Stream: wg-secure-code

Topic: Quantifying Rust's safety


Shnatsel (Feb 10 2020 at 23:00, on Zulip):

A question came up at work whether I can quantify the safety benefits of Rust and back them up with actual data. Turns out I can:
https://www.reddit.com/r/rust/comments/f1ynel/quantitative_data_on_the_safety_of_rust/

Vytautas Astrauskas (Mar 15 2020 at 21:59, on Zulip):

I just found a related paper: https://arxiv.org/pdf/2003.03296.pdf

Shnatsel (Mar 18 2020 at 00:17, on Zulip):

I feel conflicted about this paper. On one hand, the legwork is praise-worthy and the conclusions on ways to prevent this are super interesting. On the other, it makes some rather strong claims without backing them up - like "Such issues are very common in third-party Rust libraries." and states that Rust is no better at preventing memory safety issues than "other languages", which is not a conclusion you can derive from the data presented. The "Implication to Potential Users" section is much more correct but almost reads like it contradicts the rest of the paper.

Vytautas Astrauskas (Mar 18 2020 at 02:02, on Zulip):

the conclusions on ways to prevent this are super interesting

Are you referring mainly to section 5.3 Implication to Compiler Developers or something else?

Shnatsel (Mar 18 2020 at 11:43, on Zulip):

Mostly 5.2 Implication to Program Developers because I don't understand 5.3 Implication to Compiler Developers well enough to tell how feasible it is

Vytautas Astrauskas (Mar 18 2020 at 14:47, on Zulip):

I see.

Last update: Jul 02 2020 at 19:00UTC