From owner-freebsd-hackers@freebsd.org  Sat Jan  5 20:15:05 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B302714210E5
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sat,  5 Jan 2019 20:15:05 +0000 (UTC)
 (envelope-from mozolevsky@gmail.com)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com
 [209.85.167.174])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B52936B1A8
 for <freebsd-hackers@freebsd.org>; Sat,  5 Jan 2019 20:15:04 +0000 (UTC)
 (envelope-from mozolevsky@gmail.com)
Received: by mail-oi1-f174.google.com with SMTP id x202so32992756oif.13
 for <freebsd-hackers@freebsd.org>; Sat, 05 Jan 2019 12:15:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc:content-transfer-encoding;
 bh=lbSfcPEDEzu5mrhLS0oe6i464Y7C950Df+DAK3JBL/s=;
 b=KBNsEGPj7jV0LEPvsxopDPxVRO5kdrU4BkLrUbQV4obVJWGtnA5MU2zF04ycINEqYc
 igdQSPTPtq7qgLrLAMIzErpxW5kKGUYshtdzgjWhxieRivzarHw4h2NZ2VayKbMaG8mw
 f54t2ocMYFVKfklEpyUxEUjryjBhVdagx4VzejYHWr/0SV/MoDYe+iJJphI17rJG37W5
 TYrLYXKV06g1sI8y9TlODdl1Ezz3eaQwyWn/M3xsEsYLhzy596gvW8rJb9ynaxjQl5Ok
 5JpBj1Wr97QlLAbfpgTJsSmmxHGV2lz/9njgO4mPcNurQo4JErfPHXFz8/SN0fW2KFpl
 8UDg==
X-Gm-Message-State: AJcUukfQCKMohcKmoViPV+OtzafExxJOjdgS84a/KOALreTPSlG4RcuH
 S1W+yu5n9DrS0pOV22dMklncxh7In/SfHzNX3L0=
X-Google-Smtp-Source: ALg8bN6Mci/sUY5Skw0R+1pqkBRq8HH74L9UJ5cSa4BMoPy5EgHJ+d81Nmi/KIBw3eAyhyh93QyL2IFMF6y3QrUdnrk=
X-Received: by 2002:aca:c382:: with SMTP id t124mr4416185oif.220.1546717346233; 
 Sat, 05 Jan 2019 11:42:26 -0800 (PST)
MIME-Version: 1.0
References: <201901021829.x02IT4Kc064169@slippy.cwsent.com>
 <e954a12f-5d23-7a3f-c29b-c93e1250965c@metricspace.net>
 <361CCB81-AEB6-4EAC-9604-CD8F4C63948C@gmail.com>
 <CADWvR2ju7y_rcY3MFe_381yBmPXgm1BA7RzA9ZTUfTtCHdFGLw@mail.gmail.com>
 <6DF138FB-E730-477A-A992-8FE1944DDE94@exonetric.com>
 <CADWvR2hETR3j2=aNVGDiYfJeyeqgavDQOuxkxrE+VZFfD5BzJg@mail.gmail.com>
 <451787DE-0659-4F7D-B011-904F90866DDB@gmail.com>
In-Reply-To: <451787DE-0659-4F7D-B011-904F90866DDB@gmail.com>
From: Igor Mozolevsky <igor@hybrid-lab.co.uk>
Date: Sat, 5 Jan 2019 19:41:49 +0000
Message-ID: <CADWvR2ij6rHw-KS6Qm9xMAmJzCCvcpgQ1LHQrGknhiaGep6V1Q@mail.gmail.com>
Subject: Re: Speculative: Rust for base system components
To: Enji Cooper <yaneurabeya@gmail.com>
Cc: Hackers freeBSD <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: B52936B1A8
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates
 209.85.167.174 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com
X-Spamd-Result: default: False [-3.99 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17];
 NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 DMARC_NA(0.00)[hybrid-lab.co.uk]; MIME_TRACE(0.00)[0:+];
 TO_DN_ALL(0.00)[];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[174.167.85.209.list.dnswl.org : 127.0.5.0];
 NEURAL_HAM_SHORT(-0.88)[-0.884,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[];
 FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com];
 FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
 FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com];
 IP_SCORE(-1.10)[ipnet: 209.85.128.0/17(-3.77), asn: 15169(-1.67), country:
 US(-0.08)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2019 20:15:05 -0000

On Sat, 5 Jan 2019 at 19:16, Enji Cooper wrote:
>
> > On Jan 3, 2019, at 12:24, Igor Mozolevsky wrote:
> ...
>
> > And by what metric is that "safety" measured, how does one measure
> > "safety" objectively? To me, that sounds like a techie version of
> > virtue-signalling... Even the Rust-clan seem to be rather confused
> > about it: https://doc.rust-lang.org/nomicon/meet-safe-and-unsafe.html
>
> It=E2=80=99s pretty clear to me what the author means: rust features safe=
 and unsafe
> extensions, much like C++, Java, Perl, python, tcl, etc. Generally speaki=
ng,
> =E2=80=9Cunsafe=E2=80=9D language features are those that require additio=
nal care, like using
> malloc/free appropriately, avoiding global state, locking resources as ne=
eded,
> etc.
>
> > Btw, Java is "safe" too, and it's been around for *much* longer!
>
> Not necessarily true. Are you aware of how native java extensions work?
>
> Java as a language was written to be generic/platform agnostic, however i=
n
> order to be useful, Java requires platform extensions. As such, Java
> supports developers writing glue code in C/C++ (like python extensions),
> which can have a host of potential issues with memory leaks, concurrency
> safety, etc, in addition to potential issues with security sandboxing and=
 the like.
>
> With the number of zero-day bugs in java that have been in the language
> in the past few years, I don=E2=80=99t trust the language=E2=80=99s sense=
 of safety in terms
> of memory management and sandboxing in the JVM.


You're being deliberately obtuse, right? Because there's no "native
Rust extensions" (i. e. you can't make Rust call a buggy and unsafe
c-library)? And can you seriously guarantee that there will be no
zero-day bugs in Rust libraries, there's probably none *found* yet
simply because hardly anyone does anything serious in it! Your slating
of Java is just as applicable to Rust with the caveat that Rust has
been  around and thus explored and abused far less. Why would you
trust automagic memory management in Rust when you don't trust
Java's? Rhetorical, of course, as there's no sensible answer.



--
Igor M.