Sebastian Scholz
๐ค SpeakerAppearances Over Time
Podcast Appearances
So it's kind of a way of, you have one place in your code where you know about these invariants and you only need to take, to express these invariants at that place.
So if I, for example, if I have function of this library and I know it needs to be initialized before, all I need to do is I need to take a reference to this token.
And that guarantees me, yes, the library has to be initialized.
And so as a user of this library, which is also us, but sometimes we can forget.
Maybe you forget that you have to initialize the library before, or you're moving one line of code a few lines up by accident before the initialization because you think, oh, this might be more efficient that way or something like that.
You forget about these environments much too easily.
But by encoding them into the types and by encoding them into the function signatures, we can still enforce it and we can let the compiler help us in not forgetting about it.
Yeah, so I think the way we discover them is by failing, by writing code that is invalid and where we then introduce certain bugs.
And then later discovering, ah, yeah, okay, we need to prevent us from ever writing that code again.
For example, with the case of the library, it was literally the case that we called a function before we initialized it.
And so that's how we got the idea of, okay, we need to prevent that.
How do we prevent that?
Yeah, let's use this token system.
Well, we do have a bunch of rules like that, but the point is you only have to write them in code, right?
So once you corrected that mistake, once you made sure via the type system that it's impossible to use a function in an incorrect state, you don't have to write anything anymore because the compiler will enforce it.
Yeah, for reviewing, I like to think about all possible states that a certain Rust code can be in and all possible inputs.
It's kind of like fussing, but manually fussing.
We like to split up our code and our MetroCast into small chunks.
And so it's relatively easy usually for us to think about all the possible inputs and what can go wrong.