zlacker

[return to "“Rust is safe” is not some kind of absolute guarantee of code safety"]
1. static+W4[view] [source] 2022-10-02 14:55:53
>>rvz+(OP)
> Even "safe" rust code in user space will do things like panic when things go wrong (overflows, allocation failures, etc). If you don't realize that that is NOT some kind of true safely, I don't know what to say.

When people say "safe" there's a pretty precise meaning and it's not this.

Yes, anyone who believes rust is 100% "safe" (by any definition) is wrong. That's not something you learn in Kindergarten though, it's actually about understanding that Rice's Theorem is a generalization of the Halting Problem.

> o this is something that I really need the Rust people to understand. That whole reality of "safe" not being some absolute thing

The irony of Linus lecturing anyone on safety lol anyway "the Rust people" know this already, when they say "safe" they mean "memory safe" - https://en.wikipedia.org/wiki/Memory_safety

Anyway, dumb shit like this is why I've always been quietly dreading Rust in the kernel.

a) The kernel will never be safe software because the mainline developers don't want it to be or even know what safe means

b) It just invites more posts like this and puts Rust closer to one of the most annoying software communities

> Or, you know, if you can't deal with the rules that the kernel requires, then just don't do kernel programming.

Agreed on this point. I was very interested in kernel dev earlier in my career until I actually started to engage with it.

◧◩
2. tmtvl+Vi[view] [source] 2022-10-02 16:14:56
>>static+W4
It does make sense that the mainline developers don't know what "safe" means if you arbitrarily decide that "safe" means "memory safe" specifically and no other kind of "safe". A Haskell or Clojure developer could arbitrarily decide that "safe" means "safe from side effects," but unless that is clearly stated every time they engage in discourse with someone I wouldn't blame their discussion partners for not knowing what the developer means when they talk about some code being "safe".

I will agree with you that I dread Rust in the kernel, hopefully it can continue to exist there peacefully without people getting too hot under the collar about their personal hang-ups. For all its flaws Rust has an amazing value prop in the borrow checker and I would love for memory bugs to be eliminated for good.

◧◩◪
3. static+dk[view] [source] 2022-10-02 16:21:45
>>tmtvl+Vi
>if you arbitrarily decide that "safe" means "memory safe" specifically and no other kind of "safe".

This is how Rust has always defined it. Linus is specifically saying that "Rust people" don't understand what "safe" is but... they do, he doesn't. He could say "Rust defines it as X, the kernel needs Y" but he doesn't say that, he implies that Rust people just don't understand the word "safe" or that they think Rust is safer than it is, which is simply not true. As I said, quite ironic given history.

> I wouldn't blame their discussion partners for not knowing what the developer means when they talk about some code being "safe".

I mean, I would definitely blame them if they're also going to go on an insulting rant about their definition being wrong.

> without people getting too hot under the collar about their personal hang-ups

Impossible, in my opinion, until a ton of people retire.

[go to top]