And there are implementation bugs (which take a long time to fix), demonstrated by this package GitHub - Speykious/cve-rs: Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🦀 :
cve-rs implements the following bugs in safe Rust:
- Use after free
- Buffer overflow
- Segmentation fault
cve-rs also contains safe reimplementations of:
std::mem::transmute
std::ptr::null()
/null_mut()
but for references
Explained in these videos:
Every language that claims to be safe has this issue, that it may not actually live up to that 100% in its implementation, personally I don’t really want to rely on a type system that is complex, because I see the implementation of the language as part of my responsibility as a developer and ultimately I would want to understand not only how to use the language, but also how it is implemented.
IMHO Rust seems too complex to me, like it would require several people each specialized in one area, with Zig I feel more hopeful that I may have an at least basic understanding of all of its parts, eventually, in a more practical amount of time.
I also find the approach of having a multitude of tools, that when applied correctly, provide safety in specific ways, a more practical way to approach safety. That way specific tools can have a bug, while others still work, seems like this would allow for a more gradual and incremental way to approach a more safe future.
When safety is discussed, I always have to think about lock-picking demonstrations and the various ways they get around a lock that was supposed to be safe. I think safety shouldn’t be thought of as a global property, but instead as something that needs to be considered at every level of detail and for every boundary or new element that is added.
When a language is hyped for being safe, but then its implementation has bugs, I think all people using the resulting software end up in a worse place, where the developers are less aware of having to look out for exploits, like what is demonstrated above, and operating from a false sense of security.
If anything I would want the Rust community to put a spotlight on these soundness issues and develop practices around making sure that none of those are used in popular packages, until they are fixed.
Currently it seems to me like not many people are aware of these problems existing, which means that less careful developers may add packages to their projects that use those exploits. (To be fair, maybe it is more known once you are actually part of the community, than it seems to me looking from the outside?)
With languages that don’t claim to be safe, developers are more prepared to take responsibility for the code and dependencies that they rely on and to carefully vet them. (But to be fair, there is also no guarantee that they actually do it.)
Ultimately I think both approaches have their benefits (complex type system vs simpler type system), but I think Rust has some problems to overcome in its implementation and personally I would like it if those were communicated in a more prominent space, to people who consider using the language, instead of having to read a blog post, which seems a bit like shoving it under the carpet.