Re: The Case for Rust (in any system)

In reply to: Alan Somers : "The Case for Rust (in any system)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Paul Floyd <paulf2718_at_gmail.com>
Date: Sat, 07 Sep 2024 19:11:45 UTC

On 05-09-24 18:09, Alan Somers wrote:
> By now I expect that most of you have seen the long list of new
> security advisories that just came out.  Strikingly, all were the
> result of memory handling errors.  And none of them wouldn't have
> happened if their respective programs had been written in a
> memory-safe language.


> [^1]: while not memory-safety bugs, Rust's lints actually make
> ignoring errors like this pretty difficult.  So I consider these bugs
> to have been preventable.


There is an analogy to be made with the motor industry.

A lot of drivers (and the motor industry) resist any new safety 
regulations. We don't need seat belts! Speed limits are only for 
unskilled drivers! Manufacturers were against seat belts lest it harm 
sales by making people think cars are dangerous. Drivers felt them 
unnecessary because of their overconfidence.

It's not just legislation that have improved matters. Individuals and 
non-profit organizations have also had a big effect. Ralph Nader's 
"Unsafe at any Speed" and Euro NCAP have radically improved automobile 
safety for the better.

I think of C as being the Austin Metro of computer languages. When the 
Euro NCAP ratings first came out the Metro got a one star rating - the 
lowest of any car at the time. Sales cratered and the car was soon 
withdrawn from the market.

There have already been several posts saying that we don't need nappies. 
We don't need seatbelts or airbags or ABS or any of the other safety 
features either?

If the EU and US do regulate then it may be the thin edge of the wedge. 
The Euro NCAP tests have evolved to become tougher as time goes by. 
Legislation continues to improve.

Even motorsport where speed is of the essence is heavily regulated. In 
Formula 1 the number of fatalities has dropped from over 1 a year in the 
1950s and 1960s to less than one per decade in the 2000s and 2010s.

Finally, I don't think that denial is in any way an answer.

There's not going to be any silver bullet. I do think that C is unfit 
for purpose and should be replaced. I'm much more of a C++ expert than 
any other language (specifically in this thread Rust). C++'s unfortunate 
lack of a well defined ABI makes it difficult to use for kernel 
development. I do recommend it for userland though.

In the past the BSDs blazed the trail with the development of UNIX 
features. In the future is FreeBSD going to be stuck in the C mud whilst 
the rest of the world moves on?

A+
Paul