Patrick Walton @pcwalton Twitter profile

Last Seen Profiles

@ArchelleMD

@Brody_Morrison6

@_TravisAustin

@Tyzzbyy

@CoachMcFatten

@jasonkatzbrown

@Draps78

@mashiro_nanase

@TheLastFullback

@NoirMJ

@yang_wu_

@AlexjGriffin21

@mistress_gabby1

@B25Owl

@stephamberruiz

@GeoSaud

@JacinMaidana

@modelsewell

@davesomd

@narendramodi_in

@Madawi_k_a

@pupwhiplash

@AceTheSpade69

@azikoaredel

@urfavpawg

@beimix

@TheRedVirgoDC

@GDna4u2

@Daddylongs2

@alexpieterbaker

@jjaepaness

@stw_pdg

@Jamezsey

@MVirtanen

@sarah_kell49011

@safa_ss

Patrick Walton

@pcwalton

6 months

Dear GitHub: How does this icon possibly convey "issues"?

115

42

2K

Patrick Walton

@pcwalton

8 years

NASA needs 5 digits of π to land on the moon, but uses a width of “66.66666666666666%” for a 2 column layout.

17

1K

Patrick Walton

@pcwalton

5 years

Humans are incapable of writing memory-safe C/C++. The evidence is overwhelming. It shouldn’t be considered a “hot take”. But we refuse to accept it.

70

258

1K

Patrick Walton

@pcwalton

2 years

You know, I think it was like 10 years before I realized that the "Core" in all those Apple libraries is a pun on apples

24

70

1K

Patrick Walton

@pcwalton

4 years

Probably as good a time as ever to mention: In 2021 I'll be heading up the new Rust team at Facebook, focused on improving the Rust compiler and ecosystem for the Rust community, just like my colleague @nikomatsakis is doing at Amazon. :)

50

66

1K

Patrick Walton

@pcwalton

2 years

My #1 piece of advice to anyone who wants to design a programming language is to pick a name that isn't already in use by a video game.

62

57

1K

Patrick Walton

@pcwalton

6 years

An important goal of programming language design should be to make it as hard as possible to come up with stupid tricky interview questions.

12

244

1K

Patrick Walton

@pcwalton

2 years

My big LLVM memcpy eliminator patch is up — 17% reduction in Rust memcpys now, with up to 42% possible in the future with more MIR optimization work.

20

107

1K

Patrick Walton

@pcwalton

2 years

I'm getting more convinced that Rust code is generally going to end up faster than C++ code every day I work on optimizations. Strong immutability and no-alias guarantees are a game-changer and we've only really begun to scratch the surface of what can be done.

24

94

1K

Patrick Walton

@pcwalton

5 years

One of the most impressive things C did was to convince people that its runtime doesn’t exist.

25

191

1K

Patrick Walton

@pcwalton

5 years

A work-in-progress implementation of vector textures via sparse virtual texturing. This allows an SVG to be used as a texture for any mesh at effectively infinite resolution without using much GPU memory.

18

134

840

Patrick Walton

@pcwalton

2 years

Amazing to me how many people deny that C++ has a problem with approachability of build systems and dependency management. It's total Stockholm syndrome.

45

52

783

Patrick Walton

@pcwalton

2 years

Dude, the zoomers who work on the Rust compiler now are all smarter and more hard working than I ever was. What are you talking about.

Sam Altman

@sama

2 years

colleges prioritized making people feel perfectly safe over everything else and produced a generation afraid to fail, and thus afraid to take risk, and thus on pace to accomplish extremely little

2K

3K

22K

20

38

723

Patrick Walton

@pcwalton

2 years

Landed a bunch of changes to optimize memcpys in LLVM 16. Rust standard library print() assembly code before and after (after I land a tiny fix to remove a workaround for bugs in old versions of LLVM in rustc):

9

37

655

Patrick Walton

@pcwalton

3 years

Hot take: A lot of perceived benefits of newer programming languages have nothing to do with the language itself and are actually just the hindsight benefits of having to start a library ecosystem from scratch with the lessons learned from prior languages.

14

72

634

Patrick Walton

@pcwalton

3 years

12

54

633

Patrick Walton

@pcwalton

4 years

Broke: Microsoft abandons their browser engine and starts shipping Chromium Woke: Microsoft abandons the entire Win32 userland and starts shipping Wine

9

75

631

Patrick Walton

@pcwalton

1 year

It's virtually guaranteed that, if adopted, YouTube will use Web Integrity Extensions to force users to watch ads. I'd be surprised if that wasn't one of the primary motivations behind the proposal.

10

69

586

Patrick Walton

@pcwalton

5 years

This just in: Rust is useless because everyone who can write Rust already writes safe C code. I guess I’ve just been imagining every browser vulnerability of the last decade then.

33

111

577

Patrick Walton

@pcwalton

2 years

Achievement unlocked: Landed an LLVM patch that broke Chromium.

7

13

554

Patrick Walton

@pcwalton

2 years

TIL .NET starts with a fast hash and switches to a DoS resistant one after too many collisions in the default hash table implementation. I wish we had thought of that for Rust; SipHash is a performance footgun…

21

36

551

Patrick Walton

@pcwalton

11 months

When I see "Rust catches a class of errors, but not everything" used as a reason to reject it I always think about what it would be like if aerospace engineers had the same attitude. "Radar catches a very specific set of errors, but not everything, so it's not worth it"

Ajay's dopamine or lack thereof

@ajay9470

11 months

Serious post: I think a lot of my feelings about Rust are the same as this person here. 1. The overall language is not much better than C++. Yes, it catches a very specific class of errors, but not everything and that too comes at a [1/n]

20

223

30

517

Patrick Walton

@pcwalton

2 years

The silver lining around Rust's reputation of being hard to learn is that, in an effort to combat that reputation, Rust's compiler tries really hard to be friendly and helpful in areas that other languages' compilers often don't.

11

35

518

Patrick Walton

@pcwalton

7 months

I will not respond to this site owner's takes on compilers I will not respond to this site owner's takes on compilers I will not respond to this site owner's takes on compilers

9

28

503

Patrick Walton

@pcwalton

1 year

It's a strangely nice feeling when I'm "fighting the borrow checker" and realize that the reason the borrow check doesn't like my code is that there's a really nasty iterator invalidation bug I would never have thought of if this were C++.

9

36

499

Patrick Walton

@pcwalton

2 years

It's maddening when C++ fans claim that Google isn't following "modern secure coding practices" with Chromium and so its memory safety problems somehow don't count as problems with C++. Reality: Chromium has among the best security practices of any C++ codebase in existence.

11

42

472

Patrick Walton

@pcwalton

3 years

Well, that's certainly a take.

25

48

465

Patrick Walton

@pcwalton

5 years

Optimization across Rust/C++ boundaries in Firefox has landed! That means, for example, that the compiler will inline Rust functions into C++ functions and vice versa.

Eric Rahm

@eroc

5 years

Long time coming, we just landed cross-language LTO in Firefox for all platforms. Hard to argue against implementing components in rust at this point!

2

51

236

4

91

463

Patrick Walton

@pcwalton

5 years

It is quite possible that issue 65536 in Rust () is due to a 16-bit integer overflow somewhere in LLVM and that is just glorious.

failed to build archive invalid data encountered · Issue #65536 · rust-lang/rust

ea45150 (#59953) appears to introduce some sort of bug in the archive generation, which causes script-servo to fail to build on perf: error: failed to build archive: Invalid data was encountered wh...

github.com

5

96

463

Patrick Walton

@pcwalton

2 years

This paper is awesome (h/t @tqbf ): Turns out that machine learning can reconstruct reasonable variable names from decompiled source! I'd love to see this integrated with Ghidra.

8

83

452

Patrick Walton

@pcwalton

4 years

For me becoming a senior engineer has meant learning not to be afraid to write hilariously dumb and slow code. Half of the time it won’t matter and the other half of the time I can just go back and optimize it later.

9

44

443

Patrick Walton

@pcwalton

3 years

For those who say that instead of Rust they want an unsafe language with a static analysis pass that proves pointers are used properly: that language exists. It's called Rust.

7

34

445

Patrick Walton

@pcwalton

3 years

Rust is fast approaching a state of equal numbers of people simultaneously complaining that the language moves too fast and moves too slow and I think that's an excellent place to be.

6

17

440

Patrick Walton

@pcwalton

2 years

I'm tempted to go hide out in a mountain cabin and not leave until I've added enough LLVM optimizations to make LTO'd Rust hello world have no memcpys in it.

12

8

434

Patrick Walton

@pcwalton

5 years

Maybe "rewrite it in Rust" is annoying, but from my point of view "Rust doesn't prevent every bug ever, so you should just use C or C++" is much more annoying.

11

36

431

Patrick Walton

@pcwalton

3 years

Controversial(?) opinion: Instead of "rewrite it in Rust", consider making something better that just happens to also be written in Rust. e.g. instead of rewriting grep, make ripgrep. It'll have a better chance of success.

10

29

424

Patrick Walton

@pcwalton

2 years

Even leaving Rust aside, by choosing a memory-unsafe language, you're saying that the small delta in performance between GC and no-GC is worth more to your app than massive unavoidable-in-practice security problems. Seems extremely dubious.

29

42

422

Patrick Walton

@pcwalton

2 years

A lot of the reason Rust was successful is that it had C-like syntax, as a familiar counterbalance to the weirdness of the lifetimes and borrow check. It had to pick its battles as to where to innovate, and syntax wasn't one of those areas.

15

16

423

Patrick Walton

@pcwalton

9 months

Realization: Null pointers are virtually always a language design mistake. But they're often just a consequence of a bigger design mistake: default values/zero values. If your semantics requires that every type has a default value, then you're forced into null pointers.

25

34

427

Patrick Walton

@pcwalton

2 years

"I'm using C++ because I don't need the performance benefits that Rust brings" is one of the best endorsements of Rust I've seen.

12

18

414

Patrick Walton

@pcwalton

3 years

I'm going to be repeating "reference counting is a form of garbage collection" until the day I die, aren't I

30

17

415

Patrick Walton

@pcwalton

8 months

Sorry, when I see this I just assume people aren't telling the truth. I have literally never seen a C++ codebase that doesn't fall over when you first point ASan at it.

25

16

414

Patrick Walton

@pcwalton

4 years

Did a huge refactoring of over 3,000 lines of Rust code, fixing over 250 resulting errors. The resulting code worked perfectly first try, no regressions.

10

20

408

Patrick Walton

@pcwalton

2 years

It's a testament to how well the Rust ownership/borrowing discipline works in practice that people think you could just bolt it onto some other language. But, in fact, the reason it works so well is that the rest of the language was carefully designed around it.

5

31

408

Patrick Walton

@pcwalton

5 years

Note to self: “metal rust” is not an effective search query when searching for Rust bindings to the Metal library

9

31

392

Patrick Walton

@pcwalton

3 years

Apparently Microsoft called this "licking the cookie". "No, you can't implement that, it's MY team's job!" "Well, who is working on it then?" "Nobody"

neural oscillator of uncertain significance

@mycoliza

3 years

one thing i have gotten very tired of in Rust is people saying things like “well, language feature/stdlib feature X will fix this and it’s Right Around The Corner, so libs shouldn’t try to implement stopgap solutions” and then it’s Right Around The Corner for 3 years

8

18

357

8

36

391

Patrick Walton

@pcwalton

10 months

Today in "memory safety is unnecessary, just hire good programmers and you'll be fine"

A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day

If your software package involves VP8 video encoding, it's likely vulnerable to attack.

arstechnica.com

9

51

386

Patrick Walton

@pcwalton

4 years

“Firefox lost because its major version numbers are too large” is quite the galaxy-brain take, even for HN.

5

12

384

Patrick Walton

@pcwalton

2 years

The future I'd like us to get to is one in which memory-unsafe languages are treated like assembly language is today. We'll always need unsafe code, but it should be considered very niche. Most programmers won't need to know it, and writing it will require strong justification.

11

28

383

Patrick Walton

@pcwalton

1 year

The longer I use rust-analyzer the more surprised I am that I ever wrote Rust without it. For better or worse, Rust is a language in which pair programming with the compiler is the most productive way to use it.

7

31

381

Patrick Walton

@pcwalton

3 years

Rust packages revealing LLVM bugs not enough for you? Try Linux kernel bugs

fs::File reads first 4096 bytes only on Linux v5.9 and v5.10 · Issue #3803 · tokio-rs/tokio

Version └── tokio v1.6.0 └── tokio-macros v1.2.0 (proc-macro) Platform Raspberry Pi 32-bit Linux raspberrypi 5.10.17-v7l+ #1414 SMP Fri Apr 30 13:20:47 BST 2021 armv7l GNU/Linux Description After u...

github.com

5

45

382

Patrick Walton

@pcwalton

4 years

*SCREAMING INTERNALLY*

Dan Luu

@danluu

7 years

Ken Thompson on languages and safety (from @peterseibel 's book, Coders at Work)

11

52

230

21

50

377

Patrick Walton

@pcwalton

2 years

I'm still amazed when people describe Rust as somehow singularly obsessed with memory safety, when the vast majority of popular PLs nowadays are memory safe. There are like maybe 3 languages in common use that aren't memory safe and people think Rust is weird for insisting on it.

27

24

368

Patrick Walton

@pcwalton

9 days

When writing in GC'd languages...

17

33

373

Patrick Walton

@pcwalton

2 years

It's hard to overstate how important C++ interoperability is to Rust's adoption in industry (and consequently big companies' willingness to fund Rust development). Even at Mozilla it was critical.

7

27

363

Patrick Walton

@pcwalton

6 years

Just implement generics already. Sheesh.

17

98

362

Patrick Walton

@pcwalton

2 years

It's a crime against compiler writers that Linux distros are saddled for all time with a 90s library called "libast" that is not, in fact, about abstract syntax trees and is instead short for Assorted Spiffy Things

4

18

356

Patrick Walton

@pcwalton

5 years

“Mozilla could have achieved 90% of what it wanted from a rust rewrite with a modern C++11 rewrite at a quarter of the cost.” #shithnsays

21

22

357

Patrick Walton

@pcwalton

2 years

If your choice is between (insert your favorite GC'd language here) and Rust, it's not right to say that Rust has chosen safety over productivity, since they're both memory safe. Rather, Rust has chosen performance over whatever productivity gains a GC provides in your instance.

22

20

346

Patrick Walton

@pcwalton

3 years

Randomly decided to look at Exim source code, found the line: for (start=uri; *uri && *uri!='?' && (*uri!='%' || *(uri+1)!='2' || tolower(*(uri+2))!='c'); ++uri); Closed the tab.

15

41

347

Patrick Walton

@pcwalton

2 years

"Incremental path to memory safety"? Major red flag. This has to be designed from the start.

Bryce Adelstein Lelbach

@blelbach

2 years

Carbon, a successor language to C++ was announced at @CppNorth today by @chandlerc1024 . I'm very excited about this project's potential. You can learn more about Carbon and get involved on GitHub.

143

830

4K

18

21

342

Patrick Walton

@pcwalton

6 years

Hot take: The increasing tendency of C compilers to aggressively exploit undefined behavior has been bad for security, but not for the reason you'd think. It's bad because it means C keeps getting faster, so people keep writing C code.

7

55

333

Patrick Walton

@pcwalton

2 years

My strong feeling is that the "memory safe systems programming language that's easier to use than Rust" that everyone wants is going to have to have something that looks a lot like a garbage collector. There's a lot of room to design a fast GC for "systems-like" patterns.

31

21

342

Patrick Walton

@pcwalton

11 months

I'd make a "why is my Rust code slower than X language?" bingo card but it would basically only have two squares: "didn't compile with --release" and "SipHash".

14

343

Patrick Walton

@pcwalton

3 years

Another unpopular opinion: "Transpiler" as a word is just fine. It just means "compiler to a high-level language", no need to overthink it.

23

22

339

Patrick Walton

@pcwalton

7 months

Oh for goodness sake, Apple is still parsing untrusted TrueType fonts using an old pile of C code in 2023. TrueType is not that hard to parse in a safe language if you don't need hinting, folks (which is disabled on iOS). In fact I wrote most of that code a few years ago.

Steve Weis

@sweis

7 months

This iMessage exploit is crazy. TrueType vulnerability that has existed since the 90s, 2 kernel exploits, a browser exploit, and an undocumented hardware feature that was not used in shipped software:

72

1K

6K

3

33

336

Patrick Walton

@pcwalton

5 months

Things I'd like a "better Rust" to have: • "use Trait as _" by default • fixed Range copy impl • implicit Mutex poisoning • usize -> uptr + uptrdiff Things everyone who wants to write a "better Rust" does instead: • removes the borrow checker • introduces memory unsafety

19

22

332

Patrick Walton

@pcwalton

5 years

WebRender is shipping in Firefox! 🎉

Firefox 67: Dark Mode CSS, WebRender, and more – Mozilla Hacks - the Web developer blog

Firefox 67 is now available in general release, bringing a faster and better JavaScript debugger, support for CSS prefers-color-scheme queries, and the initial debut of WebRender in stable Firefox....

hacks.mozilla.org

5

92

333

Patrick Walton

@pcwalton

3 years

I feel like it's become unfashionable to study garbage collection algorithms, which is a shame as they're really fascinating. Studying modern GC techniques is an endless series of "wow, that's clever!" moments.

11

22

333

Patrick Walton

@pcwalton

3 years

Maybe the most controversial thing I'll post this year: creative synonyms and misspellings are less ugly than putting an _ after identifiers to avoid colliding with reserved words.

31

24

330

Patrick Walton

@pcwalton

3 years

How to tell me you don't know C: Saying "you can learn the semantics of C in a day."

16

23

317

Patrick Walton

@pcwalton

5 years

Before I started working on OSS, I’d say annoying entitled things like “it’s so stupid that piece of software X doesn’t do Y, what were they thinking?” Now I think to myself “it’s sad that software X isn’t funded well enough to implement Y”.

9

63

319

Patrick Walton

@pcwalton

4 years

Taking some time away has made it embarrassingly clear to me that programming languages are really not worth getting upset about.

4

13

313

Patrick Walton

@pcwalton

2 years

I've done some measurements on stack memory traffic between Rust and C++ code at -- please check the Q&A. Lots of work to do :)

8

38

311

Patrick Walton

@pcwalton

5 years

It’s a shame that the ergonomic problems of Java-the-language obscure the really impressive technical achievements of the JVM.

9

42

310

Patrick Walton

@pcwalton

2 years

There are two different arguments for why a borrow checker isn't worth the cognitive overhead: (1) memory safety isn't worth it; (2) the performance gain from not having GC isn't worth it. It's odd that I only ever hear (1), when (2) is to my mind the far stronger argument.

33

15

305

Patrick Walton

@pcwalton

2 years

"Rust doesn't check integer overflow" is one of the worst reasons I've ever heard to avoid it in favor of a non-memory-safe language. You can turn on Rust integer overflow checks with a compiler flag. You can't turn on memory safety in non-memory-safe languages.

10

13

308

Patrick Walton

@pcwalton

5 years

A modest proposal: Allow “short” and “long” to be chained indefinitely, so “short short short short int” is a 2-bit integer and “short short long int” is 16-bit

31

52

302

Patrick Walton

@pcwalton

5 years

Every time I have a conversation with a JVM GC developer I learn something. Hard not to come to the conclusion that Java is way ahead of everyone else.

12

40

305

Patrick Walton

@pcwalton

3 months

It feels like a lot of languages are trying to make the "simple" version of Rust's memory safety. The problem is that the simple solution was figured out in the 1970s: GC. Alternatives to GC are just inherently complex. (Reference counting is a form of GC.)

16

23

308

Patrick Walton

@pcwalton

4 years

Unexpected benefit of Rust's UTF-8 non-random-access string model: It makes it awkward to write "find the longest palindrome in this string" bullshit interview questions.

7

22

306

Patrick Walton

@pcwalton

2 years

New blog post: Introducing `cxx-async`! It's a new crate I've published that allows easy interoperability between C++20 coroutines and Rust async I/O. You can await/co_await on both sides and it "just works".

7

46

299

Patrick Walton

@pcwalton

4 years

Here’s a massive Dutch rail map benchmark with 67K vector paths. After spending 32 seconds loading the SVG (resvg had to be hacked to remove quadratic blowup or it would never finish) Pathfinder renders this in 245 ms. Cairo takes 39.5 *seconds*, not including load time.

12

29

298

Patrick Walton

@pcwalton

5 years

Taking bets on when Microsoft abandons Win32 in favor of Wine

8

30

288

Patrick Walton

@pcwalton

5 years

An inconvenient truth: The people who write the most widespread C/C++ vulnerabilities tend to be the *best* programmers. That’s because “bad programmers” aren’t able to usefully hack on widely used low-level software to begin with. The core Linux devs are very good.

4

47

281

Patrick Walton

@pcwalton

4 years

I have no doubt that the Rust developers let go this week (which wasn't the entire team) are going to be able to continue their Rust work elsewhere.

8

18

283

Patrick Walton

@pcwalton

2 years

I've read "the difference between Rust and Language X is that Rust is attempting to be a better C++ while X is attempting to be a better C" so many times. Invariably Language X is either not memory safe or uses a GC. It's always such a bogus comparison.

16

15

283

Patrick Walton

@pcwalton

2 years

Lukewarm take: memory safety is non-optional in 2022 and new languages that aren't memory-safe should pretty much be disqualified out of hand.

7

24

282

Patrick Walton

@pcwalton

3 years

Classic Simon Peyton-Jones slide on "the power of the dot". I think everyone realizes on some level that this is the best part of OO, but curiously few acknowledge it explicitly. (source: )

10

44

283

Patrick Walton

@pcwalton

5 years

Are we seriously benchmarking programming languages based on the number of syscalls Hello World takes now

10

23

276

Patrick Walton

@pcwalton

4 years

Seriously, can we just make the textbook for all future OS courses?

7

39

278

Patrick Walton

@pcwalton

2 years

Pack it in boys, I've just been informed that Rust is "struggling to find relevance". I guess powering software that serves billions of users is "irrelevant" now!

15

7

280

Patrick Walton

@pcwalton

10 months

Kinda odd that my first thought when considering adding a C++ dependency isn't "this is going to make things less safe", it's "this is going to make building this crate so annoying for end users". I think it highlights the importance of tooling; Rust isn't just about safety.

3

20

278

Patrick Walton

@pcwalton

5 years

I've seen Go folks say, in effect, "Rust's experience with try doesn't apply to Go because Rust users don't have as strong opinions on readability as we do." Oh, you sweet summer child...

8

19

274

Patrick Walton

@pcwalton

2 years

I don't know who needs to hear this but there's nothing in the C++ spec that requires compiler devs to show off how smart they are by quoting obscure spec language in error messages.

8

14

276

Patrick Walton

@pcwalton

5 years

Periodic reminder that there are sites out there that depend on JS stack overflows happening and will hang if the stack doesn’t overflow in a timely manner

Andrew McCreight

@amccreight

5 years

@antumbral @kripken In Firefox, we see perf issues on some sites when the stack size is too big.

1

23

14

86

267

Patrick Walton

@pcwalton

3 months

I've thought a lot about this. AFAICT the reason nobody has attempted to make a better Rust* is that lifetimes require a type theory expert like Niko Matsakis to design, and there are very few of those people in industry. * Anything GC'd or that isn't memory safe doesn't count.

mcyoung 🏳️‍🌈 🔜 Furpoc

@DrawsMiguel

3 months

@ryan_rohrer there is no comparable game in town to my knowledge. nobody has made much of an attempt to match rust, which is wild honestly.

3

0

71

22

20

275

Patrick Walton

@pcwalton

2 years

I co-sign the idea that Rust 2.0 should never happen.

14

12

274

Patrick Walton

@pcwalton

3 years

While people on internet message boards argue about whether a modern systems language needs borrow checker, I'm over here debugging a use-after-free caused by iterator invalidation in LLVM which has persisted for years without being noticed, until Rust hit it in production

6

23

268

Patrick Walton

@pcwalton

4 years

Friendly reminder that |_| in Rust (as in (0..5).for_each(|_| println!(“Hello world!”));) is called the “shot glass operator”

6

29

265