So now it's an architecture astronaut project "Somehow replicate Rust in C++" when all they actually wanted was to write concurrent software, something Rust is famously good for. So, you propose they should "implement your own typesystem replicating the native rust approach" in order to have thread safety. "Modern C++" still isn't very suitable for that. But wait, their core goal is they'd like a concurrent Tor. That's a completely different set of skills. You'd have them rewrite it as "modern C++" rather than Rust. So "explicit" means as long as every C++ programmer is conscientious and never makes a mistake they avoid this particular footgun. The correct fix (an "implicit" keyword) violates C++ backwards compatibility promises and (which of more practical upshot) breaks a bunch of working code. So once the situation was "C++ constructors are inexplicably dangerous" and Nathan improved it to "C++ constructors are inexplicably dangerous by default".
After all, I think implicit constructors were a bad idea, they're the wrong default, but they're only a default at all because of the "explicit" keyword, which is apparently Nathan's idea. In the former case, maybe we can say Nathan is trying to get C++ to a better place. In which case what you've got there is two experts disagreeing.īut we are on the Internet, and so it is of course also possible ncm is a dog (I have verified that the committee member was not a dog).
It seems plausible that ncm is Nathan Myers, who was, and perhaps still is, an active JTC1/SC22/WG21 (ie C++ Standards Committee) participant. Because of that, Arti's circuit cryptography has been multicore from day 1, at very little additional programming effort. If one thread accesses a piece of state at the same time that another thread is changing it, then your whole program can exhibit some truly confusing and bizarre bugs.īut in Rust, this kind of bug is easy to avoid: the same type system that keeps us from writing memory unsafety prevents us from writing dangerous concurrent access patterns.
C's support for thread-safety is quite fragile, and it is very easy to write a program that looks safe to run across multiple threads, but which introduces subtle bugs or security holes. The project sees a number of benefits from using Rust, including:įor years now, we've wanted to split Tor's relay cryptography across multiple CPU cores, but we've run into trouble. The C implementation is not going away anytime soon, but the idea is that Arti will eventually supplant it. It is not ready for prime time, yet, but based on a grant from Zcash Open Major Grants (ZOMG), significant work is ongoing the plan is " to try bring Arti to a production-quality client implementation over the next year and a half".
The Tor project, which provides tools for internet privacy and anonymity, has announced a rewrite of the Tor protocols in Rust, called Arti.
0 kommentar(er)
