A central point of the whole epoch/checkpoint idea is that:
Existing code continues to compile, and crates can freely mix dependencies using different checkpoints.
You're not forced to update your crate. Some concerns stated in this thread are a bit exaggerated.
This is exactly what we've guaranteed from the beginning! Code from the 2015 epoch that compiles without warnings will compile on the 2019 epoch.
A lot of this thread feels like retreading what we've already committed to about epochs, so I'm worried this isn't getting communicated effectively. To reiterate:
Thatâs a good point. Iâm not generally opposed to epochs, but in my optimal world weâd have a couple of epochs and then leave the epoch system be and not add any more epochs after a certain point.
This is similar to what I had in mind. I donât think we could ever commit to never discovering a new compelling reason to do an epoch, but we only have a handful of good reasons for one today, and we probably wonât discover any new ones until weâve stabilized and/or implemented a bunch more features (which will take a long time). My assumption thus far has been that once either or both of the two epoch-using RFCs currently under discussion get accepted, we ensure a flawless rustfix workflow for them, and thenâwith the possible exception of the autoloading modules eRFC weâve been âpromisedââwe probably wonât do any more epochal changes for the forseeable future. Not because thereâs some kind of limit, but because we donât yet know of any other epochal change worth doing.
Thank you for the "@" mention on this thread and on GitHub!
I really ought to write up a blog post summarizing all the Rust code at Faraday. We have open source stuff like cage, scrubcsv, catcsv, our BigML bindings, and the xsv partition subcommand we contributed, but also 4 internal projects. And new ones are planned!
This is a bit long, and the first part is basically background on where I'm coming from.
Let me share a few real-world experiences of code maintenance that I've run into, just so you know where I'm coming from:
The vast majority of these companies had real programmers. Most were successful, often with 50 to 150 employees and significant revenue. They would adopt new technologies if a sufficiently senior developer made a good case. But at the same time, they've been burned a few times. Generally, they had tests, but never as many as they wanted. And in nearly all cases, they've employed enough programmers for enough years that they have tons of codeâfar more code than they can actively maintain at any one time. Typical code might only be touched once every couple years.
I would describe these companies as a mix of early adopters and early majority (on both sides of the "chasm"), but almost never late adopters.
While working with these companies, I learned a number of things about maintaining old code. Not all of these lessons are directly applicable to the epochs proposal:
git clone the dependency of a dependency, read all the code, migrate it to the latest system, and then maintain the fork indefinitely. This gets depressing very quickly. Imagine, say, 200,000 lines of 3rd-party libraries, many of which haven't been updated in 5 years, all of which need to be migrated.gets function is nearly impossible to use correctly or securely, and it has been heavily deprecated. MSVC also deprecated a bunch of common C string functions in favor of more secure replacements. Some of these updates involved visiting a lot of old code. Similarly, there were migrations from 16 to 32 to 64 bits, and from classic Mac to Carbon to OS X. These are never fun, but over the course of decade or two, they're hard to avoid.First, I think that "as backwards-compatible as C++ or Java" is actually a pretty good starting point. Both languages are widely used in industry, and they have dealt with the realities of multi-million line code bases and limited maintenance resources. If Rust can do better, that's great. But if Rust does worse, that could quickly make me nervous. Probably Rust needs to do at least slightly better than C++, because Rust pre-1.0 had a reputation for breaking things constantly. I think we're on track to get there.
Second, I think the most important goal is having an iron-clad story about (1) above. Any time I run rustup update, I want it to Just Work. In particular, every time I need to fork some unfamiliar library 2 or 3 levels down my dependency chain, I'm going to be deeply unhappy. Here is where multiple epoch support is enormously helpful.
Third, even with multiple epoch support and a good rustfix tool, breaking working code is still a big deal. Basically, if you have 100,000+ lines of code and a small team, the only viable strategy is to ignore most of the code most of the time. Basically, every time a language update breaks my code, it feels like the compiler team is making my life more difficult. 
Even if the only "breakage" is examples on Stack Overflow, or needing to remember two different module systems.
"Flawlessly" is definitely overkill. If nothing else, things like the tail-call optimization bug in MSVC++ are going to occur, which gives you a certain baseline level of pain, and anything below that is basically tolerable. A more realistic standard would be "We used crater to run rustfix over crates.io, and the damage was very small." And of course, just running crater normally (without rustfix) protects against many other kinds of badness. But if you run rustfix over all of crates.io and it's a disheartening mess, well, it's going to be a disheartening mess for everybody's internal code, too.
And this gets us down to the hard question. Let's assume that multiple epoch support is great, rustfix can fix virtually all the code on crates.io, and somebody has thought through how cross-crate macros affect epochs.
But this still leaves the fact that I'd rather have backwards compatibility than a "perfect" language. Epochs should be used sparingly, for high-payoff improvements. The latest module system proposal is a decent example, largely because it's addressing one of the biggest flaws identified in user testing. But for any lesser issue, I'd be even more wary.
This actually gets to the heart of my objections: The epoch plan is hard to communicate without making many Rust developers nervous. You're explaining the epoch plan over and over again to the kind of people who read Rust RFCs. I'm going to have to explain it over and over again to people at Faraday. And there's going to be a whole bunch of developers who only remember, "Rust used to break all the time", and who see it breaking again.
This is why I think any epoch breakage should be as small and painless as possible. If people don't notice it, and if they don't need to spend more than 15 minutes dealing with the new epoch, then maybe we can just pretend the epoch didn't happen. 
One good strategy might be to make the first epoch as painless and conservative as possible.
Interesting. I would guess that if we accepted two breaking changes now, then people would probably propose six next year. Maybe I'm just too cynical about human nature! But it seems to me that every language always has a long list of perceived flaws. And I feel like declaring "open season" on fixing perceived flaws is a bad precedent. I'm not saying that no flaws should ever be fixed, but that most "flaws" should probably be left alone unless they cause specific, clear harm to the adoption of the language.
Ironically, I view the module proposal as the opposite. A problem with teaching the language turned into a plan to change the language without actually making it easier for new people to understand. But that's just my opinion.
Iâve posted an update to the epoch RFC that spells out the policy around allowed changes in much greater detail, and in particular proposes a relationship to rustfix. Please have a look and leave thoughts on thread!
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.