[Info-vax] Rust as a HS language, was: Re: Quiet?

Arne Vajhøj arne at vajhoej.dk
Fri Apr 8 15:59:48 EDT 2022 

On 4/8/2022 3:20 PM, Simon Clubley wrote:
> On 2022-04-07, Dan Cross <cross at spitfire.i.gajendra.net> wrote:
>> In article <t2na4b$sdf$1 at dont-email.me>,
>> Simon Clubley  <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
>>> On 2022-04-07, Dan Cross <cross at spitfire.i.gajendra.net> wrote:
>>>> I wonder where you are seeing that.  Seriously.  I know and/or
>>>> have worked with a number of members of the Rust community for
>>>> several years (members of the core, language, and tool teams,
>>>> for about 3 years), and they're quite gracious in admitting that
>>>> it's not the right solution for everything.
>>>
>>> That's nice to hear.
>>>
>>> As for where I am seeing it, it's more of a combined overall impression
>>> made up of gushing articles and what appears to be more like an organised
>>> religious cult (:-)) showing up at the usual places online.
>>>
>>> For example, articles that, instead of taking a balanced approach, spend
>>> the first 95% of the article saying how great and perfect Rust is, and only
>>> in the last 5% (if at all) start mentioning in passing the unsafe stuff
>>> "for when you really need to do that stuff".
>>
>> Could you perhaps provide a citation to one of these articles?
>>
> 
> Interesting question. I obviously can't remember the locations of
> the articles I found in the past, so I looked at a small sample of
> articles returned by Google to see if I had problems with them.
> 
> Comments below.
> 
> https://dev.to/katholder/pros-and-cons-of-rust-language-313i
> 
> Obviously a gushing user type writeup with non of the serious
> analysis and flaws such as unsafe code you would expect to see.

That article is pretty bad. 99% filler.

> https://codilime.com/blog/why-is-rust-programming-language-so-popular/
> 
> Mentions briefly unsafe mode

There are 3 sections about it.

>                               but doesn't make it clear that you can
> invalidate _all_ the unique features and guarantees in Rust when you
> use it.

It doesn't because that is not the case.

It disable some features but not all - among other things it does
not disable memory ownership.

> It makes it sound like it's some obscure thing that only affects
> writing to memory like in C or C++. It also has this little gem:
> 
> |Rust's dual-mode model is one of its biggest advantages. In C++, on the
> |other hand, you never know you've written unsafe code until somewhere down
> |the line your software crashes or a security breach rears up.
> 
> Seriously ?

Yes. The 99% safe and 1% unsafe is exactly what makes the case for Rust.

>         In Rust unsafe mode, you have the same problem

Yes. But you have limited where it happens.

>                                                          and C++ has
> a number of features that allow programmers to build more robust self
> checking code

All languages got that. But there is a big difference between
something enforced by language and compiler and something the language
allows the programmer to by following best practice.

> Based on the complete bypassing of Rust's unique features seen in the
> CVEs when running in unsafe mode,

Your assumption about unsafe bypassing everything is simply wrong.

>                                     the following is either wrong or at
> least misleading depending on how you look at it:
> 
> |Rust lets you live dangerously if you need to, to a point. Rust's safeties
> |can be partly suspended where you need to manipulate memory directly, such
> |as dereferencing a raw pointer a la C/C++. The key word is partly, because
> |Rust's memory safety operations can never be completely disabled. Even
> |then, you almost never have to take off the seatbelts for common use cases,
> |so the end result is software that's safer by default.
> 
> Can never be fully disabled ? There are a set of CVEs that say otherwise.

No.

Some memory safety can be disabled by unsafe. And the CVE's are
example of that.

The CVE does not show all memory safety disabled.

That is your imagination.

> BTW, in a related article at that site, the following Rust CVE was
> disclosed:
> 
> https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
> 
> Not the first time I have seen that type of mistake elsewhere. Interesting
> that Rust can have the same problem and that it wasn't detected until now.

There are still plenty of opportunities for problems in Rust.

Arne

More information about the Info-vax mailing list