new | ask | show | jobs
lmm 15 hours ago  [ - ]

> There’s a reason you should still be writing unit tests and hypothesis/property tests in Rust, to catch issues the compiler can’t catch at runtime which is a huge surface area.

It would be irresponsible to suggest that Rust eliminates a large enough proportion of common errors that you can YOLO anything that compiles and achieve an acceptable defect rate... but it does happen to be true in my experience.

dlahoda 14 hours ago  [ - ]

yes.

tests test what? logic. logic = types (proven). so stronger type system less test needs to be written.

more, if proc macro or build.rs can execute logic, based on parsed """types"""(partial info only), we can extend type systems with custom logic (and panic at compile time and/or startup time if usage violation detected).

on top of that, add fail fast (fail at compile time, build time or start up time) and newtype and errors-part-of-api culture; and lack of late binding (dyn is very limited use, no runtime reflection), and we get even less reasons to write tests.

some examples of industrial """typing"""(eDSLs, construction time) solutions in rust :

- https://github.com/elastio/bon

- https://github.com/contextgeneric/cgp

- https://github.com/paritytech/orchestra

- https://git.pipapo.org/cehteh/linear_type.git

sure we need write tests, and tests like antithesis helps with.

but list of tools helping with tests exactly as antithesis does(and more of others) is huge. that is built on top of absolutely strong supply chain audit, quality and security. there is even """levels""" of determinism tooling to decide how much to pay for cloud compute.

vlovich123 8 hours ago  [ - ]

Ok. Please write me an implementation of RAFT using no tests and have the Rust type checker prove correctness. I admit complete ignorance into how to get Rust to even go about partially proving that.

dlahoda 4 hours ago  [ - ]

you cannot prove RAFT correctness using Rust type checker.

wdym by "no tests"?

seems you have not read my response at all...

> sure we need write tests, and tests like antithesis helps with.

also, imho both lamports (bft and paxos) and are better of raft https://www.hytradboi.com/2025/2016d6c4-b08d-40b3-af2f-67926...

vlovich123 37 minutes ago  [ - ]

Regardless of the algorithm, antithesis specifically can make sure your implementation is correct. You started this thread by claiming that that’s needed less in Rust because the type system helps you avoid bugs. I’m highlighting classes of problems that Antithesis is targeting to help you test and Rust’s type system cannot help you with. Raft vs Paxos doesn’t matter