the C++ language so I guess it's not that big of an issue as in Rust but still and issue IMO. I wonder if there are also options to pre-compile or at least pre-tokenize Rust code (this does exist for C & C++ headers although I don't see it used much). That would likely fix some of the compile time overhead but not really the binary size. Should also be noted that a lot of the binary size isn't just code. There is a lot of information regarding symbols and other stuff left in the binary which can be striped out (either via the cargo strip setting or using the strip command). Linktime optimization is also usually turned off to reduce compile times a bit and dead code elimination is less effective due to Rust running multiple compilation units (also to reduce time by doing some work in parallel). I generally change those settings for my release target which does add some compile time but can have a large impact on binary size (especially in an embedded program where everything is statically linked it gets the codesize pretty close to C)

Unsafe doesn't disable the borrow checker. Even Rust pointers are annotated on whether they're mutable or immutable.

"Sometimes the compiler gets mad at you" - understatement of the century

Im doing my Graduate Project around Cybersecurity thanks you to you!

Feeling very smug as a C++ enthusiast hearing about rust not having an abi because it has more complex types and generics. But also, C++ still has slow compile times and linker errors are pain C++ also invented ownership and borrowing, Rust just made it mandatory

It's perhaps a good thing to not have dynamic libraries. It can be really limiting to try to maintain backwards compatible ABI. Force the developers to recompile everything all the time and I think it will promote libraries being updated to new compiler versions faster. Rather than being forced on some old version because some library doesn't get updates anymore.

Even C++ has problems with ABI. GCC has in the past had to revise the C++ ABI in backward-incompatible ways. C will probably remain relevant as long as shared libraries are around.

ik I'm probably missing something but why didn't they just "half-compile" the packages? the lexer, parser, same application checker, and everything else that your code doesn't matter in; can just be done once right? or did they already do that?

Shared objects are cool for the reasons stated, but compiling everything into a monolithic binary allows your program to run without dependencies. Dependencies suck (for many reasons).

Libraries involve a level of trust. A library will always be able to lie about its compliance with the contract. "Hey, I promise to not alter this thing pointer you sent me." Also library: crossed fingers. For complete trust, you have to pass clones and receive clones. COW enforced by the kernel may help skip some memcpy for this pattern, while making sure any writes to the memory get put somewhere else. Using memory protection features could also help. Missing any of these, just fall back to deep copies - which only solves part of the problem, as the library can still screw around the entire process memory space.

It's really useful to know that Rust is only currently practical for static compiled binaries. Somehow, I had heard anyone mention that before.

technically a lot of the libc stuff don't implement the hard things, they are just wrappers around the syscalls, though they do make it more convenient to do stuff.

I'd love to know what you think is messy about the syntax. If you've got any specifics, that'd be awesome.

seeing how big, smart and enthusiastic the rust community is, even as someone who has never wriiten a single line of rust code, i would be genuinely suprised, if this isn't happening in the next 10 years. the world would probably have to sink into total chaos.

This takes *rewrite everything in rust* to another level

Not having an ABI gives Rust a big advantage in optimization by the compiler. The fewer constraints there are placed onto the compiler, the more optimization can occur.

Please add url to the pull request I want to read it 🙏

Compiling static binaries in golang is orders of magnitudes faster than compiling rust. I don't think libraries are (solely) to blame for compile times. (Definitely for the large binaries, though)

Rust's static analysis requires having all of the semantic and structural parts of the program available so it can ensure that everything is consistent. It should be possible to do this using an intermediate form built from the type information and abstract syntax trees, thus not requiring the full source for the things that are now in crates. Over time, this representation can be made more compact. This probably rules out compatibility between the output of different compilers, and even different versions of the same compiler, but if the pre-parsed crate code is stored with the crate, an incompatible compiler can simply compile the source and ignore the short cut. Binary libraries are a different issue. There must be a way to define a common representation of types exported by a library such that all programs that depend on the library will agree on its structure in memory. Don't allow generic parameters to library functions. The problems described in this video are only a subset of the reasons I can't use the language in my embedded project. The biggest hurdle is that Rust is unavailable. Now for my obligatory rant: Due to the NSA having become brainwashed into believing C cannot be trusted under any circumstances, I am forced to reinvent the wheel and write a full network stack including TLS, HTTPS, and PTP client in Ada, which is the only approved language available for the MicroBlaze soft microcontroller. This new rule alone has added about 4 million dollars to the cost of developing this product. In the past 10 years, no piece of C code I have released has had any sort of buffer overflow or memory leak. This is provable. There's no dynamic allocation, all structures and arrays that are not on the stack are statically allocated. The code is efficient, deterministic, and robust. It takes a lot of discipline to write this sort of code in any language, Rust included.

To be honest, the compile times never bothered me with rust. I don't think that it is actually such a big problem as we always read online. It is only the first compilation of a project that takes this long. Also, I LOVE that Rust builds everything into a single file. I was previously coding my hobby projects in C# and I voluntarily started building standalone binaries instead of the library-dependent ones to prevent dependency issues on the end device. I know that we now have solutions like flatpak for this (and I love flatpak!), but standalone binaries also work for the projects I did, with less hassle to deal with. And in my 5 years of using Linux, I've been there multiple times that my distro's libc updates and a bunch of programs break because they haven't been updated yet. Of course, this approach also isn't perfect, as we see with filesize and compile times. Also, from a security standpoint, a program could ship with an old, vulnerable library, and it's the developer's job instead to update it. Still, I have enough time and disk space, so this approach works better for me.

Thanks for this video. I am really glad I didn't spend any time on learning Rust. As not being able to use libraries is pretty much showstopper for (not just) me.

For the first time I feel like I can say I love web dev and HMR that powers sub-second compilation and not get bashed for it.

I'm no systems developer, but I feel like pretty much the idea of a borrow checker is much higher level than what most people would expect out of an ABI. The very idea of a function/method/etc., in theory, is something that takes in an input, and does something with it. What it does with it, doesn't matter to anything but itself. Rust obviously changes that. I'd be curious to see how they introduce these higher-level concepts into an ABI.

Might be good to mention that C++ shares similar issues for similar reasons

“When you build anything in rust, you’ve to download a 1000 crates in cargo” I wish there were 1000 crates on cargo, and when you build you get raided. lol how can a programming language have the same lingo as my favourite video game?

That's funny! I only really started diving into rust after the cryptography library we were using changed over to it. Took so long that it broke our build pipeline.

You spoke exactly what I was thinking. Yep, it would've been really awesome if there were something like c/c++ abi in rust as well.

this is crazy, i actually just got done using the stable abi crate for a personal project of mine and it's definitely not as easy but it's very doable, i'm adept level i'd say at rust, and if i could figure it out i'm sure someone could make it work it's definitely going to be a long road though

I personally despise the preference of interoperability over safety.

Rust library = memory safe wrapper on C library

At least when the compiler is mad at you in Rust it tells you exactly how to fix it (usually)

The problem is that ABI is an OS spec target, and OS targets were built with C ABI (data types and limitations included). What we need is a new ELF/.so dll and dylib specification where the ABI can represent Rust (and type-safe) entities. Also, I wonder if WASM or LLVM IR could be used as rich bytecodes for Rust's dynamic libraries to be compiled/cached on demand?

Now it's understandable that why people are still using C/C++ dispite having so many modern laguages

There is a very hacky thing called stabby that does some fascinating stuff with the Rust type system to enforce a representation on structs and enums.

On server/desktop linux the trend is flatpack, doing less dynamic linking, as it is a constant issue with software distribution. In nixos dynamic linking is expressed as static linking, only yielding advances in saving ram. So far I feel that, not having dynamic linking in rust, is not an issue. Thanks for the video! Love your channel!

This is the first time in my entire life that I've ever heard anyone spell out GNU. Humans have been calling it "guh-noo" since the 1980s.

Tbh rust libraries would be a huge can of worms. Native libraries are always a pain to manage because they differentiate heavily based on the platform (not just the architecture, but also certain vendor-specifics), the kernel, the version of libc you linked against etc. Managing rust libraries would mean pre-compiling all combinations of these, which just is not feasible.

The binary is easily stripped but people don't recommend to do it even in release as without it the debug information won't be there on an error.

4:30 static analysis has nothing to do with why the ABI isn't stable. Borrow checker would still work with compiled lib and whatever the equivalent to .h files will be in Rust. Lifetimes don't require sources, function signature is enough. The ABI may never exist because it locks down the stdlib and prevents impactful changes in a way that's more restrictive than a stable API.

0:08 LLL deserves award for his face expression here.

A crate called "stabby" provides a stable ABI layer.

The compile times never really bothered me because microservices that don't tend to get that big and because you can see the problems as you type in the editor, so you don't really have to compile that often, and when you do it's incremental anyway

It's all about the tooling. Rust uses a type system to add safety tooling. C developers need to use CBMC, static analysis, etc.

If rust used pre-compiled libraries instead of source crates, you wouldn't be easily able to use a crate that does a specific thing you need on many different platforms. Also, precompiled libraries kinda exist, rustc will compile every crate into rlib first, then compile the final binary. But rlib format is compiler version specific, there's even an error for incompatible metadata

Before seeing this video, I didn't even know rust doesn't have libraries. That's insane.

I feel like a lot of things in computing would be entirely different if storage wasn't historically an issue.

The importance of this video cannot be overstated.

Seems to me the idea of source maps as found in javascript bundles would kinda allow the rust features to cross binary boundaries by allowing an abi to source mapping so that the borrow checker could use the source to verify the code calling into the precompiled binary, crucially, without recompiling all of the foreign code.

The problem of big binary isn't because of static linking in rust. It is simply because the rust std contains too much garbage that should not be in the std.

at this point lets just take C syntax and implement a borrow checker in stdlib, then we'll have the best language known to mankind

For faster build times, please use sccache. You will have much faster builds. And we all know why rust compilation times are slow, it's their benefits we are after, and they are worth it.

One day, Rust might be one of the greatest languages ever Today... Rust isn't quite there yet. It still has some work to do

I really really like that rust does this and I think its superior to DLLs. Letting code just be code, and not dependencies, lets developers design simple and streamlined architectural patterns and practices, instead of architecture that is designed around the the limitations of DLLs. Because you aren't referencing a library, you're just referencing code. Risks like performance problems in unintended cyclical references can be handled by code analyzer audits during compilation, and let you determine what to change or performance test in response to those audits. But designing your software architecture around DLLs for the sake of preventing circular dependencies, when circular function calls within the same library happen all the time by design anyways, to me its always been a mistake, and leads to architecture designed to fix a problem that really isn't even a problem, its just that we've collectively decided that its a problem with the assumption of shared libraries being essential, and the risks of runaway cyclical calls being ultimately too risky, or the compilation time to analyze the risks taking too long. I completely understand why people prefer DLLs and avoiding circular dependencies, I'm not hating on it, but I think that its just as valid to embrace the risks of circular dependencies, embrace the compile times, and enjoy software architecture that isn't designed around it. *Let code be code~* _I know this rant has nothing to do with the interoperability that is being proposed by things like crabi, I just like the idea of applications being fully compiled and self-contained and not dependent on shared libraries._

This is why I think Rust will take over in the embedded bare metal world first since you can't do dynamic linking without a OS so static linking is allready what everyone uses.

Rust is hard as it is, creating a developer environment where stepping through code paths of unknown deps will just make it even harder. My hard-drive will be very happy though :)

Statically compiling has its advantage too. Tradeoffs everywhere.

I think the long term success of rust depends on solving this problem of defining an ABI with many if not all of the safety guarantees that the compiler implements. While clearly nontrivial, it *feels* solvable. For safety's sake I hope it is. Rust compile times were an immediate annoyance for my first steps.

I'm maybe mislead by i heard that C++ have simillar problem with more advanced features, so binary libaries are at least limited ? Maybe it is unavoidable price of advancement ? I'm not sure why compiling from a source must increase binary size, i woudl say contrary, At first glance it allow to limit instantiations of generic functions, to actually used, also allow futher optimizations and better unsed code elimination. Other thing is that C programs depend on libc beeing on system already, so size will be biger, but app will be more independent on libc version changes etc.

One interesting thing that a stable rust ABI could lead to is more closed source libraries and proprietary adoption. Since companies does not always like to share their source code they need to use the C ABI with the pitfalls you mentioned. Sure, NDAs and contracts with vendor specific cargo registries might be a reasonable approach, but not all companies want to take the risk anyways. Whether this would be good or bad, will lead to increased or decreased usage of rust and open source in the industry i don't know.

Every time someone says that Rust is awesome, they invariably follow it up by immediately listing a bunch of reasons why it is not.

technically Rust does statically link libraries after compiling them locally in your project for the fist time unless you tell it to recompile. This is to make it so you don't rebuild it all from scratch every time.

Compiling in rust has never taken me more than a couple minutes in release mode, the example you showed was only 66 crates, ive had to compile much more than that.

Phrased using an other terminology, C library functions get _linked_ while Rust library functions get _embedded._

The more I discover Rust, the more I think it's one of those ideas that seem brilliant on paper, but turn out to be hellish in reality. Despite the efforts made to promote Rust, this language will never be used on a large scale because it will crash headfirst into the wall of reality.

It was always clear that Mozilla would introduce huge deal breakers. I'm sticking to C.

And than the compiler get's mad at you ... Actually the compiler tries to help you. Much more pleasant than cryptic C++ compiler errors.

It would be perfect for an embedded system where you’d have to put the binaries in the memory anyways, but I can’t imagine every program in the OS bringing their own copy of the glibc. That would be crazy.