2 comments

[ 5.0 ms ] story [ 22.3 ms ] thread
For many programs, memory safety is more important than raw performance.

It's obvious to me that the path of least resistance for memory safety in legacy C code is a memory-safe compiler, ABI (amd64_safe) and runtime, e.g.

    cc --safe httpd.c
I probably wouldn't mind if --safe were the default.
I love Rust, and I think that this is a valuable effort but I find the following statement questionable:

> We currently live in a world where deploying a few million lines of C code on a network edge to handle requests is standard practice, despite all of the evidence we have that such behavior is unsafe.

This seems to talk about safety as an absolute, and implies that a memory-safe rewrite would solve the problem. I think that putting any code in the path of public requests and incredibly risky, but a risk that we have to live with at this time.

Reducing risk is always good, especially if it can be a fairly seamless update for the vast majority of users. But let's treat it as just that, progress along a spectrum, not pretend that we have somehow solved the problem.