If Rust is pointless because sometimes you need unsafe blocks, then memory protection is also pointless because sometimes you have to switch to ring 0.
-
Show this thread
-
Replying to @pcwalton
This argument starts failing apart when even doing a simple memset requires unsafe(haven't checked lately, but this stays true for quite a long time IMO)
1 reply 0 retweets 0 likes -
Why wouldnt that be unsafe? Setting arbitrary memory should be inherently unsafe. What if youre writing to the private fields of, say, a Vec and setting values that it relies on for its unsafe blocks to no sensical values?
1 reply 0 retweets 4 likes -
Replying to @nick1255553116 @pcwalton
2 reasons: 1. I could argue memcpy suffers the same problem yet we have copy_from_slice 2. Parent tweet argues that unsafe is for low level things like ring 0 interaction. If you consider memset in this category, we must have a very different understanding of modern computers.
1 reply 0 retweets 0 likes -
Replying to @xxuejie @nick1255553116
This misses the point. Obviously the particular set of things that requires unsafe is different from the particular set of things that requires ring 0.
2 replies 0 retweets 1 like -
Creating hard privilege layers, whether via the kernel/userspace separation or via compile-time safety boundaries, improves security/safety. We have conclusive evidence of this from the fact that AFL finds far fewer memory safety problems in Rust code than C/C++.
1 reply 1 retweet 2 likes -
Replying to @pcwalton @nick1255553116
Yes but at what level should the layer be designed? IMO the existence of unsafe is never a problem, it's really that to build a sophisticated fast program, sometimes unsafe is the only solution in places where you won't expect it. That's the problem with Rust's unsafe now.
1 reply 0 retweets 0 likes
I will readily grant that Rust’s type system can’t prove everything you might want to do correct. But it’s a huge improvement over the status quo.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.