Re: The Case for Rust (in any system)
- Reply: Joe Schaefer : "Re: The Case for Rust (in any system)"
- In reply to: Joe Schaefer : "Re: The Case for Rust (in any system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 12 Sep 2024 23:59:27 UTC
I think you have those reversed. I would say that a compiler that notifies you of errors is more empathetic than one that doesn't, inasmuch as the compiler's designers' empathy is expressed through the tool. Knowing that we will write errors and can benefit from automated checks expresses humility to me. The safety net of such checks allows us to explore new ideas. C's "don't want memory errors? don't write none" approach is clearly more hostile and requires strict adherence to the rules. Pat On Thu, Sep 12, 2024, at 4:07 PM, Joe Schaefer wrote: > On the other hand, it is foolish to expect a programming language > itself to be more thoughtful and wise than the engineers who need to > solve a computational problem in the here and now. > > It’s like banking on building an empire based on process enforcement, > civility, diversity of preferred quota stereotypes, and obedience; > instead of empathy, humility, diversity of thought, and ingenuity. > > Rust is in the former camp; C the latter. All progress in this fad > based universe leads to the same joy-free outcome of forever changing > our toolchain to keep up with industry norms that treat professionalism > in computer engineering as a market commodity. > On Thu, Sep 12, 2024 at 3:52 AM David Chisnall <theraven@freebsd.org> > wrote: >> On 12 Sep 2024, at 00:14, Alan Somers <asomers@freebsd.org> wrote: >> > >> > "Memory safety == restrictive training wheels" is just a common >> > misconception. >> >> It’s worth thinking about why programming languages exist. Any modern language is Turing complete. In terms of what can be expressed, there is no difference between Rust, C, and C++. The important thing is that there is an infinite set of possible programs and a finite set of desirable programs. The goal of a programming language is to make it easier to express programs in the set of desirable programs than ones that are not in that set. Sometimes this is skewed away from specific sets. >> >> The reason that we care so much about memory-safety bugs is that they allow an attacker to step completely outside of the abstract machine of the program. Unless you embed an interpreter/ compiler in your program, memory-safety bugs are about the only way that an attacker can get arbitrary code execution in your program. The kind of bug where an attacker provides a specially crafted file / blob of network data and then runs code on your machine is typically the worst thing that can happen. >> >> Rust, in particular, skews towards making programs with memory-safety bugs much harder to represent. You can still do it, by using unsafe or relying on unsoundness in the type system as cve-rs does, but you have to try hard. >> >> I consider that a desirable property in a language. I don’t have to think about whether I’ve made these bugs impossible (and, remember, WannaCry cost billions of dollars and depended on a single memory-safety bug), I get that for free and I can focus on other things. >> >> David >> >>