Date: Sun, 6 Jan 2019 13:08:25 +0000 From: Igor Mozolevsky <igor@hybrid-lab.co.uk> To: David Sid Olofsson <contact@sidju.se> Cc: Hackers freeBSD <freebsd-hackers@freebsd.org> Subject: Re: Speculative: Rust for base system components Message-ID: <CADWvR2jJ%2BujN_Sm0EfEx1AfHm88-Dvn2mRMS1=RS-Zwt1L6DKw@mail.gmail.com> In-Reply-To: <H7D1D6fUMtF9-2LbnJrYEFnDraYBSD1a0DAK-Wn4UFj9PlkNZXcB5rwWcJ02PqW9vlv0u-wiGjq8JvcqmfczsHD1HxvhXQoLZY52s7EgjW0=@sidju.se> References: <201901021829.x02IT4Kc064169@slippy.cwsent.com> <e954a12f-5d23-7a3f-c29b-c93e1250965c@metricspace.net> <361CCB81-AEB6-4EAC-9604-CD8F4C63948C@gmail.com> <CADWvR2ju7y_rcY3MFe_381yBmPXgm1BA7RzA9ZTUfTtCHdFGLw@mail.gmail.com> <6DF138FB-E730-477A-A992-8FE1944DDE94@exonetric.com> <CADWvR2hETR3j2=aNVGDiYfJeyeqgavDQOuxkxrE%2BVZFfD5BzJg@mail.gmail.com> <451787DE-0659-4F7D-B011-904F90866DDB@gmail.com> <CADWvR2ij6rHw-KS6Qm9xMAmJzCCvcpgQ1LHQrGknhiaGep6V1Q@mail.gmail.com> <H7D1D6fUMtF9-2LbnJrYEFnDraYBSD1a0DAK-Wn4UFj9PlkNZXcB5rwWcJ02PqW9vlv0u-wiGjq8JvcqmfczsHD1HxvhXQoLZY52s7EgjW0=@sidju.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 6 Jan 2019 at 11:43, David "Sid" Olofsson wrote: > > Rust features several limitations on pointer usage by default that increase > memory safety by forcing you to write a safe solution. (They are pretty > interesting, I recommend looking into it.) Rhetorical: remind me what Java's pointer usage policy is again? > It is indeed dependent on some "unsafe" libraries to function and there may > be exploits in those (Literally applicable to all languages. What is machine > code if not a library?), but from what I've gathered you could write those in > rust as well using the @unsafe flag. (This probably yields better safety than > the c++ glue slapped together by a java programmer to "get the JVM to run, > goddammit!". But that isn't really the point.) Probably? If you don't know one way or another, why even speculate??? > By moving the bulk of your application out of "unsafe" c or c++ and into > heavily type checked, ownership oriented and abstracted rust you would > reduce the potential bugs without the performance reduction and large > runtime required by java. Don't know where you've been for the earlier discussion, but someone did an experiment, and guess what: Rust yielded a massive increase in instruction count for a a simple sum-of-integers program, so it's not just "runtime library" issue. As for "potential bugs," see below. > Rust isn't a silver bullet that will fix all bugs. It is a slightly more > abstracted and type checking language that is slightly better for a lot > of things. If you don't find that slight improvement worth the difficulty > it is to learn it, then don't. An inept craftsman always blames the tools: wrong screwdriver, wrong hammer, wrong language. Learn the discipline of programming, learn to identify tainted inputs, learn to identify your own assumptions, learn to verify your own assumptions before relying on them, learn the architecture you're writing the code for, and learn the language that you're using. Most buffer overflows in C, if not all, are simply are a result of ineptitude, for example---not because C has bad libraries, but because the person using them (a) didn't understand the ramification of using a specific library call, (b) failed to identify all assumptions they relied on, and, consequently, (c) failed to verify the assumptions before relying on them. Ditto for format string exploits. The gist is: learn a better discipline of programming to make better code, not yet-another-many-promises-but-few-deliveries language. -- Igor M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADWvR2jJ%2BujN_Sm0EfEx1AfHm88-Dvn2mRMS1=RS-Zwt1L6DKw>