FizzyOrange

joined 1 year ago
[–] [email protected] 0 points 18 hours ago* (last edited 18 hours ago) (1 children)

would not be considered bugs but maybe change requests.

That's just playing with semantics. They are clearly bugs. They are literally called "defect reports".

Without a spec how would you argue that a system/product is safe?

  1. Lots of testing, including randomised testing and ideally formal verification.
  2. Comprehensive test coverage - both code coverage (lines, branches) and functional coverage (hand written properties).
  3. Functional safety features (ECC, redundancy, error reporting & recovery, etc.)
  4. Engineering practices known to reduce the chance of bugs (strong static types, version control, CI & nightly tests, rigorous engineering processes - requirement tracking and so on, and yes ideally well written specifications for all the tools you are using).

There are many aspects to safety and it's definitely a good idea to have a spec for a language, but it doesn't automatically mean safety is impossible without it.

Software in itself cannot be safe or unsafe because without hardware it cannot do anything.

The nice thing about abstraction is that you can talk about software without considering the hardware, more or less. If one says "this software is safe", it means it's safe assuming it's running on working hardware.

It doesn't always hold up - sometimes the abstraction leaks, e.g. for things like spectre and rowhammer. And there are sometimes performance concerns. But it's pretty good.

[–] [email protected] 0 points 2 days ago (3 children)

you can say that without a spec as well but what does “wrong” mean then? It just means you personally disagree with its behavior.

Nope. Specs can have bugs. Here are the bugs in the C++ spec for example:

https://www.open-std.org/jtc1/sc22/wg21/docs/cwg_toc.html

As I said, specifications are useful and desirable, but the SIL's dogmatic "no spec = unsafe" is clearly not based in reality.

[–] [email protected] 0 points 2 days ago (11 children)

It's not because we have tested this program extensively on every C++ compiler, but because the language rules of C++ say so.

Debatable. Saying things in a prose specification doesn't magically make them happen. Tests and reference models can though.

I also don't really agree with the SIL requirements that languages need to have rigorous specifications to be safe. Clearly it's better if they do, but would your rather fly on a rocket controlled by C code or Rust code?

IMO a specification would be really nice to have, but it main purpose is to tick a certification checkbox, which is why the only one that exists was written specifically for that purpose.

[–] [email protected] 1 points 3 days ago

I think there are some crates that wrap the unsafe code for you, e.g. https://github.com/rodrimati1992/abi_stable_crates/ (I haven't ever tried it).

[–] [email protected] 0 points 3 days ago

He is. By using statically linked binaries.

Technically this is conflating two things: bundling dependencies and static/dynamic linking. But since you have to bundle your dependencies to use static linking, and there's little point dynamic linking if you bundle your dependencies... most of the time they are synonymous.

Exceptions are things like plugins, but that's pretty rare.

[–] [email protected] 7 points 4 days ago (1 children)

I don't know why you're being downvoted. It literally starts with the word OPINION in bold red caps.

[–] [email protected] 27 points 4 days ago

asking the maintainers to lock down APIs which the C devs purposefully leave malleable, in part, to avoid binary blob drivers being feasible.

No, they were asking them to define the semantics of the filesystem APIs. Those semantics are not encoded in the C API but the Rust devs wanted to encode them in the Rust API to avoid making mistakes.

The C devs didn't want to, not because of concerns about binary drivers, but because the semantics are already broken. Apparently different filesystem drivers assume different semantics for the same functions and it's a whole mess. They don't want to face up to this and certainly don't want anyone pointing it out, so clearly it must be the Rust devs' fault for wanting APIs to have consistent semantics.

The rest of your comment is nonsense.

[–] [email protected] 7 points 5 days ago

PDF writing isn't too bad IMO, since you don't need to understand the whole spec. I've written a PDF writer for maps from scratch and it was fairly easy and not too much code.

PDF reading though... Yeah I'm happy to leave that to people with more time and use their libraries.

A modern format would be nice, but I don't think it would be anywhere near nice enough to give up how universal PDF is.

[–] [email protected] 12 points 6 days ago (2 children)

Eh, it practice it works extremely well. I can't remember a single instance where a PDF document rendered incorrectly.

The format is very old so it's not surprising it has picked up a few WTFs. I'm happy to keep those hidden below the abstraction.

[–] [email protected] 16 points 6 days ago

Totally depends what you end up working on as a programmer. If it's web apps, you'll be totally fine. All you need is basic arithmetic. Writing a game engine? You'll need to know some basic to moderate matrix maths...

If you're doing formal verification using unbounded model checking... good fucking luck.

On average I would say most programming tasks need very little maths. If you can add and multiply you'll be fine. Definitely sounds like you'll be ok.

[–] [email protected] 3 points 1 week ago

Why do you say it needs more time in the oven? I've had zero issues with it as a drop-in replacement for Pip in a large commercial project, which is an extremely impressive achievement. (And it was 10x faster.)

I tried Poetry once and it failed to resolve dependencies on the first thing I tried it on. If anything Poetry needs more time in the oven. It also wasn't 10x faster.

[–] [email protected] 0 points 1 week ago (6 children)

Is there any reason to use this now that Krita exists, sane name and all?

 

Does anyone know of a website that will show you a graph of open/closed issues and PRs for a GitHub repo? This seems like such an obvious basic feature but GitHub only has a useless "insights" page which doesn't really show you anything.

 

Very impressive IDE integration for Dart macros. Something to aspire to.

view more: next ›