alt Hacker NewsQuote the entire sentence.
>It doesn’t matter that the language you use is memory-safe, if you didn’t design for correctness or have no process that will eventually lead you to fixing all bugs.
It's also worth noting that they linked a post about how memory safety is literally a matter of life and death, so it seems like their point is that memory safety is one class of bug, and a compiler guarantee about it doesn't equate to a guarantee of correct, bugless, unexploitable code.
Like, the linked author brought up that Khashoggi's wife's phone was hacked. Maybe that was due to a memory bug or some other kind of bug. Maybe the next journalist who gets hacked is a victim of a memory bug or some other kind of bug. But that linked post didn't take a holistic view of correctness, but went straight to, "Rust is safe. Rust saves lives." There's a logical error there that's being pointed out.
If you really want to save lives, you need to eliminate exploits. Not just do a victory lap because your compiler ostensibly eliminates one class of them. The compiler doesn't catch all bugs. The compiler isn't the only tool for catching bugs.
That's my reading of it, anyway. I think he has a point, and the Rust people do as well. I think it's wrong to portray him as bitter.
Replies
> The compiler doesn't catch all bugs. The compiler isn't the only tool for catching bugs.
I acknowledged that in my prior comment. This person is letting perfect be the enemy of good, and I guarantee you that they aren't running their binaries through Valgrind and Ghidra to check the runtime safety after it's built.
Exploits like Heartbleed get shipped because people abdicate their responsibility to write safe software. Shackling developers to dynamic analysis tools is not any better of a solution than using a memory-safe language to start. Rust is shaving a calf to avoid the whole yak.
That is correct, this blog post is about understanding the priority of various subgoals and the ultimate goal (creating useful software). Memory-safety is important but overfitting on that subgoal, as I believe the memory-safety blog post is doing, won't make you create better software.
If Rust helps you get all the way to correctness, then great, but that blog post was insane.