On Fri, Jun 13, 2025 at 12:02 PM Friedrich Beckmann < friedrich.beckm...@posteo.de> wrote:
> > Am 13.06.2025 um 20:53 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > > > I don't know yet whether it will be possible to wrap the new engine to > work with the existing GUI. If it is, it will take some effort. > > > > I started by working on a system file reader implementation, which is > almost done. There is also a basic implementation of the output layer, and > a basic implementation of a syntax parser. And several tests. None of it is > really ready and I don't know when it will be, but when it is, it won't > have segfaults. > > As far as I understood it Rust will catch for example an out of range > index access on an array and end up in „panic“. I would consider a „panic“ > the same as „DoS“ although it is not a segfault. Do you think you can for > example write the parser to always end up in recoverable errors? > Rust programs, like any kind of program, can have bugs. Out-of-range indexes and other kinds of panics are just examples of them. The important distinction is that a Rust program never[*] risks executing arbitrary code or accessing arbitrary data because of malicious or unlucky input. Those are the security problems that people automatically generate and submit by the truckload, and that security authorities rank as the biggest risks. [*] With some qualifications; you can write "unsafe" Rust that does this. Ordinary "safe" Rust does not.
