From nobody Thu Sep 05 20:12:58 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X09XC2PlBz5TpxW for ; Thu, 05 Sep 2024 20:12:59 +0000 (UTC) (envelope-from jan@digitaldaemon.com) Received: from digitaldaemon.com (digitaldaemon.com [162.217.114.50]) by mx1.freebsd.org (Postfix) with SMTP id 4X09XC1mXxz4h3b for ; Thu, 5 Sep 2024 20:12:59 +0000 (UTC) (envelope-from jan@digitaldaemon.com) Authentication-Results: mx1.freebsd.org; none Received: (qmail 98882 invoked by uid 89); 5 Sep 2024 20:12:58 -0000 Received: from c-69-142-153-99.hsd1.nj.comcast.net (HELO ?10.0.0.22?) (jan@digitaldaemon.com@69.142.153.99) by digitaldaemon.com with SMTP; 5 Sep 2024 20:12:58 -0000 Content-Type: multipart/alternative; boundary="------------tn8atr0Z1Z8NOIGhNObB7LaE" Message-ID: <00e1d94b-7484-4cc1-97ef-dabf801f65d5@digitaldaemon.com> Date: Thu, 5 Sep 2024 16:12:58 -0400 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: The Case for Rust (in any system) To: Dmitry Salychev , Karl Denninger Cc: freebsd-hackers@freebsd.org References: <86bk1150kh.fsf@peasant.bootbsd.com> Content-Language: en-US From: Jan Knepper In-Reply-To: <86bk1150kh.fsf@peasant.bootbsd.com> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36236, ipnet:162.217.112.0/22, country:US] X-Rspamd-Queue-Id: 4X09XC1mXxz4h3b This is a multi-part message in MIME format. --------------tn8atr0Z1Z8NOIGhNObB7LaE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 9/5/24 15:55, Dmitry Salychev wrote: > Karl Denninger writes: > >> [[PGP Signed Part:Undecided]] >> On 9/5/2024 14:09, Alan Somers wrote: >> >> By now I expect that most of you have seen the long list of new >> security advisories that just came out. Strikingly, all were the >> result of memory handling errors. And none of them wouldn't have >> happened if their respective programs had been written in a >> memory-safe language. >> >> ... >> Thus for kernel-level or system-library-level code (or for that matter execution-heavy applications) that are executed very >> frequently and thus imposes said cost all the time (or at least a very large amount of the time) the debate over "do it once and >> do it right, even if it takes longer and requires programmers of higher skill" approach .vs. "do it fast and let the computer >> catch and fix the stupidity at runtime, imposing said cost in every instance whether stupidity occurred in the coding or not" >> should not, in my opinion anyway, end in the latter decision. > Well said. > > Personally, I wouldn't argue that people tend to do stupid thing with > the tools given, but putting everyone in diapers is just _one_ possible > way to solve the problem. > > If Rust is somehow considered to be brought deep down in the FreeBSD > kernel, I'd suggest to consider other options, e.g. MISRA C:2023 and > MISRA C++:2023. > Agreed... And use code analyzers/static analyzers.. I have not worked with Coverity recently, but when we did, it was pretty good what it found & reported. We had to convince that the $50K/year or $100K/year price tag, what ever it was, was worth it because Coverity would do for a price per year what we could not hire anyone to do for us with the same consistency, speed, and accuracy. There are several others. More and more, these type of tools are being integrated into modern day compiler tool-chains. Use them! --------------tn8atr0Z1Z8NOIGhNObB7LaE Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit On 9/5/24 15:55, Dmitry Salychev wrote:
Karl Denninger <karl@denninger.net> writes:


[[PGP Signed Part:Undecided]]
On 9/5/2024 14:09, Alan Somers wrote:

 By now I expect that most of you have seen the long list of new
security advisories that just came out.  Strikingly, all were the
result of memory handling errors.  And none of them wouldn't have
happened if their respective programs had been written in a
memory-safe language.

...
Thus for kernel-level or system-library-level code (or for that matter execution-heavy applications) that are executed very
frequently and thus imposes said cost all the time (or at least a very large amount of the time) the debate over "do it once and
do it right, even if it takes longer and requires programmers of higher skill" approach .vs. "do it fast and let the computer
catch and fix the stupidity at runtime, imposing said cost in every instance whether stupidity occurred in the coding or not"
should not, in my opinion anyway, end in the latter decision.

Well said.

Personally, I wouldn't argue that people tend to do stupid thing with
the tools given, but putting everyone in diapers is just _one_ possible
way to solve the problem.

If Rust is somehow considered to be brought deep down in the FreeBSD
kernel, I'd suggest to consider other options, e.g. MISRA C:2023 and
MISRA C++:2023.
Agreed...

And use code analyzers/static analyzers..

I have not worked with Coverity recently, but when we did, it was pretty good what it found & reported.
We had to convince that the $50K/year or $100K/year price tag, what ever it was, was worth it because Coverity would do for a price per year what we could not hire anyone to do for us with the same consistency, speed, and accuracy.

There are several others.

More and more, these type of tools are being integrated into modern day compiler tool-chains.

Use them!


--------------tn8atr0Z1Z8NOIGhNObB7LaE--