--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
I would note that any tool that ports from C++, or even C, to Go is going to produce ugly, unmaintainable, and non-idiomatic code, at best.
On Thursday, January 3, 2019 at 12:11:06 PM UTC-5, Jake Montgomery wrote:I would note that any tool that ports from C++, or even C, to Go is going to produce ugly, unmaintainable, and non-idiomatic code, at best.These are two different cases. I agree that graceful C++ to Go transpilation is effectively impossible.On the other hand, I believe graceful, comment-preserving C to idiomatic-Go transpilation is almost possible.
I still think it would be a nearly impossible task given the C code in the wild - outside of threading, the common usage of ‘unions’ - there is no way I know of to map these to a simple Go struct, or even several - you need something like protobufs. So even if you could convert, you’d end up with code that is probably harder to maintain/verify than the original C code.
--
You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/aPHLrfwQh3A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-j
Having studied the problem, the most serious blocker is an ambiguity between
typedefs and variable names in some contexts. And there exists a good
strategy for resolving those.
--
-j
-j
My original comment was in regaurd to c++11, but seeing as the discussion has drifted towards c, you may want to take a look at https://github.com/xlab/c-for-go, it is based off of its based off ofhttps://github.com/cznic/cc, and has been used to create go bindings for portaudio, libvpx, and a few others, including android ndk (android-go). It uses 'hints' via yaml file to ease indirect translations, and me be adaptable to your needs.
> Reasonable people can disagree, but I favor rewriting over
> transpilation, for draining that swamp.
The problem is that in general nobody *does* rewrite old
infrastructure code. It tends to work just well enough to fester in
place for a long time, and then you get shocks like the Heartbleed
bug. It is my aim to head off that sort of thing in the future.
memegen delenda est
I agree. The class of old C program I am interested in is, however,
not generally limited by CPU but by network and (less commonly) disk
stalls. Again bear in mind that my type examples are NTP and DNS service.
A lot of other legacy infrastructure code fits this pattern.
I'm curious about why transpilation would have significantly mitigated the Heartbleed bug.
On Wed, Jan 9, 2019 at 7:55 PM 'Thomas Bushnell, BSG' via golang-nuts <golan...@googlegroups.com> wrote:I'm curious about why transpilation would have significantly mitigated the Heartbleed bug.Heartbleed is a bug which relies on two things:- Failure to do proper bounds checking- Allocation of a buffer which is not initialized to some zero-value, and which straddles memory it shouldn't.Many programming languages are constructed such that they address both of the above problems at the semantics level, and thus they avoid the really dangerous part of the bug, which is the leak of information, downgrading the bug to a denial of service attack, or even also mitigating that part of the bug. Array access is checked against the arrays bounds, and buffer allocated memory is properly 0-initialized before use.
memegen delenda est
I'm not sure the second one here is right. Heartbleed does not depend on unitialized memory as far as I can tell. It works to copy whatever lies after the incoming request buffer back to the attacker. It happens that in the actual openssl code the thing it's copying is a reused buffer that might have stuff in it (IIRC), but that's not essential to the operation of the bug. If it were an exactly sized buffer the same shape of problem would occur.
You left unaddressed:* How would this magical translation going to occur, given the actual code of openssl? The obvious human translation is to allocate a request buffer, and then use the encoding/binary package to pull values. The attempt to read indexes greater than the size of the buffer would fault. But I don't see a way to take code like openssl and automatically make it use encoding/binary. The only clear way I can see to do it automatically is to use unsafe.Pointer, which simply turns off all the bounds checking you wanted.
* Even if we did this, the bug only turns into a packet of death. A packet of death on this scale is of almost the same level of annoyance and chaos. (Witness this week's firestorm about an email packet of death on some Cisco something or other.)
* Even if we did this, the bug only turns into a packet of death. A packet of death on this scale is of almost the same level of annoyance and chaos. (Witness this week's firestorm about an email packet of death on some Cisco something or other.)I did address this. If each request is bounds checked and memory isolated, then a failure is just an exception of some kind and we handle this as we would any other exception. You could also just fork the process for each incoming request and obtain the same semantics.
memegen delenda est
The server crashes - that's how we handle "any other exception", as a rule.
I don't know what you mean by "just fork the process". First, if you're transpiling into Go, that's not a good strategy. Second, are you suggesting the transpiler would automatically rewrite the request handling loop to avoid the harm of crashes?
On Thu, Jan 10, 2019 at 7:39 PM Thomas Bushnell, BSG <tbus...@google.com> wrote:The server crashes - that's how we handle "any other exception", as a rule.I write Erlang for a living. We don't crash a server, ever, on a failure. Unless the failure is persistent :)
memegen delenda est
I think the paper you linked is exciting, and actually suggests that the hard work which needs to be done will solve the problem without a change of language. This fits my intuition: the things necessary to take advantage of type safety can only be automatically used with the same kind of proof work you need to do to establish the code was fine to begin with.
Thomas Bushnell, BSG <tbus...@google.com>:
> Suppose it has a way, however. Now you have Go code which will have a
> bounds fault instead of a data leak. That's better, I suppose - the
> resulting bug is now "the server crashes" instead of "the server maybe
> leaks a key". This is an improvement, but a packet-of-death across a widely
> used library this puts the world in a not dissimilar position in terms of
> the level of panic and rapid response everybody needs.
The difference is trhat an overt bug will elicit a fast fix.
memegen delenda est
Have you actually looked it what it outputs?
If not, prepare to be horrified. Maintainability is an issue.