Hot takes on the state of Rust v C/C++ for safety (mastodon cross post)
Hot takes on the state of Rust v C/C++ for safety (mastodon cross post)
A lot of people think I'm being sarcastic here, which is fair because I only went toe-to-toe against people on Twitter and didn't do much here, so I'll state my full opinion below anyhow: I would agree with anyone about not wanting to replace C (or C++). But, C has been alive for 50 years (or just ...
The post mentions data or research on how rust usage in is resulting in fewer errors in comparison to C. Anyone aware of good sources for that?
I've been able to find the following, but it does make sense and I've been reading articles for years saying the same thing. Memory bugs are the cause of the majority of security flaws in larger software. Rust, as it's memory safe by default, allows one to avoid this in the majority of the codebase. That link seperatly links off to google, microsoft, and a few others stating exactly that.
I haven't seen any direct "we switched to rust and now expeeriance 70% fewer errors" however, but the errors found would be impossible with rust, zig, or any other low level memory safe languages.
This post from 2022 was very interesting:
There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components [...] These are low-level components that require a systems language which otherwise would have been implemented in C++.
To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.
https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
Definitely interesting!
From the end of the article:
As Android migrates away from C/C++ to Java/Kotlin/Rust, we expect the number of memory safety vulnerabilities to continue to fall.
So have Google continued this and are generally pushing rust? With interest and support from Google, I'd imagine that'd flow into more contributions and financials etc.
Thanks!!