I am always glad to see people pursuing creating their own programming language. More people should give it a try, IMHO.
A tricky thing that comes up with Rust comparisons is that often, Rust has a feature that's weird or hard to use, but it's because that's the only solution that makes sense within the constraints Rust has placed upon itself. Clicking some links gets me to https://git.yzena.com/Yzena/Yc/src/branch/master/docs/yao/de...
> Yao's biggest goals are: Correctness, Convenience, Performance, in that order.
Having clear goals is a great thing when making a language, because they give you guidance on what is appropriate to include and what is not.
Rust has certainly demonstrated having similar goals, but in a slightly different order: Correctness, Performance, and then Convenience. So it wouldn't shock me if Yao could do some things better than Rust, in accordance with its goals. But that also means that sometimes, Rust would be useful where Yao cannot be. Everything is tradeoffs.
Incidentally, I actually think that figuring out what your values are, and what your needs are, is a great way to pick a programming language. Decide what matters to you as an engineer, and then find a language that shares similar values. I gave a conference talk a few years back on this idea, and how I viewed Rust's values at the time https://www.infoq.com/presentations/rust-tradeoffs/
> I am always glad to see people pursuing creating their own programming language. More people should give it a try, IMHO.
I must agree that it's certainly lots of fun and a learning experience, but I must also always think of this amusing quote I once read somewhere: "What is a gentleman? A computer scientist who doesn't invent his own programming language."
This is what I want more people participating in "language wars" to understand. There is not much sense to compare projects that pursue completely different goals.
And having a background in programming language design surely makes understanding of solutions and compromises a lot easier.
I have said this recently a few times: I have found that most of the time, various people involved in working on languages themselves have far kinder attitudes towards other languages than their respective communities tend to. I've always chalked it up to some sort of collegial professionalism, but maybe understanding the tradeoffs more deeply is an aspect of it too.
> A tricky thing that comes up with Rust comparisons is that often, Rust has a feature that's weird or hard to use, but it's because that's the only solution that makes sense within the constraints Rust has placed upon itself.
Hah I find the same thing about Haskell. People are a bit less charitable about Haskell's quirks though I find..
The place I work definitely has a culture of whining :P
- Is there really a major use case for function traits? Is more elaboration of the type system actually useful?
- The original "Rewriting Rust" article discussed replacing Rust's macro system. That's not mentioned here. If you had to write your macros in Rust, to be run in compile time, would that be a win? I doubt it. Each macro would start with a call to a parser, and then you generate code as strings. This would pay off only for complex cases such as a regular expression compiler. Rust already has compile-time build programs, where you can run Rust during the build process. (I use that to take in an API definition from another source and generate Rust.)
- "Runtime capabilities" seems to be an attempt to build a container system into the language. It's not clear that helps much. That's really the OS's job. Protecting programs against themselves is nice, but not usually the problem. I'd like to see something in Android that gives an app file access with less access than "all files". Like "Can read what was installed for this app, can write working subdirectory for this app, and nothing else."
Fair criticisms, John. I just want to address macros.
Yao has something like Rust's macros. They are called "keywords," because even the built-in keywords are implemented that way. (That is why Yao can just not have a `while` keyword.)
My Yao-based build system, Rig, uses keywords to implement a build DSL. [1]
> Is there really a major use case for function traits?
Absolutely. They can be used for function overloading, and for manually creating closures from structs, which can be more ergonomic sometimes. Whether you want those features is another matter. The rust compiler supports them but doesn't expose them to stable rust.
> 'd like to see something in Android that gives an app file access with less access than "all files".
SELinux has been able to solve that problem in Android for a long, long time now. Which is more appropriate, as you say it should be the job of the OS.
The problem is the age old one where users want convenience at the cost of security.
Interesting response. I'm as curious as anyone else as to how Yao will improve upon Rust, but here is what I've observed from following several (relatively) recently created languages (Julia, Nim, Mojo, JAX):
* Language creators start with high hopes and big promises. "We've learned from the past! This will solve all the problems of previous X,Y,Z languages! It will be so much easier to use!"
* The language begins to be designed, implemented, and developed. Problems arise. Tradeoffs must be made. Invariably, the new language develops its own set of limitations, shortcomings, and weaknesses. These are inevitable with any new programming language.
* Ultimately the language either finds a userbase who are willing to overlook or work around the limitations and pitfalls, or it fades away.
* If it remains, eventually another new language arises saying "We've learned from the past! This will solve all the problems of previous X,Y,Z languages! It will be so much easier to use!" And the cycle repeats.
Now, is this a bad thing? I would argue no, not necessarily. Every time a new language is created, our vision of what is possible is expanded. We learn new lessons about what works and what doesn't work in programming languages.
So in short I'm looking forward to see how the state of the art is advanced by Yao. If it gets to a decent working state, I might even try it out if I have time. However, in light of the above statements forgive me for being skeptical of the following claim from Yao's website [1]:
> As powerful as C, As flexible as Lisp, As easy as Python, As provable as Ada/SPARK, More reliable than Rust, With the time semantics of HAL/S.
Fwiw, Zig is one of the few languages on my radar that's on the uptick. At least in my circle, I know people from firmware to VM development that moved from Rust over to Zig for its flexibility. There' also Bun that managed to nearly be a drop-in replacement for Node in a very short development cycle, which they claim is due to Zig. (I am not associated with Zig nor have a lot of experience with it yet)
I've heard great things about Zig as well. The one difference between it and Rust is the amount of industry and financial investment to date. Rust has had literally millions of dollars of buy-in from some of the biggest tech corporations on Earth, which is why I'm more confident that it will likely stick around.
This is one area where, for example, Julia has struggled. In many ways it's a fantastic language for scientific research, but it simply has never received nearly as much funding or investment as, e.g., Python.
I also appreciate the way that Zig focuses on tooling, particularly around cross-compilation. That's something that is usually a "nice to have" rather than "must have" particularly in young projects, and for users that need it, it's a huge win.
On the gripping hand, Rust is the first language to popularize (not invent, hold your tomatoes) many terrific programming ideas under one wrapper. It has demonstrated how much the compiler can do to prove code is correct. Yet…it has some warts. I am quite interested in what lessons can be learned to smooth out some of the Rust edges for a language which does not have “replace C++” as the guiding principle.
> The Rust async book mentions three more methods: […]
Hah, I wrote this section and was deeply aware of these problems at the time. Let’s just say it didn’t fit in the introduction. In fact, a lot of the understanding of this issue has been expressed later, blog post by blog post, largely without coordination. It’s almost eerie to see again and again people encountering the same issue, and spending huge effort to address it (this one takes the prize though - making your own language).
Let me try a to narrativize it: we have a fundamental problem with unrestricted concurrent control flow (very similar to how we used to have unrestricted sequential control flow when we had goto). This problem exists in most programming languages, but we mostly pretend it’s not there (and live with the subtle bugs instead). However, with Rust’s unique ownership- and safety model, the lack of structured concurrency was an unavoidable problem, at collision course with Rust itself. In the Rust we have today (without structured concurrency), a bunch of expected and reasonable behaviors cannot be achieved (such as borrowing from a parent task).
Do you know of any longer form content that walks through this area, or maybe just a listing of blogs. I have a feeling the resources are relatively scattered over various sites and across time, so any tips on search terms to use if a deep dive into this problem (both in Rust and generically in programming language semantics) intrigues me?
Sibling already gave great pointers to structured concurrency in general.
For rust specifically the links in the post were good, some I hadn’t seen that came up in the last 2 years.
Perhaps someone from deep PL background has more rigorous papers and such to point to? I highly doubt this is being discovered now for the first time – it wouldn’t surprise me if there’s a whole academic sub-branch about similar things. Given how important concurrency is, and how difficult it is to get right, there’s a lot of opportunity for academia to tackle the problem space. We sure as hell need it.
Reference counting is ultimately a GC, although not a tracing GC which is the most common kind. I also don't really see the appeal of not having a GC in a language like that. If it doesn't compete with C/C++ for performance and low level support then not having a GC is no longer an advantage.
That said Koka still remains very cool for the effect system though, and I would really like to see it in a mainstream language!
Yeah, you shouldn't believe it yet, but here is the status of each:
* "As powerful as C": unproven. I might need something like Rust's `unsafe`, and even though I have something in mind for that, it requires that any program be expressible in Dynamic Restricted Structured Concurrency, an open problem. I am working on a proof, though.
* "As flexible as Lisp": I think this is proven. Yao has equivalents for both macros (keywords) and reader macros (lexing modes). My build system uses its own keywords to implement a build DSL [1]. The shell sublanguage uses a lexing mode, and another makes it possible to embed JSON.
* "As easy as Python": in retrospect, this isn't quite possible, but I hope to get 90% of the way.
* "As provable as Ada/SPARK": I'll let you read the design in [2] and decide for yourself. But Yao will also have contracts.
* "More reliable than Rust": unproven, but I think the lack of async will go a long way.
* "With the time semantics of HAL/S": unproven. HAL/S was what the Shuttle software was written in [3]. It was hard real-time. Because Yao will be distributed in IR form [4], the back end could leverage knowledge of worst-case instruction latencies to calculate worst-case response times. This same thing will also allow using only constant-time instructions for cryptography, using a `constant_time` function trait.
> "As flexible as Lisp": I think this is proven. Yao has equivalents for both macros (keywords) and reader macros (lexing modes).
First-class symbols (incl. uninterned symbols)? Classes and functions can be redefined at runtime? User-available parsing (read) and runtime compilation (compile)? Restarts? CLOS and MOP? Communication with the compiler (declarations and ClTl2 *-information)?
I don't mean to sound too abrasive, but reducing Lisp flexibility to macros is a bit much. In any case, good luck with your project!
Worst case execution times are generally unknowable, even at codegen. It depends on things like the specific microarchitectural details, what other instructions are currently executing, the memory hierarchy, what instructions have been executed before, how the power supply is responding, what the thermal environment is like, etc.
HAL/S dealt with these problems by a combination of programmer/validation discipline, custom hardware designed for hard real-time usecases, and generous support from the underlying RTOS (FCOS). Cryptography code doesn't deal with it, it just avoids data dependent nondeterminism, which is good enough for those use cases.
> * "As provable as Ada/SPARK": I'll let you read the design in [2] and decide for yourself. But Yao will also have contracts.
Without being too self-indulgent, I'm not sure there is that big of a gap between the two in provability, there are now a huge array of verifiers for Rust code which are being used to verify real code: SAT/SMT solvers, kernels, memory allocators etc...
Hats off, you really did in fact a deep analysis of Rust conceptual errors by searching alternative ways to fix Rust async. Also by understanding and describing the decisions you made and what are their architectural implications (I liked the good, the bad and the ugly part).
While I can't appreciate the entirety of this language because I can't grasp all the technical subtilities, I really like the core ideas at the basis of Yao and the spirit you put into it. I hope I can play with this language some day. And wish you good luck with this nice project.
Given the development model of Lisp is modifying a live image of a running program, I have to assume you limited this statement to the availability of macros.
> This is actually the root of the function color problem: async is exactly backwards! Instead of marking asynchronous functions, languages should have had us mark synchronous functions, and then async should have been the default!
What happens when you need to add a new trait that all existing functions must be changed to have? That's why async is generally an attribute.
The answer is that we'd have to say that all functions have some default trait set that can be extended automatically as the language evolves, except those anti-traits they have. Then we could say that a function is async meaning "not sync", or even we could write !sync instead of async.
I rather like the idea that you have to write `!sync` instead of `async`.
Every unmarked function can do anything. If you add a new thing that functions can do, you assume unmarked functions can do it (even if they don't), and you add a trait for the negative.
Readit News
Rewriting Rust - https://news.ycombinator.com/item?id=41654871 - Sept 2024 (385 comments)
A tricky thing that comes up with Rust comparisons is that often, Rust has a feature that's weird or hard to use, but it's because that's the only solution that makes sense within the constraints Rust has placed upon itself. Clicking some links gets me to https://git.yzena.com/Yzena/Yc/src/branch/master/docs/yao/de...
> Yao's biggest goals are: Correctness, Convenience, Performance, in that order.
Having clear goals is a great thing when making a language, because they give you guidance on what is appropriate to include and what is not.
Rust has certainly demonstrated having similar goals, but in a slightly different order: Correctness, Performance, and then Convenience. So it wouldn't shock me if Yao could do some things better than Rust, in accordance with its goals. But that also means that sometimes, Rust would be useful where Yao cannot be. Everything is tradeoffs.
Incidentally, I actually think that figuring out what your values are, and what your needs are, is a great way to pick a programming language. Decide what matters to you as an engineer, and then find a language that shares similar values. I gave a conference talk a few years back on this idea, and how I viewed Rust's values at the time https://www.infoq.com/presentations/rust-tradeoffs/
This was based off of bcantrill's Platform as a Reflection of Values, which was very influential on me. https://www.youtube.com/watch?v=Xhx970_JKX4
If you've ever heard about Oxide's focus on values, this is some of the older background on that.
I decided on my values because of bcantrill's talk. Everyone should watch it.
A more complete list of my values is at https://git.yzena.com/Yzena/Yc/src/branch/master/docs/adl/00... .
I must agree that it's certainly lots of fun and a learning experience, but I must also always think of this amusing quote I once read somewhere: "What is a gentleman? A computer scientist who doesn't invent his own programming language."
And having a background in programming language design surely makes understanding of solutions and compromises a lot easier.
Hah I find the same thing about Haskell. People are a bit less charitable about Haskell's quirks though I find..
The place I work definitely has a culture of whining :P
- Is there really a major use case for function traits? Is more elaboration of the type system actually useful?
- The original "Rewriting Rust" article discussed replacing Rust's macro system. That's not mentioned here. If you had to write your macros in Rust, to be run in compile time, would that be a win? I doubt it. Each macro would start with a call to a parser, and then you generate code as strings. This would pay off only for complex cases such as a regular expression compiler. Rust already has compile-time build programs, where you can run Rust during the build process. (I use that to take in an API definition from another source and generate Rust.)
- "Runtime capabilities" seems to be an attempt to build a container system into the language. It's not clear that helps much. That's really the OS's job. Protecting programs against themselves is nice, but not usually the problem. I'd like to see something in Android that gives an app file access with less access than "all files". Like "Can read what was installed for this app, can write working subdirectory for this app, and nothing else."
Yao has something like Rust's macros. They are called "keywords," because even the built-in keywords are implemented that way. (That is why Yao can just not have a `while` keyword.)
My Yao-based build system, Rig, uses keywords to implement a build DSL. [1]
And keywords are fast to compile.
[1]: https://rigbuild.dev/build.rig5/#keywords
Absolutely. They can be used for function overloading, and for manually creating closures from structs, which can be more ergonomic sometimes. Whether you want those features is another matter. The rust compiler supports them but doesn't expose them to stable rust.
SELinux has been able to solve that problem in Android for a long, long time now. Which is more appropriate, as you say it should be the job of the OS.
The problem is the age old one where users want convenience at the cost of security.
* Language creators start with high hopes and big promises. "We've learned from the past! This will solve all the problems of previous X,Y,Z languages! It will be so much easier to use!"
* The language begins to be designed, implemented, and developed. Problems arise. Tradeoffs must be made. Invariably, the new language develops its own set of limitations, shortcomings, and weaknesses. These are inevitable with any new programming language.
* Ultimately the language either finds a userbase who are willing to overlook or work around the limitations and pitfalls, or it fades away.
* If it remains, eventually another new language arises saying "We've learned from the past! This will solve all the problems of previous X,Y,Z languages! It will be so much easier to use!" And the cycle repeats.
Now, is this a bad thing? I would argue no, not necessarily. Every time a new language is created, our vision of what is possible is expanded. We learn new lessons about what works and what doesn't work in programming languages.
So in short I'm looking forward to see how the state of the art is advanced by Yao. If it gets to a decent working state, I might even try it out if I have time. However, in light of the above statements forgive me for being skeptical of the following claim from Yao's website [1]:
> As powerful as C, As flexible as Lisp, As easy as Python, As provable as Ada/SPARK, More reliable than Rust, With the time semantics of HAL/S.
[1]: https://git.yzena.com/Yzena/Yc/src/branch/master/docs/yao/ma...
This is one area where, for example, Julia has struggled. In many ways it's a fantastic language for scientific research, but it simply has never received nearly as much funding or investment as, e.g., Python.
You are absolutely right to be skeptical. I wrote that a long time ago.
I did detail the current status of those claims in a comment: https://news.ycombinator.com/item?id=41672316 .
Hah, I wrote this section and was deeply aware of these problems at the time. Let’s just say it didn’t fit in the introduction. In fact, a lot of the understanding of this issue has been expressed later, blog post by blog post, largely without coordination. It’s almost eerie to see again and again people encountering the same issue, and spending huge effort to address it (this one takes the prize though - making your own language).
Let me try a to narrativize it: we have a fundamental problem with unrestricted concurrent control flow (very similar to how we used to have unrestricted sequential control flow when we had goto). This problem exists in most programming languages, but we mostly pretend it’s not there (and live with the subtle bugs instead). However, with Rust’s unique ownership- and safety model, the lack of structured concurrency was an unavoidable problem, at collision course with Rust itself. In the Rust we have today (without structured concurrency), a bunch of expected and reasonable behaviors cannot be achieved (such as borrowing from a parent task).
https://dubroy.com/blog/handling-user-input-with-structured-...
The first one is particularly good. Both of those have links to more topics.
For rust specifically the links in the post were good, some I hadn’t seen that came up in the last 2 years.
Perhaps someone from deep PL background has more rigorous papers and such to point to? I highly doubt this is being discovered now for the first time – it wouldn’t surprise me if there’s a whole academic sub-branch about similar things. Given how important concurrency is, and how difficult it is to get right, there’s a lot of opportunity for academia to tackle the problem space. We sure as hell need it.
Koka is memory safe without using traditional GC, has effects, and is pretty cool over all.
[0] https://koka-lang.github.io/koka/doc/index.html
That said Koka still remains very cool for the effect system though, and I would really like to see it in a mainstream language!
"In fact, it might be better said that Yao is meant to be:
As powerful as C, As flexible as Lisp, As easy as Python, As provable as Ada/SPARK, More reliable than Rust, With the time semantics of HAL/S."
Even if I don't really believe in this incredible statement, I'm really curious to see what can be the result.
Yeah, you shouldn't believe it yet, but here is the status of each:
* "As powerful as C": unproven. I might need something like Rust's `unsafe`, and even though I have something in mind for that, it requires that any program be expressible in Dynamic Restricted Structured Concurrency, an open problem. I am working on a proof, though.
* "As flexible as Lisp": I think this is proven. Yao has equivalents for both macros (keywords) and reader macros (lexing modes). My build system uses its own keywords to implement a build DSL [1]. The shell sublanguage uses a lexing mode, and another makes it possible to embed JSON.
* "As easy as Python": in retrospect, this isn't quite possible, but I hope to get 90% of the way.
* "As provable as Ada/SPARK": I'll let you read the design in [2] and decide for yourself. But Yao will also have contracts.
* "More reliable than Rust": unproven, but I think the lack of async will go a long way.
* "With the time semantics of HAL/S": unproven. HAL/S was what the Shuttle software was written in [3]. It was hard real-time. Because Yao will be distributed in IR form [4], the back end could leverage knowledge of worst-case instruction latencies to calculate worst-case response times. This same thing will also allow using only constant-time instructions for cryptography, using a `constant_time` function trait.
[1]: https://rigbuild.dev/build.rig5/#keywords
[2]: https://gavinhoward.com/2024/05/what-rust-got-wrong-on-forma...
[3]: https://www.fastcompany.com/28121/they-write-right-stuff
[4]: https://gavinhoward.com/2024/09/rewriting-rust-a-response/#d...
First-class symbols (incl. uninterned symbols)? Classes and functions can be redefined at runtime? User-available parsing (read) and runtime compilation (compile)? Restarts? CLOS and MOP? Communication with the compiler (declarations and ClTl2 *-information)?
I don't mean to sound too abrasive, but reducing Lisp flexibility to macros is a bit much. In any case, good luck with your project!
HAL/S dealt with these problems by a combination of programmer/validation discipline, custom hardware designed for hard real-time usecases, and generous support from the underlying RTOS (FCOS). Cryptography code doesn't deal with it, it just avoids data dependent nondeterminism, which is good enough for those use cases.
Without being too self-indulgent, I'm not sure there is that big of a gap between the two in provability, there are now a huge array of verifiers for Rust code which are being used to verify real code: SAT/SMT solvers, kernels, memory allocators etc...
While I can't appreciate the entirety of this language because I can't grasp all the technical subtilities, I really like the core ideas at the basis of Yao and the spirit you put into it. I hope I can play with this language some day. And wish you good luck with this nice project.
Given the development model of Lisp is modifying a live image of a running program, I have to assume you limited this statement to the availability of macros.
What happens when you need to add a new trait that all existing functions must be changed to have? That's why async is generally an attribute.
The answer is that we'd have to say that all functions have some default trait set that can be extended automatically as the language evolves, except those anti-traits they have. Then we could say that a function is async meaning "not sync", or even we could write !sync instead of async.
I rather like the idea that you have to write `!sync` instead of `async`.
Every unmarked function can do anything. If you add a new thing that functions can do, you assume unmarked functions can do it (even if they don't), and you add a trait for the negative.