Originally posted by caligula
View Post
Announcement
Collapse
No announcement yet.
Mozilla's Servo Has Been Picking Up A Number Of WebGL Improvements
Collapse
X
-
Originally posted by Michael_S View PostI don't think anyone is claiming Rust will make something bugfree. What it's supposed to do is prevent memory leaks, buffer overruns, and user-after-free errors without adding any runtime performance or memory overhead.
What it does prevent is uninitialized memory usage, double-frees, null pointer usage, etc. And it does prevent most kinds of memory leaks by automatically freeing things whose owner goes out of scope. And its type system allows one to enforce a lot of invariants in the APIs (guaranteeing that if a program compiles, the library’s API is used correctly), but of course one can also create a C-like library providing completely unsafe API.
Originally posted by johnp117 View PostIt isn't. Certain crashes are even expected, since that's better than having security issues silently creep around. And since e10s it should only crash a content process anyways.
Rust of course does not prevent any controlled crashes – you can easily crash your application by using the panic! macro, unwrap() on a Result type, etc. In situations where the programmer made some wrong assumption about input format, network connectivity, etc. and explicitly coded the program to exit with non-0 status code, ie. crash, if their assumptions are not met, the application will crash when its user finds input that does not meet those assumptions.
- Likes 3
Comment
-
Originally posted by atomsymbolI don't see how the programming language Rust alone is supposed to guarantee bugfree software.
What it does guarantee is safety and particularly memory safety as C++ is incredibly bad for that.
Originally posted by Creak View PostRust never guaranteed that. It is a language that makes it easier to write multi-threaded code, that's all.
And while it's not guaranteed, Rust programs very seldom crashes unless the programmer itself writes a panic just because it does not allow null pointers, does not support exceptions and never segfaults.
- Likes 1
Comment
-
Originally posted by ua=42 View PostYou can create an infinite loop in any langauge. Same with some other bugs. What rust does it eliminate <i>some</i> bug types.
- Likes 2
Comment
-
Originally posted by ssokolow View Post
I'm familiar with theorem-proving languages. They get mentioned periodically in /r/rust/. They're just not practical for the kinds of "quick Python script, but more robust" use cases I tend to turn to Rust for.
Comment
-
Originally posted by atomsymbol
In my opinion, there isn't much Rust can offer compared to C++/Java in terms of solving hard problems.
- Likes 2
Comment
-
Even a perfect language can't STOP Mozilla to take bad decisions related to design to dumbing down UX, by oversimplification to much of user interface. It's not rust the problem here, maybe it's a bit to complicated compared to C or C++, but actually it's OK as programming language. An better integrated interactive debugger for analysis of crashed (core dumps) will be an ideal software tool, compared, this compared cu classic debuggers like gdb. I mean an whole SDK for investigation various thing like performance , memory/resource leaks detection, operating system load, profiling etc
Comment
-
Originally posted by caligula View Post
I just replied to your complaints. If you know theorem proving and the concept of total functions, it should be obvious to you what Rust can solve and how to get there. Rust is a practical language that tries to not get in your way all the time. It provides some safety nets, but in order to protect your application, you need to know how to apply types. Even a C programmer needs to know what's the difference between 8 and 32 bit types or the fact that a null pointer is a special pointer with platform/vendor dependent magic value. If you consider all these basic rules, it's much easier to produce robust code. Apparently a Rust coder incapable of handling UTF-8 input does not know / care how to use the language.
My problem is that, if you derive(Serialize,Deserialize)on a struct which happens to contain a PathBuf, serde_json just naively assumes that the underlying OsString will contain only characters which are valid in a String and the docs make no mention that using derive in such a situation opts you into a not-inherently-exploitable version of the same kind of "design optimism" as gets(3).
Now that I know Serde's developers aren't as rigorous about this sort of thing as I am, I'll be testing such edge cases every time I need to serialize a new type so I can catch these sorts of flaws earlier in the development process than full-scale integration testing on a near-complete program.
- Likes 1
Comment
Comment