digitalmars.D - Blazingly =?UTF-8?B?8J+UpQ==?= fast =?UTF-8?B?8J+agA==?= memory
- RazvanN (4/4) Mar 28 Just for fun: https://github.com/Speykious/cve-rs
- Richard (Rikki) Andrew Cattermole (2/7) Mar 28 You gotta love a lack of type state analysis and value tracking lol.
- Bastiaan Veelo (9/13) Mar 30 Interesting to see that the language that acquired the public
- Paul Backus (11/23) Mar 30 The linked code works by exploiting a bug in the Rust compiler's
- Bastiaan Veelo (8/14) Apr 01 In absence of a language specification, it is hard to judge
- Nick Treleaven (4/8) Apr 01 Are there any bugs with @safe where a viable solution is not
Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."
Mar 28
On 29/03/2024 2:35 AM, RazvanN wrote:Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."You gotta love a lack of type state analysis and value tracking lol.
Mar 28
On Thursday, 28 March 2024 at 13:35:27 UTC, RazvanN wrote:Just for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."Interesting to see that the language that acquired the public perception of having a monopoly on safety, is not in fact absolutely safe. Some say it cannot ever be[1]. I don't know Rust, and I know safe D is not perfect either, but I do wonder how safe D stacks up against these particular vulnerabilities. It could make for an interesting article. -- Bastiaan. [1] https://news.ycombinator.com/item?id=39440808
Mar 30
On Saturday, 30 March 2024 at 13:13:11 UTC, Bastiaan Veelo wrote:On Thursday, 28 March 2024 at 13:35:27 UTC, RazvanN wrote:The linked code works by exploiting a bug in the Rust compiler's lifetime inference. [1] Certainly it's unfortunate for Rust that this bug exists, but I don't think it makes sense to pass judgement on the overall design of Rust's lifetime system based on the existence of an implementation bug. If we were to hold D to the same standard, I do not think it would compare favorably. [1] https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rsJust for fun: https://github.com/Speykious/cve-rs "cve-rs allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner."Interesting to see that the language that acquired the public perception of having a monopoly on safety, is not in fact absolutely safe. Some say it cannot ever be[1]. I don't know Rust, and I know safe D is not perfect either, but I do wonder how safe D stacks up against these particular vulnerabilities. It could make for an interesting article.
Mar 30
On Saturday, 30 March 2024 at 14:25:42 UTC, Paul Backus wrote:Certainly it's unfortunate for Rust that this bug exists, but I don't think it makes sense to pass judgement on the overall design of Rust's lifetime system based on the existence of an implementation bug.In absence of a language specification, it is hard to judge whether a flaw is an implementation bug or not. The Hacker News thread that I linked to has an endless discussion on whether this one is more fundamental. The problem has been known for nine years.If we were to hold D to the same standard, I do not think it would compare favorably.You may be right. — Bastiaan.
Apr 01
On Monday, 1 April 2024 at 14:11:58 UTC, Bastiaan Veelo wrote:On Saturday, 30 March 2024 at 14:25:42 UTC, Paul Backus wrote:Are there any bugs with safe where a viable solution is not known? Some bugs didn't get a solution because of breakage, but once we have editions, hopefully those can be fixed.If we were to hold D to the same standard, I do not think it would compare favorably.You may be right.
Apr 01