Thanks for the response. I wasn't trying to speculate on your intentions for publishing the blog post.
> There's a world of difference between "logic error and/or panic" and "undefined behavior".
Is is really so different for the programmer who wrote the bug?
If you have undefined behavior, the language implementation can do whatever it wants. It won't actively work against you, but the implementer is given permission to ignore what would happen if you violate their assumptions.
With a logic error in custom memory management, the program execution will still be following well-defined rules but the invariants assumed by the programmer will no longer hold. The resulting behavior appears effectively undefined to the programmer, because the point of invariants is to ignore what would happen when they are broken.
Defensive coding with panics/asserts will definitely help catch some of these mistakes during development.
> Yes, Rust doesn't fix all bugs. But it's still an improvement here.
I applaud your efforts with Rust, it's great to see someone actually trying to improve the state of programming languages.
> Is is really so different for the programmer who wrote the bug?
Yes, absolutely. The symptoms may be similar (though the logic error will still never lead to memory corruption or segfaults), but debugging is much easier when you can still rely on the language's invariants, if not your own.
> The resulting behavior appears effectively undefined to the programmer, because the point of invariants is to ignore what would happen when they are broken.
I still think there are big differences here, especially when we think about these things as security issues.
If you write a program that's supposed to draw some pixels to the screen, and you have a logic bug, you program is going to draw the Wrong Pixels (https://xkcd.com/722). But your program isn't going to install a rootkit on your machine, or mine bitcoins, or send all your spreadsheets to the bad guys. If you never call the `mine_bitcoins()` function anywhere in your program, there's no way a logic bug can make you somehow call that function.
Not so with undefined behavior. An attacker who exploits a buffer overrun in your program can make you do anything. This almost sounds paranoid, but as soon as your code is taking input from the internet, this is really truly the problem you have. This sort of problem is why projects like Chrome spend millions of dollars building security sandboxes for their C++ code, and researchers still keep coming up with ways to break it.
> There's a world of difference between "logic error and/or panic" and "undefined behavior".
Is is really so different for the programmer who wrote the bug?
If you have undefined behavior, the language implementation can do whatever it wants. It won't actively work against you, but the implementer is given permission to ignore what would happen if you violate their assumptions.
With a logic error in custom memory management, the program execution will still be following well-defined rules but the invariants assumed by the programmer will no longer hold. The resulting behavior appears effectively undefined to the programmer, because the point of invariants is to ignore what would happen when they are broken.
Defensive coding with panics/asserts will definitely help catch some of these mistakes during development.
> Yes, Rust doesn't fix all bugs. But it's still an improvement here.
I applaud your efforts with Rust, it's great to see someone actually trying to improve the state of programming languages.