cqwrteur (euloanty.delete@this.live.com) on July 11, 2021 11:58 am wrote:
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust
>
> Same with Rust crates and std. You still see 80% of cves are memory safety cves.
>
> Notice that this is only in crates. A lot of security vulnerabilities are not shown. Redox OS whatever.
>
> https://bugzilla.mozilla.org/buglist.cgi?bug_id=1513519%2C1683439%2C1690169%2C1690718
> https://phabricator.services.mozilla.com/D103999

You really don't wanna go there; in Firefox we've got a large body of Rust code and it's exhibiting a fraction of the issues our C++ code suffers from. And those issues are usually trivially simple to address precisely because Rust's unsafe parts can be isolated. Additionally - if you'd be looking for another reason to use Rust - the parts of our code we have rewritten usually take 5-to-10 less LOCs than the old C++. Heck we've rewritten Python tools in Rust yielding less LOCs than the original. And that's not even touching things like robustness, memory usage and performance.

Citing an article from a former colleague about the first project he wrote in Rust from scratch:

Much of my work using Rust has been on the Rust compiler itself, but that mostly involves making small edits to existing code. fix-stacks is the third production-quality Rust project I have written from scratch, the others being Firefox’s new prefs parser (just under 1000 lines of code) and counts (just under 100 lines of code).

My experience in all cases has been excellent.

* I have high confidence in the code’s correctness, and that I’m not missing edge cases that could occur in either C++ (due to lack of safety checks) or Python (due to dynamic typing).
* The deployed code has been reliable.
* Rust is a very pleasant language to write code in: expressive, powerful, and many things just feel “right”.
* I have been writing C++ a lot longer than Rust but I feel more competent and effective in Rust, due to its safety and expressiveness.
* Performance is excellent.
* As mentioned above, the entire fix-stacks project wouldn’t have happened without the third-party Symbolic crate.

Rust gives me a feeling of “no compromises” that other languages don’t.

Emphasis mine.

> So, Rust must prove it is superior to modern C++. However, Rust still requires a huge amount of runtime afaik,
> due to the bloat of rustfmt and all sorts of other stuffs. Clearly, using Rust is no better either.

Actually Rust has already proven many times over that it's better than C++. In production environments, both in the FOSS and closed-source world. C++ and C are languages that were designed in the past century; with concepts and technical limitations from a different time and without the accumulated experience we have now. While they evolved over time their evolution is slow due to their large legacy and how their evolution happens (design-by-committee).

> Also recently I've found the stupidity like this:
> https://github.com/Rust-for-Linux/linux/commit/c606d85a0d3c67b8221fee5fa67028bdebd4b0cc#diff-521fe5c9ece1aa1f8b66228171598263574aefc6fa4ba06a61747ec81ee9f5a3

Why do you call "stupidity" making a large chunk of code safe? Weren't you the one saying that too much of that code was unsafe? Or maybe you didn't know that the body of an unsafe function is not unsafe by default. You seem unable to understand how unsafe code works in Rust.