| ▲ | IshKebab 5 hours ago |
| > Memory management bugs is just one class of bugs It's a particularly bad one though because it always leads to UB, which means you can't say anything about what happens next. That's why memory bug severity is often "MAY lead to RCE but who knows". At least with non-UB bugs you can reason about them. In any case, Rust massively helps with logic bugs too. It's not just about memory safety. |
|
| ▲ | zozbot234 5 hours ago | parent | next [-] |
| > It's a particularly bad one though because it always leads to UB, which means you can't say anything about what happens next. This is also why memory safety is table-stakes when it comes to formal verification of the underlying program logic. You can't solve logic bugs (even where that's known to be feasible, such as for tightly self-contained, library-like features) without solving memory safety first. |
|
| ▲ | nananana9 4 hours ago | parent | prev [-] |
| > it always leads to UB, which means you can't say anything about what happens next. If you read a language standard and try very hard to forget that the actual computer exists, sure. If you remember computers are real, you can pretty easily tell what will happen when you write to address 0x00000000 on a CPU with virtual memory. |
| |
| ▲ | Tuna-Fish 3 hours ago | parent | next [-] | | Do note that with modern compilers it's surprisingly hard to accidentally do something that is always guaranteed to write to 0. Because it is UB, and an optimizing compiler is allowed assume that it doesn't happen. This can lead to seemingly crazy things like a variable that is set to zero, and when you deref through it it gives you something completely different instead. Because if a variable is first set to zero in all code paths, and then complex logic usually sets it to something else, after which it is dereferenced, the compiler is allowed to notice that the path where it is accessed without being first set to something else never happens, and then it is allowed to notice that the first write to the variable is dead because it's never read before being set to something else, and thus can be eliminated. | | |
| ▲ | xigoi 2 hours ago | parent [-] | | Are there any languages other than C and C++ that have this “nasal demons” interpretation of undefined behavior? | | |
| ▲ | josephg an hour ago | parent | next [-] | | I assume this is a product of sufficiently advanced compilers. Other LLVM languages almost certainly suffer from this too, including Zig, Swift and unsafe rust. | |
| ▲ | FartyMcFarter 2 hours ago | parent | prev [-] | | I think so, at least when it comes to assuming that multi-threading data races don't happen. |
|
| |
| ▲ | FartyMcFarter 4 hours ago | parent | prev | next [-] | | Not all memory bugs result in writing to a null pointer. For example, you can do a double free, or write to a pointer that was freed. | |
| ▲ | IshKebab 3 hours ago | parent | prev [-] | | Ah you're in the "but it doesn't really mean anything can happen" denial stage. Welcome to acceptance: https://mohitmv.github.io/blog/Shocking-Undefined-Behaviour-... |
|
