The post mentions data or research on how rust usage in is resulting in fewer errors in comparison to C. Anyone aware of good sources for that?

  • sorrybookbroke@sh.itjust.worksM
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    I’ve been able to find the following, but it does make sense and I’ve been reading articles for years saying the same thing. Memory bugs are the cause of the majority of security flaws in larger software. Rust, as it’s memory safe by default, allows one to avoid this in the majority of the codebase. That link seperatly links off to google, microsoft, and a few others stating exactly that.

    I haven’t seen any direct “we switched to rust and now expeeriance 70% fewer errors” however, but the errors found would be impossible with rust, zig, or any other low level memory safe languages.

    • robinm
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      This post from 2022 was very interesting:

      There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components […] These are low-level components that require a systems language which otherwise would have been implemented in C++.

      To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.

      https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html

      • maegul (he/they)@lemmy.mlOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        Definitely interesting!

        From the end of the article:

        As Android migrates away from C/C++ to Java/Kotlin/Rust, we expect the number of memory safety vulnerabilities to continue to fall.

        So have Google continued this and are generally pushing rust? With interest and support from Google, I’d imagine that’d flow into more contributions and financials etc.

    • CHOPSTEEQ@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      ·
      4 months ago

      Anecdotally I converted a python app to rust and suddenly had no more runtime errors. It’s utter bliss.

      • maegul (he/they)@lemmy.mlOPM
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        That’s interesting. What made the difference? The type system? Or memory safety constraints forcing more correct logic?

        • CHOPSTEEQ@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          Both. It allowed/forced me to explicitly handle edge cases I wasn’t thinking about. That means the error doesn’t happen at run time, but at compile time (or while writing!) so technically speaking the errors didn’t go away, they moved to in my face rather than “maybe in the future.”

          Most of the time the remedy was to explicitly catch whatever happened and nicely explain what happened, vs looking at empty production logs because logging is turned down.

          It’s certainly a preference, but for me, I’d rather argue with the compiler all day long and push a bulletproof release than quickly ship something I thought was good and be embarrassed.

          • maegul (he/they)@lemmy.mlOPM
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            while writing!

            Yea, understated IMO how much the compiler requirements actually manifest directly in the writing process with LSPs etc.

            Most of the time the remedy was to explicitly catch whatever happened and nicely explain what happened

            Yea even that is making the logic more water tight.