As soon as I saw the submission title I knew "it's something Linux related complaining about Rust" and it was (ie coreutils).
As you note (and I agree) Rust eliminates a whole class of potential bugs that are proven to be probably the primary vector of CVEs and we live in an era where that's simply unacceptable for core infrastructure. Heartbleed was one very public example. But these memory safety bugs are traded on the black market and end up in tools like Pegasus to spy on (or even kill) politicians and even journalists.
IME people an incredibly warped view of just how subtle and easy it is to introduce a memory safety bug. I think people think it's just bounds checking arrays and buffers. It's not. Writing any kind of multithreaded code (ie anything using primitives like mutexes directly) is incredibly error-prone. When you add in heteregenous cores and out-of-order processing it gets much, much worse.
There's a large company I know with many bright engineers who contributes heavily to tools like valgrind and asan. This is a company with a lot to lose and is deeply concerned about security. Somebody came up with a valgrind check and ran it over their C++ code base and, lo and behold, found issues that had been dormant in their code base for up to a decade. None exploited, as far as anyone knew. But think about it: a decade of checks, automated code-checking, etc had all missed some of these bugs.
People like to complain that writing correct Rust is hard. Thats's true, particularly for novices. But you'll get better. Thing is, writing correct C++ code isn't exactly easy either.
And perhaps writing such code in Rust is hard because writing memory safe code is hard.
> People like to complain that writing correct Rust is hard. Thats's true, particularly for novices. But you'll get better. Thing is, writing correct C++ code isn't exactly easy either.
Agreed, and I wish all of the "Rust is hard" people would offer this critique _in context_.
The question is not "is Rust harder than C or C++?". The question is, "is writing correct Rust harder than writing correct C or C++?".
You could even think of it in financial terms: "is the cost of writing correct Rust higher or lower than the cost of writing correct C or C++?".
Another interesting qualification to add on is: "...for someone who doesn't already know Rust or C or C++". If you had to onboard a new team member, and they didn't know Rust or C or C++, which language would you want your project to be in? Which would they be able to safely contribute to the fastest? I know what I'm picking.
> IME people an incredibly warped view of just how subtle and easy it is to introduce a memory safety bug.
Agreed, and I think part of the reason is because they take it personally when someone claims programmers (in general) can't consistently write memory safe C/C++.
As you note (and I agree) Rust eliminates a whole class of potential bugs that are proven to be probably the primary vector of CVEs and we live in an era where that's simply unacceptable for core infrastructure. Heartbleed was one very public example. But these memory safety bugs are traded on the black market and end up in tools like Pegasus to spy on (or even kill) politicians and even journalists.
IME people an incredibly warped view of just how subtle and easy it is to introduce a memory safety bug. I think people think it's just bounds checking arrays and buffers. It's not. Writing any kind of multithreaded code (ie anything using primitives like mutexes directly) is incredibly error-prone. When you add in heteregenous cores and out-of-order processing it gets much, much worse.
There's a large company I know with many bright engineers who contributes heavily to tools like valgrind and asan. This is a company with a lot to lose and is deeply concerned about security. Somebody came up with a valgrind check and ran it over their C++ code base and, lo and behold, found issues that had been dormant in their code base for up to a decade. None exploited, as far as anyone knew. But think about it: a decade of checks, automated code-checking, etc had all missed some of these bugs.
People like to complain that writing correct Rust is hard. Thats's true, particularly for novices. But you'll get better. Thing is, writing correct C++ code isn't exactly easy either.
And perhaps writing such code in Rust is hard because writing memory safe code is hard.