20 pages tagged with "rust"

Researching the SemVer hazards of the #[target_feature] attribute led to finding unexpected unsoundness, discovering an "accidental feature" in Rust, finding bugs in rustdoc, the creation of an RFC that evolves the Rust language, and the addition of a dozen new SemVer lints. My work on cargo-semver-checks benefits the Rust ecosystem in more ways than just preventing breakage!

read more

cargo-semver-checks v0.40 ships a massive upgrade to its system for detecting sealed traits. The new system is an all-around win-win: it improves the accuracy of a dozen existing lints, enables a new series of helpful lints, handles cyclic trait relationships, and is also faster than the old system. All that took a lot of work! Here's a look at how we made it happen.

read more

cargo-semver-checks ends 2024 having improved dramatically over the course of the year: 12 new releases featuring 63 new lints, with 1175 merged PRs from 57 authors across the many repos that make the project tick. Let's recap what we learned, the biggest things we shipped, and the facets of the project that made it to the conference and podcast circuits.

read more

cargo-semver-checks v0.37 can now scan Cargo.toml files for breakage! In this post: a primer on Rust package features, and how innocuous-looking Cargo.toml changes can break your users.

read more

cargo-semver-checks v0.35 can determine whether Rust traits are "sealed", allowing it to catch many tricky new instances of SemVer breakage. Why is accurate sealed trait detection so important, and why is implementing it correctly so hard?

read more

In 2022, I gave a talk at a virtual conference with an unforgettable name: HYTRADBOI, which stands for "Have You Tried Rubbing a Database On It?" Its goal was to discuss unconventional uses of database-like technology, and featured many excellent talks.

My talk "How to Query (Almost) Everything" received copious praise. It describes the Trustfall query engine's architecture, and includes real-world examples of how my (now-former) employer relies on it to statically catch and prevent cross-domain bugs across a monorepo with hundreds of services and shared libraries. For example:

read more

Last month, I gave a talk titled "SemVer in Rust: Breakage, Tooling, and Edge Cases" at the FOSDEM 2024 conference.

The talk is a practical look at what semantic versioning (SemVer) buys us, why SemVer goes wrong in practice, and how the cargo-semver-checks linter can help prevent the damage caused by SemVer breakage.

TL;DR: SemVer is impossibly hard for humans, but automated tools can cover our greatest weaknesses.…

read more

My last post covered the key cargo-semver-checks achievements from 2023. Here are the biggest challenges that lie ahead!

Many of the remaining challenges in cargo-semver-checks are obvious: we all want more lints, fewer false-positives, etc. etc. Let's set those aside.

Instead, let's talk about four non-obvious challenges we have yet to tackle:

• The Obvious in Retrospect
• The Blocked Upstream
• The Surprising Limitation
• The Existential Threat

read more

2023 was a big year for cargo-semver-checks! We saw ecosystem-wide adoption in projects of all shapes and sizes: the tokio and PyO3 ecosystems, company-backed OSS projects from companies like Amazon and Google, and even in cargo itself. Here's a look back at the highlights of 2023!

read more

cargo-semver-checks v0.25 squashes nearly all bugs related to doc(hidden) items — its most common source of false-positives. What does doc(hidden) mean in Rust, and why was handling it correctly so hard?

read more

This post is coauthored by Tomasz Nowak and Predrag Gruevski. It describes work the two of us did together with Bartosz Smolarczyk, Michał Staniewski, and Mieszko Grodzicki.

Anecdotally, cargo-semver-checks is a helpful tool for preventing the semver violations that every so often cause ecosystem-wide pain. This is why it earned a spot in the CI pipelines of key Rust crates like tokio, and also why the cargo team hopes to integrate it into cargo itself.

While anedotal evidence is nice, we wanted to get concrete data across a large sample of real-world Rust code.…

read more

A few days ago, I started polls on Mastodon and Twitter whether adding a new private type, or an import, can ever be a major breaking change. The consensus was that this should be impossible.

I agree with that. It should be impossible.

I've discovered a way to cause a previously-public type or function to disappear from a crate's public API by making innocuous-seeming changes like adding a private type or adding an import, etc. It is not a hypothetical problem, either — I've found at least one real-world Rust project that has been affected by it.

read more

For the longest time, I thought that "sealed trait" in Rust was a singular concept implementable in one specific way. To prevent downstream crates from implementing your traits, you make the traits sealed — done, end of story. I was wrong! It turns out there are multiple ways to seal traits, forming a pleasant spectrum of options:

read more

We've already explored some of the dark corners of Rust semantic versioning on this blog:

read more

This post describes work in progress: how cargo-semver-checks will benefit from the upcoming query optimization API in the Trustfall query engine. Read on to learn how a modern linter works under the hood, and how ideas from the world of databases can improve its performance.

read more

I recently embarked on a quest: revamp the cargo-semver-checks import-handling system so that moving and re-exporting an item stops being incorrectly flagged as a major breaking change. This is how crate authors can reorganize or rename items: just re-export the items in the original location under … read more

I've been saying for a while now that semantic versioning in Rust is tricky and full of unexpected edge cases. My last post mentioned that some Rust structs can be converted into enums without requiring a major version bump. It introduced a non-exhaustive struct called Chameleon that had no public f… read more

EDIT: The Rust API evolution RFC distinguishes between breaking changes and changes that require a new semver-major version (called major changes). All major changes are breaking, but not all breaking changes are major. Changing a struct to an enum is always breaking (as pointed out on r/rust) but i… read more

cargo-semver-checks ends 2022 with 40,000 downloads from crates.io, able to prevent 30 different kinds of semver issues, and having done so in real-world use cases. Inspired by Yoshua Wuyts' "Rust in 2023 (by Yosh)" post, here are my thoughts on cargo-semver-checks in 2022, and what I look forward t… read more

I recently built cargo-semver-checks, a linter that ensures crates adhere to semantic versioning. This is why and how I built it.

Fearless development is a key theme throughout Rust. "If it compiles, it works", fearless concurrency, etc.

But there's one aspect of Rust (and nearly all other languages) that isn't entirely fearless yet: cargo update, upgrading the versions of the project's dependencies.

read more