digitalmars.D - Safe code as an I/O requirement
- aberba (7/7) May 28 2017 https://lwn.net/Articles/708196/
- Ola Fosheim Grostad (8/15) May 28 2017 It consists of many libraries. Audio-video decoders tend to be
- piotrklos (5/7) May 28 2017 Intuitively it would be much better because overwhelming majority
- Paulo Pinto (7/14) May 29 2017 GStreamer has already adopted Rust and is slowly migrating away
https://lwn.net/Articles/708196/ From the look of things and feedbacks from several security analysts and system developers, [exposed] I/O needs to be memory safe. GStreamer multimedia library developed in C has safety issues [see article]. What would its safety be if it was written in D (along with its plugins)?
May 28 2017
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:https://lwn.net/Articles/708196/ From the look of things and feedbacks from several security analysts and system developers, [exposed] I/O needs to be memory safe. GStreamer multimedia library developed in C has safety issues [see article]. What would its safety be if it was written in D (along with its plugins)?It consists of many libraries. Audio-video decoders tend to be selected based on performance so no bounds checks. You can usually do it in a safe manner, but then you either need to adapt all the algorithms or prove correctness. Both alternatives are expensive. So really, sandboxing sounds like a more realistic alternative for an open source media player that aims to support all formats using third party codecs...
May 28 2017
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:https://lwn.net/Articles/708196/ (...)Intuitively it would be much better because overwhelming majority of the code can be written with safe, but bounds checking would have to be switched off for some plugin code for performance reasons, so it would not be 100% secure.
May 28 2017
On Sunday, 28 May 2017 at 16:58:53 UTC, aberba wrote:https://lwn.net/Articles/708196/ From the look of things and feedbacks from several security analysts and system developers, [exposed] I/O needs to be memory safe. GStreamer multimedia library developed in C has safety issues [see article]. What would its safety be if it was written in D (along with its plugins)?GStreamer has already adopted Rust and is slowly migrating away from C into Rust. Search for their presentation at RustConf Kiev 2017. Also GNOME guys have been having meetings with Rust design team as there is the possibility to replace Vala with Rust. See GUADEC Mexico city 2017.
May 29 2017