Announcement

Collapse
No announcement yet.

Linux's V4L2 VP9 Codec Kernel Code Rewritten In Rust For Better Memory Safety

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by kloczek View Post

    "Even in perfect language you can write buggy/bad code"
    Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates
    Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.


    CVEs (Common Vulnerabilities and Exposures) in Rust programs:
    The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

    Comment


    • #52
      Originally posted by Nth_man View Post

      Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates
      Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.


      CVEs (Common Vulnerabilities and Exposures) in Rust programs:
      The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
      Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?

      Your first link with cve-rs is actually a vulnerability in safe rust, which makes it a serious bug (probably in rustc). But this is just ???

      Comment


      • #53
        Originally posted by Nth_man View Post

        Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates
        Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.


        CVEs (Common Vulnerabilities and Exposures) in Rust programs:
        The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
        ROTFL

        Comment


        • #54
          Originally posted by sobrus View Post
          Rust is harder at first, because it deviates from old Pascal/BCPL/C/C++/Java/C# school.
          Especially ownership may be hard to follow at first, since it's not explicitly visible at first sight, and will cause a lot of compilation errors
          And it's not object oriented (at least says so, just like go)
          While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
          Instead of classes there are structs.
          Instead of interfaces there are traits.
          Just like a class can have methods, a struct can have methods.
          Just like a class can have static methods a struct can have a associated functions.
          The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

          Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.

          Comment


          • #55
            Originally posted by uid313 View Post

            While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
            Instead of classes there are structs.
            Instead of interfaces there are traits.
            Just like a class can have methods, a struct can have methods.
            Just like a class can have static methods a struct can have a associated functions.
            The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

            Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.
            Yup, that's why I've written "at least says so". Objects can be "emulated" in both rust and go
            But they're not objects per-se.

            Ah and I've forgot to mention that Rust has excellent, up-to-date documentation in form of The Book:
            Last edited by sobrus; 29 February 2024, 09:18 AM.

            Comment


            • #56
              Originally posted by uid313 View Post

              While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
              Instead of classes there are structs.
              Instead of interfaces there are traits.
              Just like a class can have methods, a struct can have methods.
              Just like a class can have static methods a struct can have a associated functions.
              The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

              Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.
              While your mind will naturally try to translate what it knows about other languages when you learn a new one, the secret sauce is actually to try to forget everything you know and learn the new language from scratch. It's only after you learn how the new language is supposed to be wielded that you should start porting over patterns and other concepts.
              Case in point, after years of Java, I learned Go and Rust. Neither is about OOP so I "unlearned" OOP. And then I found a lot of suboptimal things I was doing in Java. And it made me a better Java programmer overall.

              Note that I take no issue with what you posted, you evaluation seems spot on. I just thought I should add to that.

              Fwiw, to this day I don't get "composition over inheritance", considering inheritance is implemented via composition anyway.

              Comment


              • #57
                Originally posted by oleid View Post
                Trouble happens when people change the meaning of the function, documentation is updated but not all places the function is used are correctly updated.
                Sadly, the compiler doesn't detect documentation changes. This is where a proper type system becomes important.
                I agree, but that's like changing the function's underlying behavior. In such case the responsible thing to do is to remember changing the documentation and verify all call sites. You, as the guy changing it, not someone else.

                And yes I'm fully aware this doesn't happen in practice and the next poor guy has to pick up the trash left by some outsourced "programmer".

                Comment


                • #58
                  Originally posted by sobrus View Post
                  - rust compiler is written in rust
                  > Isn't Rust self-hosted already?

                  Technically, the LLVM part isn't.
                  -- https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1353403-mesa-git-makes-it-easier-activating-rusticl-opencl-device-support?p=1353465#post1353465​

                  Comment


                  • #59
                    Originally posted by Anux View Post
                    Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?
                    Mmm... "bugs in a number of packages, including [the Rust standard library and the Rust compiler](https://www.infoq.com/news/2021/11/rudra-rust-safety/) as well as the 30 most popular crates based on their downloads." 🤔

                    Comment


                    • #60
                      Originally posted by Anux View Post
                      Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?

                      Your first link with cve-rs is actually a vulnerability in safe rust,
                      You mean this cve?

                      The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

                      Comment

                      Working...
                      X