Sebastian Scholz

Because unfortunately, it's still possible to screw up in Rust.

Is it?

Yes.

So one of the main things in the beginning, I thought, ah, it's so cool.

I can't get wrong with this.

If my code compiles, it's perfect.

And it's true in most of the cases, but some logic bugs can still sneak in.

Mostly if you don't write your code in a way that prevents them, because that's one of the cool things about Rust and what we use extensively here as well.

If you write your code using the strong type guarantees, you can make it so that any invariants that need to hold true, so any preconditions that your code has and that need to be true for it to work correctly, you can express that in the type system.

Maybe not all of them, but most of them.

And so, for example, we use that extensively for configuration.

We have

We have things, we have code that can only run once the hardware is initialized correctly.

And so we pass around serial size tokens, types that can only get created in one place in the system.

And that's after initialization of that specific hardware.

And so we use, for example, this sort of a token in other places to prove, yes, this code will only ever run after initializing that specific hardware.

Well, if you do that type state pattern, you kind of make code dependent.

You encapsulate the code.

Not encapsulate.

You make it dependent on each other a lot more, I feel like.