Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 20 from 7 users
Topic OP
[meta] Rust in Bitcoin reference implementation
by
Carlton Banks
on 13/10/2019, 10:31:26 UTC
⭐ Merited by gmaxwell (5) ,Foxpup (4) ,suchmoon (4) ,HeRetiK (2) ,Royse777 (2) ,hugeblack (2) ,ETFbitcoin (1)
Rust is a new-er programming language, and has a reasonably good reputation:

  • liked for being more difficult to make mistakes with than C/C++ (although not impossible, of course)
  • for being sufficiently powerful in expressiveness, yet relative simplicity compared to C/C++
  • disliked because compiling the actual Rust compiler was until recently not possible (we have gnu's guix system to thank for that)

So, there's been a Rust implementation of Bitcoin around for a while, and some good programmers actually preferred to spend their time re-implementing the existing Bitcoin client in Rust than to work on the reference C++ implementation. Which is a good plan in and of itself, as a proof of concept if nothing else.


There are now plans to implement Rust code into the main Bitcoin implementation: https://github.com/bitcoin/bitcoin/issues/17090

speaking as a non-expert on either language, but as a Bitcoin user who does understand something about coding and computer science, I'm unenthusiastic about this.


I understand the rationale:

  • Rust code has lower review burden
  • The plan is to duplicate non-consensus C++ code, to add redundancy to network consistency/reliability
  • Rust is proven these days, compiler can be bootstrapped

that's all ok.

however, one plan is not to use a Rust compiler that is bootstrapped from a trustworthy source (Canonical's Rust compiler). Call me nuts if you so choose, but that seems like a very cavalier decision to make with software that should be putting security first. You can say "trusting Canonical is subjective", in which case, it should be ruled out altogether in such a critical piece of software as Bitcoin

my other concern would be the "thin end of the wedge" argument.

The rationale for putting the specific Rust code into the Bitcoin codebase is sound; if headers fetching code fails in some unknown circumstance, maybe only the C++ implementation of the headers fetching code will fail, and the Rust headers fetching will continue to function without incident. Hell of a supposition to make, but it's somewhat reasonable, as there is some acceptance that Rust can be written in such a way that certain types of bug are less likely (but not impossible)

But this would make it too easy to say "let's just re-write the main implementation in Rust, piece by piece! After all, failover Rust code is working great so far!"


In the end, such a radical change (I'm sure that statement will be a point of contention, but it's essentially self-proving by the virtue of the fact that this is a contorversial change of direction) was always bound to be divisive.

The developers who are keen to send Bitcoin in this direction should realise that there's no real practical difference between doing something divisive for good reasons, or doing something divisive to cause problems in the project.


usual thread rules, + 1 extra:

  • no trolling
  • no trolls
  • discussing personalities or intentions or politics of those debating is not allowed, and will be removed, e.g. "Bjarne Sostroup says x about Rust" is disallowed, everything must be provable in it's own right, here in the thread, written by you

the technical merits and the consequences to how the Bitcoin project is managed are the focus of this thread