←back to thread

278 points love2read | 2 comments | | HN request time: 0s | source
Show context
wffurr ◴[] No.42476523[source]
Note that this is done for “existing formally verified C codebases” which is a lot different from typical systems C code which is not formally verified.
replies(8): >>42476623 #>>42477360 #>>42478051 #>>42478440 #>>42478560 #>>42478707 #>>42479358 #>>42479797 #
akkad33 ◴[] No.42478707[source]
Is Rust formally verified? Not that I know of
replies(3): >>42478873 #>>42480047 #>>42480818 #
PartiallyTyped ◴[] No.42478873[source]
You can always run model checkers like Kani, though even that is limited.
replies(1): >>42479351 #
medo-bear ◴[] No.42479351[source]
So no?
replies(1): >>42479779 #
johnisgood ◴[] No.42479779[source]
The answer is that it is not.

It frustrates me more than it should, I admit, that people always mention Rust when they talk about safety, but never Ada / SPARK. You want formal verification? Use Ada / SPARK. It has been battle-tested. It has been used for critical systems for a really long time now.

(And a compiler being formally verified vs. being able to write formally verified code means two different things.)

replies(2): >>42479874 #>>42484006 #
medo-bear ◴[] No.42479874[source]
I think a disclaimer like this should be written with every Rust application, like health warnings on cigarette packets
replies(1): >>42479893 #
johnisgood ◴[] No.42479893[source]
At this point, I think that would be better, yes, just because people think Rust is "fully" safe, which is just incorrect. I think the problem was the Rust hype and repeated statements of it being very safe, so we have some undoing to do.

For example if someone on GitHub sees that the project is written in Rust, they are automatically going to assume it is safe, incorrectly so. I do not blame them though.

replies(2): >>42480248 #>>42480314 #
keybored ◴[] No.42480248[source]
You presumably extend this to every virtual machine or interpreter for every language which is implemented in an unsafe language. When that language claims to be safe (like all such languages claim to be).

That seems excessive and tedious.

replies(1): >>42480329 #
medo-bear ◴[] No.42480329[source]
The point, I think, was that "safety" presumptions about Rust are often exaggerated or poorly misunderstood due to hype. That could certainly lead to problems
replies(2): >>42480572 #>>42481051 #
keybored ◴[] No.42481051[source]
> The point, I think, was that "safety" presumptions about Rust are often exaggerated or poorly misunderstood due to hype. That could certainly lead to problems

Then the point is hypocritical.

Runtimes for safe programming languages have been implemented in unsafe languages since the dawn of safe programming languages, basically.

EDIT: I see now that you are the cigarette warning guy. In that case I don’t understand what this coy “I think” speculation is about when you made such a bizarre proclamation on this topic.

replies(1): >>42482241 #
medo-bear ◴[] No.42482241[source]
Your tendency to answer jokes so seriously is a symptom of the hype
replies(2): >>42482642 #>>42483003 #
1. jeltz ◴[] No.42483003{3}[source]
Your irrational hate for a programming language adds nothing to the discussion.
replies(1): >>42483255 #
2. medo-bear ◴[] No.42483255[source]
so many powerful words lol