Val was originally a byproduct of the research that Dimi Racordon was doing with Google and Adobe on the Swift programming language and the discipline of variable value semantics, which maintains value independence to support local reasoning. Haskell, Rust, and R are other examples of languages that use variable value semantics.

“This is a project that started around two years ago. I wrote the paper, I collaborated with great people at Google and Adobe. After this paper, I had a small idea in the back of my head and I thought, oh, we’ll try implementing some stuff, it will be a two, three weeks project. And it’s been two years”, Racordon told The New Stack.

Her idea of a language that is all about variable-value semantics is one of the main reasons it created Val.

“Mutable value semantics is a programming discipline that really focuses on notional values. So if I have an array of things, for example, the value of this array is the most important concept that I want to manipulate. That gives me local reasoning”, she said.

Programming languages such as C++, JavaScript, Python, and Java distinguish between primitive data types such as integers or sometimes strings. These types behave like values, she says. Changing the value of an integer doesn’t create an observable side effect elsewhere in the program. This is not the case for other data types, such as aggregates, arrays, or hash maps, because they have reference semantics.

In her view, the optimizer must account for the fact that other references may exist and that some seemingly unrelated part of the program may need the value being mutated, so it is better to do nothing than to compromise that reference architecture.

The language is intended for system programming. It is mostly recommended for applications that work close to the metal and need to squeeze as much performance out of the machine as possible.

This includes uses such as operating systems, memory-intensive applications such as video games or image processing, and other applications that can’t afford a virtual machine or garbage collector. Embedded applications are also “a very interesting target,” she said.

For the moment Val is not something that would be used on the client side, but it could for example be used to embed something like Photoshop into a web browser via LLVM and then Web Assembly. Val has a similar build pipeline as C++.

And although the open source language is available on GitHub, it’s still being created. Racordon is looking for contributors to help develop it. The goal is to make it possible to download a compiler and write an app by the end of the year, she said.

She said Val will fit the same use cases as C++ and Rust, but without the safety issues of C++ and the complications of Rust.

It was created in the 1990s by Guido van Rossum, who was working for CWI in Amsterdam at the time. Guido was involved in the development of Python as BDFL (Benevolent dictator for life). He also worked for Dropbox as well as Microsoft.

Here are the latest updates:

• 3.7 – 3.12: gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap use-after-free).
• 3.7 – 3.12: gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm to fix CVE-2022-45061. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
• 3.7 – 3.12: gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.
• 3.8 – 3.12: gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module.
• 3.9 – 3.10 (already released in 3.11+ before): gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected. This prevents Linux CVE-2022-42919 (potential privilege escalation) as abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Python 3.8 and earlier.
• 3.7 – 3.10: gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454.
• 3.7 – 3.9 (already released in 3.10+ before): gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands to address CVE-2015-20107. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

• Safety
• Speed
• Concurrency

As per the Stack Overflow Developer Survey, Rust has been the ‘most loved programming language’ since 2016. According to the 2020 survey, as many as 65,000 developers turned to Rust. Even Linux kernel developers proposed writing the new Linux kernel code in Rust. Developers often compare Rust with programming languages C and C++, for all three of them are devoid of crashes and data jumps and provide control over the memory lifecycle. During a media interview founder Graydon Hoare wrote:

“Rust rewrites of C or C++ code can work if there’s sufficient motive and budget and if they’re otherwise appropriate to the technical context…The various modules of Firefox being rewritten in Rust are a case in point: it’s now a hybrid C++-and-Rust program.”

According to the TIOBE Index for August 2021, Python is the second-most popular programming language globally. As of last year, India itself recorded 8.2 million developers using Python. Moreover, its leadership in data mining and artificial intelligence makes it a preferred choice.
So does Rust have an edge over Python?

Rust is known for solving the problems that persist in other popular programming languages like Python and C++ by combining methods from both paradigms. When it comes to Python especially, there are a few key differences.

1| Garbage-collection

One of the biggest advantages of using Rust is that it provides developers with the choice of being able to store data on the stack or on the heap, determining during compilation when memory is no longer required and can be cleaned. The unused data is thus, cleaned without the programmer having to think about allocating and freeing memory.

Therefore, allowing efficiency in memory usage and performant memory access. Furthermore, this functionality of not having to run a garbage collector constantly makes Rust projects well fitted for use by other programming languages.

On the other hand, Python has a garbage collector that constantly looks out for memory not in use and cleans it up while the program is running.

2| Low-level language

Additionally, the direct access to hardware and memory makes Rust the ideal programming language for embedded and bare-metal development. Rust can be used for writing low-level code. Being a low-level language makes Rust the go-to choice for developers when their resources are limited and it is crucial to ensure that the software doesn’t fail. On the contrary, high-level language Python is more suitable for quick prototypes.

3| Speed

Programming language Python, although commonly used for data analysis, interprets code line-by-line, making the process slow. On the contrary, Rust does not compromise on speed. It offers an advantage in this aspect.

4| Dynamic and static typing

Python is a dynamic type system, thus, making it easier for developers to produce software. On the other hand, Rust is a static type system and requires programmers to specify parameters (function arguments and constants), but inside the function body, it allows Python-like dynamic typing.