It's hard to appreciate how good Rustls is at avoiding UaF since UaF avoidance is taken for granted in idiomatic Rust code. Tiny things like `#[must_use]` are small but help avoid big failures. Our friends doing concurrency & malloc/free in C are still struggling w/ the basics.
-
-
Replying to @BRIAN_____
Trying to write C/C++ after writing Rust feels ridiculous. Why should I have to keep track of things that the compiler can do for me, especially when the consequences are exploitable security bugs?
1 reply 1 retweet 9 likes -
Replying to @TedMielczarek
I agree. Though to be care, In C++ one rarely has to keep track of things manually, in modern codebases. Our experience maintaining a gigantic performance-sensitive legacy app that predates even the first ISO C++ (IIRC) biases us too much against C++.
3 replies 0 retweets 3 likes -
Replying to @BRIAN_____ @TedMielczarek
For me the biggest annoyance is that Rust doesn’t have a wonderful solution for the most pernicious UAF in browsers: unexpected reentrancy from DOM into malicious JS. I don’t know that there *is* a good solution, really…
5 replies 0 retweets 7 likes -
Hm? The problem seems trivial: refcount references from JS to DOM, register all references from DOM to JS in a special GC root.
2 replies 0 retweets 0 likes -
:) I agree that it does seem trivial. Of course that's basically what browsers do but it doesn't work.
1 reply 0 retweets 0 likes -
It "doesn't work" because of some fundamental shortcoming, or it "doesn't work" because they keep making shortcut hacks around it to make it perform better^H^H^H^H^H^H^H^H^H^H^H^H^H^Hso sites can be 10x as bloated at the same performance.
1 reply 0 retweets 0 likes
Intuitively, Rust's borrow-checker-based access management for objects isn't going to compose well with a system like JS GC that is completely unaware of it. So in your Rust code and C++ code you think you have the one and only (mutable) pointer to an obj but then you trigger JS.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.