Date: Thu, 05 Sep 2024 21:55:32 +0200 From: Dmitry Salychev <dsl@FreeBSD.org> To: Karl Denninger <karl@denninger.net> Cc: freebsd-hackers@freebsd.org Subject: Re: The Case for Rust (in any system) Message-ID: <86bk1150kh.fsf@peasant.bootbsd.com> In-Reply-To: <b2c6c38c-4e14-4e3e-b6ac-3f9c13519a0f@denninger.net> References: <CAOtMX2iCNX5OkdeghnbmcMrO0UYWwm4zfxFSZGznOznu%2Bmh5rA@mail.gmail.com> <b2c6c38c-4e14-4e3e-b6ac-3f9c13519a0f@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Karl Denninger <karl@denninger.net> writes: > [[PGP Signed Part:Undecided]] > On 9/5/2024 14:09, Alan Somers wrote: > > By now I expect that most of you have seen the long list of new > security advisories that just came out. Strikingly, all were the > result of memory handling errors. And none of them wouldn't have > happened if their respective programs had been written in a > memory-safe language. > > In fact, of all the C bug fixes that I've been involved with (as > either author or reviewer) since May, about three quarters could've > been avoided just by using a better language. > > The real takeaway here is that C is no longer sufficient for writing > high quality code in the 2020s. Everyone needs to adapt their tools. > Programmers who don't will increasingly come to resemble experimental > archaeologists, i.e. people who learn flintknapping to "keep the > knowledge alive". Such people are valuable, but definitely niche. I > for one don't want my career to go in that trajectory. > > I'm sorry, this is not the correct take from it. > > To argue that the answer is to put a diaper on a child so it does not drop excrement on the carpet is to forever treat said > human as an infant without control of its sphincters. While such an answer might be necessary for a short period of time in > all young human creatures it also should be obvious that we are all walking around today without them and thus said > prophylaxis is to cover for a deficiency rather than a necessity. > > Now if the prophylaxis had no cost it wouldn't matter so much, but it does have cost (just as do diapers) in that such > languages are inherently less-efficient. There is an argument for this trade-off where the "thing" is infrequently used and thus > the impact small, but going this route for frequently-used applications and even worse at the OS level is how we got to a place > in many application programs and operating systems where what used to run comfortably in under a gigabyte of RAM will no > longer execute at all in four, and why an application (when written in "C") will handle multiple camera streams in real time with > five-minute lookback buffers, has its own defensive systems against attack and denial-of-service and internal HTML-capable > server on a $25 postcard-sized computer, were it to be written in such a "safe" language would also require a device with five > times the CPU, RAM -- and electrical consumption due to the overhead imposed by same. > > Thus for kernel-level or system-library-level code (or for that matter execution-heavy applications) that are executed very > frequently and thus imposes said cost all the time (or at least a very large amount of the time) the debate over "do it once and > do it right, even if it takes longer and requires programmers of higher skill" approach .vs. "do it fast and let the computer > catch and fix the stupidity at runtime, imposing said cost in every instance whether stupidity occurred in the coding or not" > should not, in my opinion anyway, end in the latter decision. Well said. Personally, I wouldn't argue that people tend to do stupid thing with the tools given, but putting everyone in diapers is just _one_ possible way to solve the problem. If Rust is somehow considered to be brought deep down in the FreeBSD kernel, I'd suggest to consider other options, e.g. MISRA C:2023 and MISRA C++:2023. Regards, Dmitry -- https://wiki.freebsd.org/DmitrySalychev
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86bk1150kh.fsf>