A lot of people think I'm being sarcastic here, which is fair because I only went toe-to-toe against people on Twitter and didn't do much here, so I'll state my full opinion below anyhow:
I would agree with anyone about not wanting to replace C (or C++). But, C has been alive for 50 years (or just ...
The post mentions data or research on how rust usage in is resulting in fewer errors in comparison to C. Anyone aware of good sources for that?
I've been able to find the following, but it does make sense and I've been reading articles for years saying the same thing. Memory bugs are the cause of the majority of security flaws in larger software. Rust, as it's memory safe by default, allows one to avoid this in the majority of the codebase. That link seperatly links off to google, microsoft, and a few others stating exactly that.
I haven't seen any direct "we switched to rust and now expeeriance 70% fewer errors" however, but the errors found would be impossible with rust, zig, or any other low level memory safe languages.
There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components [...] These are low-level components that require a systems language which otherwise would have been implemented in C++.
To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.
As Android migrates away from C/C++ to Java/Kotlin/Rust, we expect the number of memory safety vulnerabilities to continue to fall.
So have Google continued this and are generally pushing rust? With interest and support from Google, I'd imagine that'd flow into more contributions and financials etc.
Both. It allowed/forced me to explicitly handle edge cases I wasn’t thinking about. That means the error doesn’t happen at run time, but at compile time (or while writing!) so technically speaking the errors didn’t go away, they moved to in my face rather than “maybe in the future.”
Most of the time the remedy was to explicitly catch whatever happened and nicely explain what happened, vs looking at empty production logs because logging is turned down.
It’s certainly a preference, but for me, I’d rather argue with the compiler all day long and push a bulletproof release than quickly ship something I thought was good and be embarrassed.