I don't think you appreciate the classes of bugs that Rust eliminates. "Memory safety" isn't just "don't have buffer overflows". It's also eliminating multithreaded race conditions. Missing locking problems. Complex codepaths that lead to an accidental UAF.
Quite frankly, if you review complex C code that is called across multiple threads and you don't spend a signficant amount of time thinking about those things... you're probably not doing a good job reviewing it.
How thorough a review would be required to catch the race condition UAF bug that I describe here?
https://github.com/AsahiLinux/linux/issues/309#issuecomment-2239280107
That code clearly went through review but it wasn't caught. In fact I dare say hours of additional review would probably not have caught that bug. You have to spend large amounts of time simulating potential execution scenarios in your head to catch it. It took me a long time to even understand it with the crash traceback in front of me.
That bug is impossible in safe Rust.
Hoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!
npub1cx…z6wtz
2024-08-31 16:31:06 UTC
in reply to nevent1q…5ast
Author Public Key
npub1cxqje22r8ewnr30rt625d58cr8gpdjnw405cq5765m2qsvghnmpquz6wtzPublished at
2024-08-31 16:31:06 UTCEvent JSON
{
"id": "7f059a8dfd00df2fb2e86d1902439187a8653449b669fc517026f009885e34ea",
"pubkey": "c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2",
"created_at": 1725121866,
"kind": 1,
"tags": [
[
"p",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"p",
"45813ac9aea8ce388426375b729c79d2f50feda407c1a5f7cf4ad2a839af9396"
],
[
"p",
"518577e01dd3d06cd7dae22c3a7767ddadac59129e63740bcbda69318067e2a3"
],
[
"e",
"b853271c1960b8ee9ad9bbd5e5d71cf93dab8ec3348aabdd9d441d592923e6e6",
"",
"root",
"c1812ca9433e5d31c5e35e9546d0f819d016ca6eabe98053daa6d40831179ec2"
],
[
"proxy",
"https://vt.social/@lina/113057586635492304",
"web"
],
[
"e",
"58186b6462dbea11ab7931991c3feaab0b04b1ef0450698c92d519dcc87a3a6e",
"",
"reply",
"45813ac9aea8ce388426375b729c79d2f50feda407c1a5f7cf4ad2a839af9396"
],
[
"proxy",
"https://vt.social/users/lina/statuses/113057586635492304",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://vt.social/users/lina/statuses/113057586635492304",
"pink.momostr"
],
[
"-"
]
],
"content": "I don't think you appreciate the classes of bugs that Rust eliminates. \"Memory safety\" isn't just \"don't have buffer overflows\". It's also eliminating multithreaded race conditions. Missing locking problems. Complex codepaths that lead to an accidental UAF.\n\nQuite frankly, if you review complex C code that is called across multiple threads and you don't spend a signficant amount of time thinking about those things... you're probably not doing a good job reviewing it.\n\nHow thorough a review would be required to catch the race condition UAF bug that I describe here?\n\nhttps://github.com/AsahiLinux/linux/issues/309#issuecomment-2239280107\n\nThat code clearly went through review but it wasn't caught. In fact I dare say hours of additional review would probably not have caught that bug. You have to spend large amounts of time simulating potential execution scenarios in your head to catch it. It took me a long time to even understand it with the crash traceback in front of me.\n\nThat bug is impossible in safe Rust.",
"sig": "25fbe9bfbc81873b20c29c88df78a57989f6a894a097391f6600932154831bc9c02070c7ffad6f35e5c436d06e3a6654a9c5c0e4ab91f7c9607538cd96d09c08"
}