Linked by Thom Holwerda on Sun 26th May 2013 18:48 UTC
OSNews, Generic OSes "A tiny 32 bit kernel written in Rust. I was inspired to download Rust and try to do this after seeing zero.rs - a stub that lets Rust programs run almost freestanding. It paints the screen bright red and then hangs. That's it."
Thread beginning with comment 562967
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by BBAP
by Rugxulo on Mon 27th May 2013 18:56 UTC in reply to "RE[3]: Comment by BBAP"
Rugxulo
Member since:
2007-10-09

two of the three functions in main.rs are marked unsafe.


I could be wrong, but I assume that refers to disabling the garbage collector (a la Modula-3).

Reply Parent Score: 1

RE[5]: Comment by BBAP
by Vanders on Tue 28th May 2013 11:45 in reply to "RE[4]: Comment by BBAP"
Vanders Member since:
2005-07-06

No, it's not that: http://static.rust-lang.org/doc/rust.html#unsafe-functions

Unsafe operations are those that potentially violate the memory-safety guarantees of Rust's static semantics. Specifically, the following operations are considered unsafe:

Dereferencing a raw pointer.
Casting a raw pointer to a safe pointer type.
Calling an unsafe function.


So basically, not much different to raw pointer operations in C.

Reply Parent Score: 2

RE[6]: Comment by BBAP
by moondevil on Tue 28th May 2013 14:34 in reply to "RE[5]: Comment by BBAP"
moondevil Member since:
2005-07-08

So basically, not much different to raw pointer operations in C.


Correct, but it makes possible to forbid pointer trick modules in security risk scenarios.

For example, you cannot run unsafe .NET code in IIS, or unsafe Go code in Google App Engine.

Similar unsafe blocks are available in D, Ada, Modula-3 and the Oberon language family.

The whole point is that unsafe operations are only allowed for code that needs to deal directly with the hardware, everywhere else you can you use type safe language constructs.

This allows an increase in the security of the generated code via compiler switches or OS rules.

Of course, this relies on the fact that you cannot change the generated Assembly code, by having the appropriate security access in place.

Reply Parent Score: 2