Re: The Case for Rust (in any system)

From: Joe Schaefer <joesuf4_at_gmail.com>
Date: Thu, 12 Sep 2024 23:07:26 UTC
On the other hand, it is foolish to expect a programming language itself to
be more thoughtful and wise than the engineers who need to solve a
computational problem in the here and now.

It’s like banking on building an empire based on process enforcement,
civility, diversity of preferred quota stereotypes, and obedience; instead
of empathy, humility, diversity of thought, and ingenuity.

Rust is in the former camp; C the latter.  All progress in this fad based
universe leads to the same joy-free outcome of forever changing our
toolchain to keep up with industry norms that treat professionalism in
computer engineering as a market commodity.
On Thu, Sep 12, 2024 at 3:52 AM David Chisnall <theraven@freebsd.org> wrote:

> On 12 Sep 2024, at 00:14, Alan Somers <asomers@freebsd.org> wrote:
> >
> > "Memory safety == restrictive training wheels" is just a common
> > misconception.
>
> It’s worth thinking about why programming languages exist. Any modern
> language is Turing complete. In terms of what can be expressed, there is no
> difference between Rust, C, and C++. The important thing is that there is
> an infinite set of possible programs and a finite set of desirable
> programs. The goal of a programming language is to make it easier to
> express programs in the set of desirable programs than ones that are not in
> that set. Sometimes this is skewed away from specific sets.
>
> The reason that we care so much about memory-safety bugs is that they
> allow an attacker to step completely outside of the abstract machine of the
> program. Unless you embed an interpreter/ compiler in your program,
> memory-safety bugs are about the only way that an attacker can get
> arbitrary code execution in your program. The kind of bug where an attacker
> provides a specially crafted file / blob of network data and then runs code
> on your machine is typically the worst thing that can happen.
>
> Rust, in particular, skews towards making programs with memory-safety bugs
> much harder to represent. You can still do it, by using unsafe or relying
> on unsoundness in the type system as cve-rs does, but you have to try hard.
>
> I consider that a desirable property in a language. I don’t have to think
> about whether I’ve made these bugs impossible (and, remember, WannaCry cost
> billions of dollars and depended on a single memory-safety bug), I get that
> for free and I can focus on other things.
>
> David
>
>
>