[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.

Timon Gehr timon.gehr at gmx.ch
Mon Jul 29 14:05:47 UTC 2024


On 7/28/24 20:51, Don Allen wrote:
> On Sunday, 28 July 2024 at 18:21:41 UTC, Timon Gehr wrote:
>> On 7/28/24 18:12, Don Allen wrote:
>>> ...
>>>>
>> [snip]
>>
>> I mean, not really. You can manipulate raw pointers to stack-allocated 
>> memory in Rust too, it just will not be safe.
> 
> I was talking about 'safe' Rust. I thought that was obvious. Apparently 
> not.
> ...

It seemed to me like you were contrasting safe Rust with full D, while 
at the same time buying Rust's safety marketing, but not the one of 
@safe D, when they are actually largely similar.

> [snip}
>>
>> Rust will never be able to make the assertions about memory safety 
>> that people seem to think Rust makes about memory safety.
> 
> I don't think there's any doubt about the assertions Rust makes about 
> memory safety in code that does not have the word 'unsafe' anywhere.

In the real world, systems that have not been formally verified 
typically have some flaws. If you don't have doubts, question why that is.

> Are you saying that they are lying?
> ...

They are not lying about their aspirations, I assume, but the reality is 
indeed not quite there:
https://github.com/Speykious/cve-rs

In any case, my point was more that people seem to hype safe Rust and 
you were comparing that hype to a somewhat overly skeptical view of D. 
This is not an apples to apples comparison.

>>
>> Anyway, D it already makes the assertion that `@safe` means memory 
>> safe, and it is in much better shape than Rust a priori in terms of 
>> memory safety because of the garbage collector.
>>
>> It is quite annoying to me that people just go "memory safe"? That 
>> must mean like Rust. Nope. Why does nobody ever bring up Java?
> 
> Or Lisp/Scheme?
> ...

Even better.

>>
>>> Note that Zig provides only stack- and manual heap-allocation. It is 
>>> not a memory-safe language. But there's a lot of interest in it, 
>>> despite not being close to release and a growing issue list.
>>
>> I think they are doing some interesting things, but it is not for me.
> 
> That's completely irrelevant. The point is that Zig is not memory-safe 
> and still has attracted great interest.

D and Rust are not memory safe either and also have attracted great 
interest.

> Some are even using it, prematurely.

Software today is still in a general state of immaturity, and 
programming language design is part of that.

Anyway, personally I do not really care about popularity as an indicator 
of relevance. I guess the lead designer is opinionated and charismatic. 
I'm sure he's even right about some things. If they want to re-learn 
some of the lessons that came out of C, up to them.

Also, not everyone's focus has to be the same, and I guess they chose to 
focus on improving tooling and other aspects of language design.

In the case of D, Walter has laid down making @safe D work well as a 
priority. You can of course question that, but this is what the coherent 
plan is. (Or used to be until Walter's recent takes on `@trusted`.)


More information about the Digitalmars-d mailing list