白宫的网络总监办公室(Office of the National Cyber Director 简写ONCD)上个月发布了一份报告,BACK TO THE BUILDING BLOCKS: A PATH TOWARD SECURE AND MEASURABLE SOFTWARE 。
这事没什么特别,白宫的各个办公室常规性在各个方面发出报告,带风向或实际下场操作。只是年后多次听到媒体引用报告,声称美国以官方力量推动Rust编程语言。
这信息听的摸不着头脑,也不觉得Rust基金会有如此牌面。直接翻了下报告(连封面、封底带尾注篇幅不足20页),基本判定是媒体过度引申。
理了一下相关Rust部分的逻辑,主要是在报告第二部分,后面简略列出。
报告的第二部分开头两段举例C和C++,批评这二位广泛应用于重要的系统、但是语言本身缺乏内存安全相关的特性。
Memory safety vulnerabilities are a class of vulnerability affecting how memory can be accessed, written, allocated, or deallocated in unintended ways.iii Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.iv.
后续展开了一些内存安全性和现存部分编程语言的论述,接着就是以美国太空计划的检视来作为例证。通过阿波罗13号的事故,强调编程语言和工具链的重要性。编程语言在空间系统作业方面,诸多限制中最重要的三点特性:足够靠近核心、便于软硬件交互;确保计算(操作)输出结果时序一致性;GC是个风险。
First, the language must allow the code to be close to the kernel so that it can tightly interact with both software and hardware; second, the language must support determinism so the timing of the outputs are consistent; and third, the language must not have – or be able to override – the “garbage collector,” a function that automatically reclaims memory allocated by the computer program that is no longer in use.
接下来就是所谓的“白宫推荐了Rust编程语言”之内容:
At this time, the most widely used languages that meet all three properties are C and C++, which are not memory safe programming languages. Rust, one example of a memory safe programming language, has the three requisite properties above, but has not yet been proven in space systems.
翻译过来是:当前广泛使用的C和C++,虽然语言本身不具备内存安全性,但满足空间系统作业的三点重要特性。语言特性具备内存安全的Rust,设计模式理论上也满足空间系统作业的三点重要特性,但尚未经历过工程实证。
再往后的报告内容是硬件和软硬件交互,确保系统安全的内容。就不再引用了。
