| |
| ▲ | 4 days ago | parent | next [-] | | [deleted] | |
| ▲ | HAL3000 4 days ago | parent | prev | next [-] | | > So your definition of memory safety includes some notion of "plausible" and "realistic"? Neither https://www.memorysafety.org/docs/memory-safety/ nor Wikipedia have such a qualification in their definition. It would help if you could just spell out your definition in full, rather than having us guess. This is a strawman argument, you're arguing semantics here. You're a smart person, so you know exactly what he means. The perception created by your article is that people shouldn't use Go because it's not memory-safe. But the average developer hearing "not memory-safe" thinks of C/C++ level issues, with RCEs everywhere. Unless you can show a realistic way this could be exploited for RCE in actual programs, you're just making noise. Further down the thread, you admit yourself that you're in a PLT research bubble and it shows. | | |
| ▲ | dcow 4 days ago | parent | next [-] | | You definitely shouldn’t use Go, but it’s not because of the discussion in TFA. I jest, rhetorically. Seriously, why are we bashing a researcher for being academic? This makes no fucking sense. Nobody claimed anywhere that people should stop using Go. | |
| ▲ | esoterae 4 days ago | parent | prev | next [-] | | Did you not notice how this started over someone saying "That's not the definition of memory safety" and then prevaricating about the bush when asked to provide their definition? Your theory that this is an argument over semantics is correct, but not fully understood. | |
| ▲ | ralfj 4 days ago | parent | prev | next [-] | | > The perception created by your article is that people shouldn't use Go because it's not memory-safe. Uh, where exactly am I saying or implying that?
I am, in fact, saying that Go is much closer to memory-safe languages than to C, safety-wise. But I am arguing that the term "memory safe" should only be used for languages that actually went through the effort of thinking this problem through to the end and plugging all the holes through which memory safety violates can sneak in. Go is 99% there, but it's falling slightly short of the goal. I think that's a useful distinction, and I am disappointed that it is regularly swept under the rug, which is why I wrote this blog post. You are free to disagree, I never expected to convince everyone. But I think I gave some people some new food for thought, and that's all I can hope for. | |
| ▲ | hdevalence 4 days ago | parent | prev [-] | | > you're arguing semantics here Yes, semantics — what do things mean, exactly? — is the subject of the discussion here and is actually quite important in general. |
| |
| ▲ | tptacek 4 days ago | parent | prev [-] | | You're just wrong about this. The ability to write contrived code that does an out-of-bounds write, or to induce crashes, doesn't violate the notion of "memory safety" as an ordinary term of art. | | |
| ▲ | ralfj 4 days ago | parent | next [-] | | Yeah I understand that that's how you like to use the term, you've been very clear about that. What I am curious about is whether that's just you. Because the source you gave last time, https://www.memorysafety.org/docs/memory-safety/, doesn't agree with what you are saying, and neither does Wikipedia. I am honestly curious here. I am a PLT researcher so I am in a bubble where people use the term consistently with how I use it. You are the first person I meet (for some notion of "meet" ;) that uses the term differently. But without external sources it's hard to judge how wide-spread your definition (that you still haven't spelled out...) is. | | |
| ▲ | tptacek 4 days ago | parent | next [-] | | Again: my usage of the term is widespread enough that the ISRG uses it to refer to Go as well, as does, well, basically everybody else in the industry. I think you've just message-boarded yourself into believing this is a live debate. There is no sequence of words you're going to come up with to convince me that everybody is wrong when they say "Go is a memory safe language". | | |
| ▲ | ralfj 4 days ago | parent [-] | | You keep making arguments by assertion without giving sources, so :shrug: yeah this isn't going to go anywhere. I think we actually agree on all of the factual points here, we just don't agree on how languages should be categorized/labeled according to their guarantees in both a theoretical and a practical sense, and that's largely a subjective matter anyway. So, happy to agree to disagree here. |
| |
| ▲ | Thaxll 4 days ago | parent | prev [-] | | Go is memory safe, what do you think of: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Pre... U.S. and International Partners Issue Recommendations to Secure Software Products Through Memory Safety They recommand Go among other language in their paper. https://media.defense.gov/2023/Dec/06/2003352724/-1/-1/0/THE... | | |
| ▲ | ralfj 4 days ago | parent [-] | | Yeah, Go is often listed with memory-safe languages, I know that. And yet when people define memory safety, Go usually fails to satisfy that definition. That's why I was asking for a definition of memory safety that would include Go. | | |
| ▲ | kiitos 2 days ago | parent [-] | | I suppose Go's notion of memory safety is satisfied by forbidding pointer arithmetic, and, maybe somewhat transitively, preventing arbitrary out-of-bounds access to memory. It definitely satisfies this notion of memory safety. Maybe this notion of memory safety is not considered to be correct, or relevant, or whatever, by whomever. That's fine. |
|
|
| |
| ▲ | rowanG077 4 days ago | parent | prev | next [-] | | Did you consider that the organization can be wrong? > Memory safety is a property of some programming languages that prevents programmers from introducing certain types of bugs related to how memory is used. Since memory safety bugs are often security issues, memory safe languages are more secure than languages that are not memory safe. That is the definition they give. Since Go does not "prevent programmers from introducing certain types of bugs related to how memory is used." it does not fall under this definition. They can list go as memory safe, but then either they disagree with their own definition or made the mistake of adding Go to that list. Memory safety is not a spectrum. You are either memory safe or unsafe. The spectrum is in the unsafety. Go is obviously less unsafe than C for example. | | |
| ▲ | kiitos 2 days ago | parent [-] | | > Memory safety is not a spectrum. You are either memory safe or unsafe. if there is one takeaway from this discussion, i think it must be that memory safety does not have any single, commonly-accepted, or objective definition -- and that it is pretty obviously a spectrum, not a boolean | | |
| ▲ | rowanG077 19 hours ago | parent [-] | | I could agree to that if the people who claim it would at least put it in their definition. But as it stands it indeed is a boolean. You have to give a definition of something like: "Memory safety denotes the degree to which a programming language guides and protects developers from memory‑related errors—ranging from minimal, manual checks to comprehensive static and runtime enforcement—through mechanisms like strong typing, ownership or borrow checking, and garbage collection." And then also include modern C++ in their lists. because by all accounts it is memory safe by that definition. |
|
| |
| ▲ | zozbot234 4 days ago | parent | prev [-] | | Then the "security" definition is totally useless, because even C can be memory safe. What about pointers, malloc(), free(), unchecked enums etc. etc.? Oh, those are just "contrived" language features you're not really supposed to use. You can write FORTRAN in any language! | | |
| ▲ | tptacek 4 days ago | parent [-] | | C is the archetypical memory-unsafe language. When you've reached the point where you're simultaneously arguing that C is memory-safe and Go isn't, you should recognize you've made a wrong turn somewhere. | | |
| ▲ | zozbot234 4 days ago | parent [-] | | My point with those comparisons is that you have not bothered to define a reasonable and verifiable standard for what counts as "contrived" code - which is what ultimately seems to determine whether a language is memory safe, according to your definition. |
|
|
|
|
