Comment by ActorNightly
6 months ago
>if your code compiles, it usually runs just fine.
This was the same argument for Java, which is memory safe, fairly strict in terms of ownership.
The fact is, Rust addresses only one memory safe thing, and that is double free. If you don't understand why that is, you probably shouldn't talk about memory safety.
The dividends never get there if you don't ever run into this.
>And then there's the fact that the programs themselves are fast. How many times has uv been brought up here and the #1 remark people have is "wow it's so fast!"
This is a vibe at best. The speed difference is surely there. But it makes very little difference when there are much slower things in the entire workflow, like pulling things from the internet.
Basically, Rust is a good choice for a small subset of things. Android happens to be one of them, because a) you need native code performance, b) you have multiple teams working on many services and c) you have a somewhat closed ecosystem where you control a lot of the low level things. Because of all of this, double frees are a real threat and can pop up as you are passing data around without strict checks.
> The fact is, Rust addresses only one memory safe thing, and that is double free. If you don't understand why that is, you probably shouldn't talk about memory safety.
How does Rust not address use after free?
Not to mention out-of-bounds access, uninitialized memory, invalid type casting, and a ton of insidious sources of undefined behavior
Most of these will usually make a program crash. Crashes are testable and not a memory safety issue. Exception handling was created specifically to deal with this.
Use after free is generally VERY hard to exploit. Double free can corrupt data structures more with control. Use after free is basically at the mercy of the allocator and program state, where whatever gets written to the same memory address may or may not be relevant.
There is a reason why most vulnerabilities these days are either higher level logic bugs, or things that require code execution on the machine.