Re: The Case for Rust (in any system)
- Reply: Pat Maddox: "Re: The Case for Rust (in any system)"
- In reply to: David Chisnall : "Re: The Case for Rust (in any system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Sep 2024 23:07:26 UTC
On the other hand, it is foolish to expect a programming language itself to be more thoughtful and wise than the engineers who need to solve a computational problem in the here and now. It’s like banking on building an empire based on process enforcement, civility, diversity of preferred quota stereotypes, and obedience; instead of empathy, humility, diversity of thought, and ingenuity. Rust is in the former camp; C the latter. All progress in this fad based universe leads to the same joy-free outcome of forever changing our toolchain to keep up with industry norms that treat professionalism in computer engineering as a market commodity. On Thu, Sep 12, 2024 at 3:52 AM David Chisnall <theraven@freebsd.org> wrote: > On 12 Sep 2024, at 00:14, Alan Somers <asomers@freebsd.org> wrote: > > > > "Memory safety == restrictive training wheels" is just a common > > misconception. > > It’s worth thinking about why programming languages exist. Any modern > language is Turing complete. In terms of what can be expressed, there is no > difference between Rust, C, and C++. The important thing is that there is > an infinite set of possible programs and a finite set of desirable > programs. The goal of a programming language is to make it easier to > express programs in the set of desirable programs than ones that are not in > that set. Sometimes this is skewed away from specific sets. > > The reason that we care so much about memory-safety bugs is that they > allow an attacker to step completely outside of the abstract machine of the > program. Unless you embed an interpreter/ compiler in your program, > memory-safety bugs are about the only way that an attacker can get > arbitrary code execution in your program. The kind of bug where an attacker > provides a specially crafted file / blob of network data and then runs code > on your machine is typically the worst thing that can happen. > > Rust, in particular, skews towards making programs with memory-safety bugs > much harder to represent. You can still do it, by using unsafe or relying > on unsoundness in the type system as cve-rs does, but you have to try hard. > > I consider that a desirable property in a language. I don’t have to think > about whether I’ve made these bugs impossible (and, remember, WannaCry cost > billions of dollars and depended on a single memory-safety bug), I get that > for free and I can focus on other things. > > David > > >