I don’t think that casting a range of bits as some other arbitrary type “is a bug nobody sees coming”.

C++ compilers also warn you that this is likely an issue and will fail to compile if configured to do so. But it will let you do it if you really want to.

That’s why I love C++

  • BatmanAoD@programming.dev
    3·
    1 day ago

    Rust doesn’t have a formal specification other than “whatever the fuck our team hallucinated in this compiler version”

    That’s simply not true. The Reference, while not an ISO-style formal spec, does actually specify most of the intended language behavior, and incrementally approaches completion over time. But even if you insist on an ISO-style formal spec, there’s Ferrocene: https://ferrous-systems.com/blog/the-ferrocene-language-specification-is-here/

    it fucks your day because you’re not careful

    The cve-rs vulnerability is actually not really something you’d ever write by accident. Also note that the bug report has multiple versions because, even though a “full” solution is pending some deeper compiler changes, the first two three versions of the exploit are now caught by the compiler. So, like I said, the compiler bugs do get fixed over time.