I thought one of the goals of Java and similar was partial memory safety? If it didn’t have null it seems it would be most of the way there.
And don’t forget Basic. Yeah most variants had pointers and equivalents to null, but they are ‘advanced’ and not meant for general code. (Although that’s interpreted and you said compiled, often it could be ‘complied’ similarly to Java bytecode)
@davidgro@hunger Last basic variant I worked with was the basic of the commodore machines. It had no NULL. I have also seen vbscript a little, afaik also it had not.
In Java, null does not mean a real 0 value, I think it is more like a static const, more similar to the None type of the Python. Its name is only a helper for the C/C++ guys to better understand a stack trace.
Ah, yeah looks like address 0 is nothing special on C64. I was thinking more about things like Qbasic and especially Visual Basic where dereferencing address 0 expecting a string or object is easy enough to do.
@davidgro The way that #Rust guards memory is completely different to the way Java or Basic does. Rust is a fully compiled language suitable for systems programming, and the memory protection all happens at compile time; the runtime actually gains speed through the compilation process, rather than having the memory protection slow it down.
The real difference is that the Rust compiler actually reads into the code it is compiling, rather than just making a mechanical translation.
That’s true, it is a very different paradigm.
I wouldn’t go so far as to say that nobody thought it possible before Rust, but I agree it’s much more effective and performant.
Many of their TOCTOU issues are something a type system can help with. Require operations to execute on a fd handle directly rather than using convenience functions.
let fd = FileDescriptor::new(path);
fd.delete()?;
fd.create(mode)?;
let is_root = fd == FileDescriptor::new("/"); // does (dev, inode) comparison internally
// etc
The uutils devs would need to create that themselves, but OpenOptions seems to get them part of the way there at least.
It’s only enforced because of Rust’s strict type system. Python, on the other hand, lets you do whatever you want by comparison, and complains only at runtime. I’ve seen far too many **kwargs for my liking.
And FD types (e.g. OwnedFd, BorrowedFd) are already in std.
My example would be a thin wrapper around these, most likely. It’s only an example of what I’m trying to convey, though.
We said the same about memory safety: That’s something a compiler can not solve. Now it does.
It is nice to see that sometines things do improve.
I thought one of the goals of Java and similar was partial memory safety? If it didn’t have null it seems it would be most of the way there.
And don’t forget Basic. Yeah most variants had pointers and equivalents to null, but they are ‘advanced’ and not meant for general code. (Although that’s interpreted and you said compiled, often it could be ‘complied’ similarly to Java bytecode)
Java and similar (i.e. c#) are memory safe and run on garbage collected runtime.
@davidgro @hunger Last basic variant I worked with was the basic of the commodore machines. It had no NULL. I have also seen vbscript a little, afaik also it had not.
In Java, null does not mean a real 0 value, I think it is more like a static const, more similar to the None type of the Python. Its name is only a helper for the C/C++ guys to better understand a stack trace.
Ah, yeah looks like address 0 is nothing special on C64. I was thinking more about things like Qbasic and especially Visual Basic where dereferencing address 0 expecting a string or object is easy enough to do.
@davidgro @hunger Learn the three languages you are talking about before talking about them. Ill-informed thoughts impress no one.
I can’t claim to have learned them well, but I have used Java and various Basics over the last 30+ years.
Which parts of my comment do you disagree with?
@davidgro The way that #Rust guards memory is completely different to the way Java or Basic does. Rust is a fully compiled language suitable for systems programming, and the memory protection all happens at compile time; the runtime actually gains speed through the compilation process, rather than having the memory protection slow it down.
The real difference is that the Rust compiler actually reads into the code it is compiling, rather than just making a mechanical translation.
That’s true, it is a very different paradigm.
I wouldn’t go so far as to say that nobody thought it possible before Rust, but I agree it’s much more effective and performant.
Memory safety is something compiler understands and has under control, this stuff it does not. Nor it should.
Many of their TOCTOU issues are something a type system can help with. Require operations to execute on a fd handle directly rather than using convenience functions.
The uutils devs would need to create that themselves, but
OpenOptionsseems to get them part of the way there at least.That’s a question of API, not type system. And FD types (e.g.
OwnedFd,BorrowedFd) are already in std.It’s only enforced because of Rust’s strict type system. Python, on the other hand, lets you do whatever you want by comparison, and complains only at runtime. I’ve seen far too many
**kwargsfor my liking.My example would be a thin wrapper around these, most likely. It’s only an example of what I’m trying to convey, though.