We’ve been searching for a memory-safe programming language to replace C++ in Ladybird for a while now. We previously explored Swift, but the C++ interop never quite got there, and platform support outside the Apple ecosystem was limited. Rust is a different story. The ecosystem is far more mature for systems programming, and many of our contributors already know the language. Going forward, we are rewriting parts of Ladybird in Rust.
I think my statement came across as more alarmist than I meant it. E.g.
Is it a good idea to just translate something from C++ like that? It seems technically feasible but there’s something “off” about the whole thing. Apparently you can translate C++ directly to Rust, but anecdotal statements claim that while Rust supports C++ conventions, you wouldn’t typically build a Rust app using them.
Looking back previously, the developer originally talked about switching to Swift, then decided not to switch to Swift.
And in the past, “Ladybird devs have been very vocal about being ‘anti-rust’ (I guess more anti-hype, where Rust was the hype).”
It all just suggests rudderlessness from the developers right now. Must Rust be a priority? Did Swift need to be?
Why it wouldn’t be? Surely not having idiomatic rust doesn’t eliminate other benefits of switching to the language, like better tooling, memory safety, and perhaps more people willing to contribute. Over time the codebase can be improved but the main goal in the transition seems to not break existing functionality, which they seem to have accomplished for LibJS.
I haven’t looked at the code, but the mem safety may be out if the translation just slapped unsafe and transmute everywhere.
And “working code” is often very hard to replace, it can be hard to justify code changes when the original “works just the same”. So, I would expect the weird ported code to live on unless there is a major effort to rewrite it.
There’s no reason to believe it’s mostly unsafe. And even if that’s the case, changing from unsafe rust to safe is less of a leap than cpp to rust.
Having done some C to rust auto-translation some time ago, it definitely was wildly unsafe. Maybe it’s better now, but there is no reason to assume it’s mostly safe now either. Even recently I did some regular vibe coding to test it out, and it generated some very questionable code.
Even if there is zero “unsafe”, there could be loads of unchecked array accesses, or unwraps causing panics, which while “safe”, will cause crashes.
Fixing unsafe can be a mixed bag, some will be easy, some will require much deeper changes. And without looking at the code, impossible to say which it will be.
I don’t think “why not” is a great response in general - especially when the same developer also invested time in Swift that was ultimately wasted.
It’s not a why not response. I’m asking back why do you think it wouldn’t be worth it even as a literal translation from C++, because in my view, that would be a first step towards a proper Rust port, and it still brings benefits to the table.