this post was submitted on 03 Oct 2024
47 points (88.5% liked)
Programming
17123 readers
123 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does that hold for the release allocator too? It also requires the leak to happen in your testing (not differently from C/C++'s sanitizers)
Which you can forget to use though.
All of this is good, but does very little to ensure temporal memory safety.
I don't see an argument for this. It still seems very much possible to fuck up temporal memory safety without realizing and without hitting it in testing.
Which is not unexpected to me. Half of Rust's point is to encapsulate unsafe code and provide a safe interface for it so that it can be locally checked. This is the only practical way that verification can happen, while C/C++/Zig basically force you to do whole-program verification (generally not practicable) or relying on testing/fuzzing/sanitizers (which will never guarantee safety).
I really don't see your point here. Of course you have to catch the coding problem in your development phase; just like Rust is omitting overflow checking on release for performance reasons... I will just pass on that one, I am probably missing something here. At release, it's a little too late to debug your code... Rust, Zig, C. Java, whatever the language.
The allocators can be scoped to manage lifetime and the explicit nature of the memory management in Zig make it hard to miss manage the lifetime of your allocations. It's not like C/CPP where you have to open the code and check within the function to know if some memory is allocated. There is an "init" function, if it takes an allocator, you know there is memory allocated in it (or the struct, right) so you manage that Allocator for that lifetime instead of managing 'a 'b 'c for each individual variable.
So, basically, you are managing Arenas of variables instead of managing the lifetime of every single, individual variable, one at a time.
What's cool with that is you can manage the memory differently for each allocation by using a different type of allocator, which give you more control if desired.
Do you want to talk about the covariant, invariant, contravariant and invariant in Rust? Because that's a hell of a topic to manage the lifetime in Rust. Don't forget, you have to manage that for /every/single/ variables, one a time. Good luck keeping you sanity in a large project.
You are not helping yourself without those "smart pointers".
Here is a good talk about what I try to tell you: Individual Element Thinking
Also, Zig has some compile time check in form of compile time assertion, checks based on the variable scopes and the defers in the code...
Temporal memory safety is more complex than just saying "GC or Rust". You think it is because this is what you know. What I am telling you is, there are other things out there. => Same dude, 5mins, just a couple of examples of other things
And if I might ask, I always find it funny when a Rust programmer shits on a GC, while he's using Arc every/fucking/where :D
Security goes beyond "smart pointers". Just think of the fact Rust doesn't have shared libraries. If there are, I don't know, let's say 10 Rust software on my system and there is a vulnerability Because Rust also has that fyi; I would have to know exactly that I have those 10 Rust software on my system, check the dependency tree to see if there are affected by the vulnerability (fucking good luck with that!) and recompile all the ones affected to patch all of them, instead of just recompiling the shared library.
See, that's an issue Rust people don't talk about, but that's a serious issue nonetheless.
Zig has nothing to envy Rust.
Now, let's talk about the language interop, the simplicity and elegance of the language, the reflection mechanism, the compile time for example...
Rust people think that this golden cage (borrow checker) is all what matter for a language; it's not the case.
How does that handle stuff like vector reallocation? Does it keep both the old and the new vector allocation around until the arena scope ends? That seems very wasteful and I doubt it is how the release allocator handles it.
This creates the risk of using the wrong allocator for deallocating.
Variance is the property of a type, not a variable. You don't have to "manage" variance, you just have to respect it. And lifetime variance as a concept is something that exists in C/C++/Zig too and has to be respected, but the compiler generally does nothing to tell you about it. If someone doesn't understand that then I fear for what they will write in a language that doesn't make it clear to them.
I'm not going to spend my time watching a video just to reply to some random guy online, but I will try to give it a go later on if I have time in case it is actually interesting.
Shared libraries are in fact a massive source of unsafety since there's almost no way to guarantee compatibility between the two sides.
And being able to track dependencies with a proper package manager like cargo already does a pretty good job at tracking what you need to update.
Most of which are actually denial-of-service, unmaintained crates, or unsoundness in some crates.
Unsoundness "vulnerabilities" which would just be considered "documentation issues" in languagues that don't take memory safety as seriously, or maybe they would never be found because you have to go out of your way to actually hit them.