[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.
Don Allen
donaldcallen at gmail.com
Mon Jul 29 17:45:40 UTC 2024
On Monday, 29 July 2024 at 14:05:47 UTC, Timon Gehr wrote:
> On 7/28/24 20:51, Don Allen wrote:
>> On Sunday, 28 July 2024 at 18:21:41 UTC, Timon Gehr wrote:
>>> On 7/28/24 18:12, Don Allen wrote:
>>>> ...
>>>>>
>>> [snip]
>>>
>>> I mean, not really. You can manipulate raw pointers to
>>> stack-allocated memory in Rust too, it just will not be safe.
>>
>> I was talking about 'safe' Rust. I thought that was obvious.
>> Apparently not.
>> ...
>
> It seemed to me like you were contrasting safe Rust with full
> D, while at the same time buying Rust's safety marketing, but
> not the one of @safe D, when they are actually largely similar.
Not my intent at all. I was contrasting the options for memory
management we have in D with the box (pun intended) you are in
when using Rust.
>
>> [snip}
>>>
>>> Rust will never be able to make the assertions about memory
>>> safety that people seem to think Rust makes about memory
>>> safety.
>>
>> I don't think there's any doubt about the assertions Rust
>> makes about memory safety in code that does not have the word
>> 'unsafe' anywhere.
Here I was simply stating the obvious -- that we know what the
Rust people are saying about memory safety. It was a weak attempt
at a joke.
>
> In the real world, systems that have not been formally verified
> typically have some flaws. If you don't have doubts, question
> why that is.
>
>> Are you saying that they are lying?
>> ...
>
> They are not lying about their aspirations, I assume, but the
> reality is indeed not quite there:
> https://github.com/Speykious/cve-rs
I was not aware of this -- interesting work -- but it does not
surprise me. What Rust is trying to do is very difficult and I'm
not surprised that it isn't perfect. This person has found edge
cases that Rust doesn't handle. It's similar to getting on an
airliner, which we're all told is "safe", despite the fact that
they do crash. But would you rather go somewhere on an airliner
or a motorcycle?
The probabilities matter. If language
-assured memory safety is important to you, Rust is a good
choice *if* you are willing to pay the price in language
difficulty *and* you have a real-time constraint.
>
> In any case, my point was more that people seem to hype safe
> Rust and you were comparing that hype to a somewhat overly
> skeptical view of D. This is not an apples to apples comparison.
I really don't understand how you got that from what I wrote.
Perhaps I wasn't clear.
My intent was to say that I prefer the D way. I appreciate the
memory-management choices D provides; I don't appreciate being
forced to do things the Rust way, particularly in view of the
difficulty of complying with all its rules. In D, I've found my
own memory-management approach, using a subset of what the
language makes available, and for the work I'm doing, writing
safe, reliable D code (and maintaining it) has been far easier
than the same in Rust. This is related to discussions I've had
with Rust fans (not always cordial) in which I said that I didn't
think the Rust GC-less approach to memory safety was worthwhile,
because of the lack of a gc made the language so demanding, for
writing garden-variety applications that did not have real-time
constraints.
My concerns about D are *not* about memory management and safety
but about its complexity, especially the parts of the language
that feel to me like they were glued on in response to what
others were doing. I don't want to see more such warts on the
language. If the language can be extended to assist people to
write safe code in ways that are natural, coherent *and*
comprehensible (again, I cite the "Function Safety" section of
the language document as an example of things going the wrong
way, in my opinion), then great.
More information about the Digitalmars-d
mailing list