undefined | Better HN

0 pointstene3y ago0 comments

If you accidentally make a mistake when setting an array length in V, your program can read from uninitialized memory, as discussed in this article. This program, quoted from the article we're discussing, is accepted by the V compiler, and attempts to read from uninitialized memory:

  fn main() {
      x := []&int { len: 10, cap: 0 }
      println(x[4])
  }

In this case, the program crashes with a segfault, because the program is simple enough that the memory after the heap allocation was not mapped. The point of these examples is to be minimal tests cases clearly demonstrating that the language does the wrong thing. This is a general category of bug that permits memory unsafety, and in more-complex real-world programs, this could be exploitable. In general, any time you see a segfault, it's a strong signal that there could be an exploitable memory safety vulnerability.

This does not apply to every other language. The specific problem is that V lets you directly adjust the array length without doing anything to ensure that the array capacity is at least as large as the newly-specified length. Go's `make([]int, len)` ensures that the produced array's capacity is at least len. Go does have some memory safety issues (data races), but this specific issue is not a problem that Go has.

> Can you link to such examples in V documentation?

I agree with the article we're discussing that the "Safety" section prominently displayed on https://vlang.io/ immediately after the header is significantly overstating its case. Here is the list, each item of which is discussed specifically in this blog post, with minimal source code you can run to check their work:

  - No null
  - No undefined values
  - No undefined behavior
  - No variable shadowing
  - Bounds checking
  - Immutable variables by default
  - Immutable structs by default
  - Pure functions by default  --  This has since been removed from the list, but was present when the author started this review: https://web.archive.org/web/20220305171852/https://vlang.io/
  - Option/Result and mandatory error checks
  - Sum types
  - Generics
  - Immutable function args by default, mutable args have to be marked on call
  - No global variables

"No Null" is misleading because the compiler does not actually prevent null references.

"No Undefined Values" is misleading because the compiler does not actually prevent reading uninitialized memory.

"No Undefined Behaviour" is misleading because the C code generated by the V compiler does include behaviour that is undefined according to the C language standard.

"No Variable Shadowing" is correct; the V compiler rejects programs that would shadow variables. I don't actually see this as a benefit, as I use shadowing all the time, but it's an accurate statement about the current V compiler.

"Bounds Checking" is mostly correct, but slightly misleading because the bounds are exposed to your code, and it's up to you to make sure you manipulate them correctly.

"Immutable variables by default" and the other immutability points are misleading because functions that accept immutable arguments can still mutate those arguments.

Compared to languages with real mutability tracking, this is far less helpful in designing misuse-resistant APIs, and avoiding hard-to-diagnose bugs caused by unexpected mutation.

"Pure functions by default" is misleading because the V developer has chosen to use their own special nonstandard meaning for "Pure" that includes IO, and because of the mutability tracking not actually being effective.

"Option/Result and mandatory error checks" is correct and fine; I have no problems with this.

"Sum Types" is kind of okay, but they look kinda janky and limited. This article's example of sum types not being able to hold references is pretty concerning.

"Generics" is kind of okay, but it similarly is a very early very limited implementation.

"No global variables" is just false. V has "constants", which are just "immutable" global variables, and as we've already seen, V's "immutability" is very mutable.

This blog post also addresses the "Performance", "Fast Compilation", and "Innovative memory management" sections of https://vlang.io/.

Broadly speaking, https://vlang.io/ seems to very clearly present the language as one that is suitable for use today. I don't see anything on the main page of https://vlang.io/ that says anything even vaguely similar to "This is a very early language, these features are aspirational but still very much under serious development, and there are many known gaps we have not built solutions to yet".

By my personal standards of epistemic integrity, the front page of https://vlang.io/ is misleading and dishonest. I recognize that many people consider this kind of "marketing" to be acceptable, and I'm fine with letting people do that as long as they're not complaining about people actually checking their claims.

I really love the ambition of V, and I would be very happy to use it if it were actually production-ready. I have sometimes used early-development tools in production when I've had a good understanding of what the actual gaps and deficiencies and defects in the under-development software are. V's aggressive marketing that goes out of its way to avoid discussing its weaknesses means that I can't actually rely on what I read from them about the language's suitability for high-reliability use. When someone shows me that they're happy and willing and eager to mislead people about the flaws in something, then I believe them!

To me, these posts seem to be written from a perspective of eagerly wanting to use the language that seems to be advertised, and being disappointed at the big gap between the marketing and reality. The two big messages I see in these blog posts are "Here are problems I found that make me concerned about using V" and also, separately, "V appears to be marketed as if it were a polished product suitable for production use, and that's concerning, given the problems found."

Notice the end of this post: "At this time, I would not recommend spending time on V. I would also be very cautious when taking claims made by the authors at face value."

This author explicitly says "At this time" they don't think V is suitable to rely on or will be soon, and they encourage skepticism when interpreting claims made by the author. This does not read at all like someone hateful to me. This very much reads like someone who really wants a production-quality V language to use, and hopes that the project someday succeeds.

0 comments

amedvednikov3y ago

> The specific problem is that V lets you directly adjust the array length without doing anything to ensure that the array capacity is at least as large as the newly-specified length.

This is false.

Tozen3y ago

I strongly disagree with you about the intent of the OP. I'm not saying you don't have other valid points, but want to focus on this particular aspect of your post. I think it's important to not assign benevolence, to what is possible malevolence. Why?

1) It is the author of the blog, that also created this thread on HN.

It shows the intent to disseminate his negative review as far and as wide as possible. And to do so outside of the V community.

2) If the OP was as eager to use the language as you believe, and was disappointed, he could have brought those issues to the V GitHub.

Who is going to the fix those issues that the OP (or anyone else) believes is a problem? It is going to be the V developers. So if the OP wanted those things that he believes are a problem fixed, that's who he has to bring them to.

Just outright mounting a smear campaign or crapping on the V language wherever possible, will never get any of the issues fixed on its own. Instead, as has been shown (by other places linking to the OP's blog), it will only invite more smearing and attacks.

3) The OP starts the review by linking to a number of very contentious posts from competitors and detractors of V, to include those that smear the author and language.

To do such will clearly set off drama, and makes the negative review part of the past drama. It now links them all together. This is not the intent of a person that wishes to "come in peace" or be helpful, this comes across as one having the purpose to set off a blazing fire of more drama.

4) The OP has shown no interest in working with V developers, and that's prior to publishing the review and spreading links to it.

The OP has demonstrated no intent to modify his review for correctness, fairness, or language version. This then puts "at this time", in the context that the review can stay as it is, indefinitely, regardless.

Add to that, the OP is purposely using a throwaway account on GitHub. He simply can disappear, without ever making changes to the review. We all know who the creator of V is and a number of its developers, they are all held accountable, as you are trying to do now. The OP on the other hand, has no accountability nor any "skin in the game".

5) The OP's review is without the necessary context and highly opinionated.

Without feedback or the opinions of the V developers, this is a one-sided negative review full of many debatable points about the claims made. The many gray areas can only gain context, when compared with what the V developers are showing their intentions are and in their responses to what are believed to be issues.

For more clarity at what I'm getting at, I'm not saying there are no issues with various claims or marketing, but rather what is claimed can be a matter of opinion. Because a person or reviewer disagrees with a claim, does not make them or their review 100% right either. Readers are left with a situation as to what percentage of either side is correct.

And no matter at what percentage either side is correct, who is going to fix any discovered issues? Right, it will be the V developers. So if the point was not to do any harm and help create production-quality V, then that's who needed/needs to be informed and worked with. If the OP is not interested in working with V developers, and rather produce and disseminate drama or facilitate smearing, then that's a reflection of their real intent.

ModernMech3y ago

Okay so do something about it. It’s been over 3 days since the blog post was written and all you’ve done since then is mount the same complaints here about how unfair the blog was.

Go write your own blog post. Submit it to hn. Refute all the points in the blog with evidence and code. Then we can have a follow up discussion with more substance.

At this point, you’ve made your position clear and you’re talking in circles. The way you combat a negative story is with a positive story. Whining about how unfair everyone is being to your favorite new language is a perfect way to limit its growth.

As such a small community, your personal behavior on public forums defines the tone of the entire V community for outsiders. You should critically analyze your posts here and ask yourself if they leave the impression of a community people would want to join.

Tozen3y ago

I'm not here to speak for all members of the V community, as it appears your are trying to pigeonhole me as doing, for your narrative. My personal opinions are in no way reflective of their entire community.

It also appears you prefer to see negative opinions or commentary about V, and are getting overly upset or obsessed with those you believe are defending the language in any way. I'm simply responding to a thread on HN (as you are), that was not made by me, and calling out things that I see or believe to be unfair.

The V community has open discussions that anybody can join and make comments on. You can also freely create an appropriate discussion at the V GitHub. This is something that it appears you don't know about (and what the OP purposely avoided), as you're "talking in circles" with me and giving your opinions about "whining". The link to it is below.

What don't you like about V / what would you like to be changed? (https://github.com/vlang/v/discussions/7610)

You can also interact with the V community on discord as well. (https://discord.com/invite/vlang)

You are free to go there and submit your many opinions about what the members of the V community should or should not be doing. Even better, as you seem to describe yourself as very technical and knowledgeable. You would be commenting directly to them. In general, they are very receptive, open, and friendly.

1 more reply

j / k navigate · click thread line to collapse

0 pointstene3y ago0 comments

  fn main() {
      x := []&int { len: 10, cap: 0 }
      println(x[4])
  }

> Can you link to such examples in V documentation?

  - No null
  - No undefined values
  - No undefined behavior
  - No variable shadowing
  - Bounds checking
  - Immutable variables by default
  - Immutable structs by default
  - Pure functions by default  --  This has since been removed from the list, but was present when the author started this review: https://web.archive.org/web/20220305171852/https://vlang.io/
  - Option/Result and mandatory error checks
  - Sum types
  - Generics
  - Immutable function args by default, mutable args have to be marked on call
  - No global variables