tag:blogger.com,1999:blog-3575421168816814786.post6271604241225605377..comments2023-10-25T07:10:58.697-07:00Comments on Coder's Log: My journey to Rustzeenixhttp://www.blogger.com/profile/04142631863736897222noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-3575421168816814786.post-18495125119714373112018-01-03T07:49:57.723-08:002018-01-03T07:49:57.723-08:00Nice blog post. In my spare time, I have dealt wit...Nice blog post. In my spare time, I have dealt with Rust a little bit and must say that I like the concepts of the language.<br /><br />But when it comes to safety critical software things starts to get very tricky. Let's first clarify the meaning of the word safety. In my world the word safety is an abbriviation of the term "functional safety". Functional safety has the objective to reduce the danger to creatures and environment that emanates from a system to a reasonable level. In contrast to that, the word security means to me: "Protection of the system for improper use". There are standards for this kind of safety: IEC61508 or ISO26262 to name two of them. <br /><br />This standards forces you to qualify each and every tool that you use in your development process of a safety relevant system. And of course this holds true for the compiler you are using to compile code for your safety critical system.<br /><br />I don't thinks that the rust compiler has such tool qualification yet. Please correct my if I am wrong.<br /><br />But this compiler qualification alone would be not enough. The whole toolchain from the system specification to system verification and validation (the classical V-model development process as stipulated by ISO26262) with all the needed tools needs to deal with rust and it's compiler.<br /><br />With that said, nice concepts of a language are simply not enough to get adopted in safety critical projects.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-67328027657205883592017-12-28T20:30:13.032-08:002017-12-28T20:30:13.032-08:00> This is a very important point in my opinion....> This is a very important point in my opinion. I really do not want to live in a world where simple human errors are allowed cause disasters.<br /><br />Rust helps to avoid mostly entire classes of memory-management related problems, but there are still thousands of errors an human can commit by mistake even when programming with Rust. For example: errors in the program logic, corner cases not taken into account or tested. No language can shield against that.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-81774122853585936872017-12-28T09:50:25.257-08:002017-12-28T09:50:25.257-08:00Mattias Bengtsson: mrustc sounds interesting! So f...Mattias Bengtsson: mrustc sounds interesting! So far, it is for x86 only and highly experimental, but maybe it will become a usable alternative to rustc. I would prefer a GCC frontend myself, but the only attempt to write one, died two years ago.<br /><br />Thanks, MartinAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-68252001663954639932017-12-28T08:04:05.428-08:002017-12-28T08:04:05.428-08:00Linked list is not the only one. Even creating a s...Linked list is not the only one. Even creating a simple thread-safe stack (which usually is done by using atomic CMPX in a loop) has to resort to the unsafe code. From tokio-curl: https://github.com/tokio-rs/tokio-curl/blob/master/src/stack.rsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-26564403586555472602017-12-28T06:00:10.199-08:002017-12-28T06:00:10.199-08:00>Think about an API to write and read memory, o...>Think about an API to write and read memory, only the implementation of the API needs to be unsafe but if you make an error in the "safe" part of your code which compute the address, how the distinction between safe and unsafe help you find the error?<br /><br />What you describe is the failure of a library to validate the safety of "unsafe" code in order to provide "safe" interface. "Safe" here means that the "bad" (data races or memory- or type-unsafe code) will not be executed given _any_ usage of API.<br /><br />There are certain rules (not enforced by compiler) about meaning of "unsafe". Basically, "unsafe" code should not leak unsafety to its callers under any circumstances.dmitry_vkhttps://www.blogger.com/profile/05424592747328754643noreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-51339548987893833842017-12-28T01:45:45.716-08:002017-12-28T01:45:45.716-08:00> Marking unsafe code as such, makes it much ea...> Marking unsafe code as such, makes it much easier to find the source of any issues you might have.<br /><br />Easier, easier.. Think about an API to write and read memory, only the implementation of the API needs to be unsafe but if you make an error in the "safe" part of your code which compute the address, how the distinction between safe and unsafe help you find the error?<br />renoXhttps://www.blogger.com/profile/03221431358667243128noreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-22427717858662961942017-12-27T11:59:30.958-08:002017-12-27T11:59:30.958-08:00Hello,
I started to learn/work with C++ 7 years a...Hello,<br /><br />I started to learn/work with C++ 7 years ago and lately i was curious to check Rust.<br /><br />I tried to code simple programs in rust and I liked:<br />1) The idea of traits<br />2) How Rust macros is designed<br />3) The ease inter-operability with C<br />4) The whole enum unions and pattern matching<br /><br />But what made me stick with C++:<br />1) If the language is using lifetimes it's fine but why i need to help it in some weird cases but let's assume I'm happy to help. the syntax of lifetimes is not that great and i really really don't like it<br />2) I feel that Rust is not a single language there's Safe-Rust and Unsafe-Rust and i have to learn them both to do anything useful<br />3) The OSs that i target have a C API and I'm not comfortable with the idea of the two languages as i mentioned above<br />4) I feel I cannot do anything useful without the help of Rust std library. don't get me wrong Rust std library is great but for example i want to implement a simple linked list then i must use Box. Maybe this is the biggest reason I feel that safe-rust isn't that serious about enabling the programmer to do anything i feel like it's a well designed garden that you shouldn't go outside<br /><br />at least this is my experience with rust<br />Thanks for the great post<br /><br />MoustaphaAnonymoushttps://www.blogger.com/profile/17531394950666441162noreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-40628032950736563492017-12-27T09:49:29.567-08:002017-12-27T09:49:29.567-08:00about 1) Well, almost everything is "safety-c...about 1) Well, almost everything is "safety-critical" nowadays. Anything that has untrusted input can suffer from typical C errors like buffer overflows. From multimedia to an IM app, we need secure code.<br /><br />My hope for a GCC frontend is this: If there is only one implementation of a programming language, it is more likely, that there will be incompatible changes. I don't want to rewrite all my code every 10 years. (Unfortunately, in free software, API and language stability is not valued much. Both Gnome and KDE force developers to rewrite everything every some years, in web development it is probably some months.) Also, different implementors will find different problems in the language and will solve them. That will make the language more robust for everyone.<br /><br />about 2) At least in Debian, the armel version did not yet arrive and it seems, that there are some problems: https://bugs.debian.org/881846 Let's hope, this will be resolved in the coming year...<br /><br />MartinAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-47000602374630407272017-12-27T09:20:52.963-08:002017-12-27T09:20:52.963-08:00Martin: the following reddit post might be of inte...Martin: the following reddit post might be of interest to you: https://www.reddit.com/r/rust/comments/7lu6di/mrustc_alternate_rust_compiler_in_c_now_broken/<br /><br />It seems like it could be an answer to both of your questions in the future.Mattias Bengtssonhttps://www.blogger.com/profile/12562104462882331939noreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-4855053322974846292017-12-27T07:40:36.387-08:002017-12-27T07:40:36.387-08:00Hi Martin,
Thanks for sharing.
1. While I can un...Hi Martin,<br /><br />Thanks for sharing.<br /><br />1. While I can understand your reservations here, their relevance depends on what kind of code you are writing. For safety-critical code, I personally would prefer to use tools designed for safety, even if they are not quite standardized. I'm hoping you agree that this point is more to do with personal preferences than anything else so I can only talk about my own preferences. :)<br /><br />2. That's a good point but are you sure it's not supported already? I see Armv6 listed under Tier-2: https://forge.rust-lang.org/platform-support.html . Also ARMv5TE is under Tier-3.zeenixhttps://www.blogger.com/profile/04142631863736897222noreply@blogger.comtag:blogger.com,1999:blog-3575421168816814786.post-42279724022320599792017-12-27T07:19:50.323-08:002017-12-27T07:19:50.323-08:00Rust is very interesting, indeed. I have, however,...Rust is very interesting, indeed. I have, however, two objections.<br /><br />1. Rust is not yet "standardised". With that I don't mean necessarily some 900 pages ISO document (345 stating "this page intentionally left blank"), but at least two implementations. If there were a GCC frontend for Rust, you already had me on the boat!<br /><br />2. Unfortunately, I have to support armel (older ARM processors) for still some years to come. To my knowledge, Rust does not support such CPUs and it would be a little bit tricky to write the support. Still, this is very important to me. For many reasons (including environment and money), I don't want to throw away 2000 devices, worth 2000 Euro each.<br /><br />MartinAnonymousnoreply@blogger.com