Announcement

**Nth_man** · 29 February 2024, 06:24 AM

Originally posted by kloczek View Post

"Even in perfect language you can write buggy/bad code"

Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates

https://www.infoq.com/news/2021/11/rudra-rust-safety/

Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.

CVEs (Common Vulnerabilities and Exposures) in Rust programs:

CVE - Search Results

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust/

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

**Anux** · 29 February 2024, 07:25 AM

Originally posted by Nth_man View Post

Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates

https://www.infoq.com/news/2021/11/rudra-rust-safety/

Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.

CVEs (Common Vulnerabilities and Exposures) in Rust programs:

CVE - Search Results

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust/

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?

Your first link with cve-rs is actually a vulnerability in safe rust, which makes it a serious bug (probably in rustc). But this is just ???

**kloczek** · 29 February 2024, 07:44 AM

Originally posted by Nth_man View Post

Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates

https://www.infoq.com/news/2021/11/rudra-rust-safety/

Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.

CVEs (Common Vulnerabilities and Exposures) in Rust programs:

CVE - Search Results

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust/

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

ROTFL

**uid313** · 29 February 2024, 09:09 AM

Originally posted by sobrus View Post

Rust is harder at first, because it deviates from old Pascal/BCPL/C/C++/Java/C# school.
Especially ownership may be hard to follow at first, since it's not explicitly visible at first sight, and will cause a lot of compilation errors

And it's not object oriented (at least says so, just like go)

While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
Instead of classes there are structs.
Instead of interfaces there are traits.
Just like a class can have methods, a struct can have methods.
Just like a class can have static methods a struct can have a associated functions.
The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.

**sobrus** · 29 February 2024, 09:16 AM

Originally posted by uid313 View Post

While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
Instead of classes there are structs.
Instead of interfaces there are traits.
Just like a class can have methods, a struct can have methods.
Just like a class can have static methods a struct can have a associated functions.
The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.

Yup, that's why I've written "at least says so". Objects can be "emulated" in both rust and go

But they're not objects per-se.

Ah and I've forgot to mention that Rust has excellent, up-to-date documentation in form of The Book:

The Rust Programming Language - The Rust Programming Language

https://doc.rust-lang.org/stable/book/

**bug77** · 29 February 2024, 11:46 AM

Originally posted by uid313 View Post

While Rust does not have classes, interfaces and inheritance it does have something pretty similar.
Instead of classes there are structs.
Instead of interfaces there are traits.
Just like a class can have methods, a struct can have methods.
Just like a class can have static methods a struct can have a associated functions.
The terminology is a bit different, but much of it works the same except that there is no inheritance. GTK is object-oriented and it is available for Rust.

Inheritance is sometimes the right solution but sometimes not, in other languages inheritance is the only way to do something, so people overuse inheritance instead of using better and more suitable solutions such as composition. Rust offers enum with variants where each variant can be a struct which is a solution that often makes more sense than inheritance.

While your mind will naturally try to translate what it knows about other languages when you learn a new one, the secret sauce is actually to try to forget everything you know and learn the new language from scratch. It's only after you learn how the new language is supposed to be wielded that you should start porting over patterns and other concepts.
Case in point, after years of Java, I learned Go and Rust. Neither is about OOP so I "unlearned" OOP. And then I found a lot of suboptimal things I was doing in Java. And it made me a better Java programmer overall.

Note that I take no issue with what you posted, you evaluation seems spot on. I just thought I should add to that.

Fwiw, to this day I don't get "composition over inheritance", considering inheritance is implemented via composition anyway.

**Weasel** · 29 February 2024, 01:23 PM

Originally posted by oleid View Post

Trouble happens when people change the meaning of the function, documentation is updated but not all places the function is used are correctly updated.
Sadly, the compiler doesn't detect documentation changes. This is where a proper type system becomes important.

I agree, but that's like changing the function's underlying behavior. In such case the responsible thing to do is to remember changing the documentation and verify all call sites. You, as the guy changing it, not someone else.

And yes I'm fully aware this doesn't happen in practice and the next poor guy has to pick up the trash left by some outsourced "programmer".

**Nth_man** · 29 February 2024, 02:25 PM

Originally posted by sobrus View Post

- rust compiler is written in rust

> Isn't Rust self-hosted already?

Technically, the LLVM part isn't.
-- https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1353403-mesa-git-makes-it-easier-activating-rusticl-opencl-device-support?p=1353465#post1353465

**Nth_man** · 29 February 2024, 02:29 PM

Originally posted by Anux View Post

Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?

Mmm... "bugs in a number of packages, including [the Rust standard library and the Rust compiler](https://www.infoq.com/news/2021/11/rudra-rust-safety/) as well as the 30 most popular crates based on their downloads." 🤔

**oleid** · 29 February 2024, 03:43 PM

Originally posted by Anux View Post

Unbelievable! There is unsafe code under the unsafe keyword! Who would have thought that?

Your first link with cve-rs is actually a vulnerability in safe rust,

You mean this cve?

CVE - CVE-2024-27284

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27284

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Announcement

Linux's V4L2 VP9 Codec Kernel Code Rewritten In Rust For Better Memory Safety

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment