39 comments

[ 2.7 ms ] story [ 63.7 ms ] thread
This is the bomb that sank C++ in 2026.

Have fun justifying that Rust is "also" unsafe, with the right tools you can achieve the same in C++, if you're a great dev you can do even better, etc.

Id like to see dev time in Rust vs C++, but generally, I sort of agree. If you use modern C++ with all its features, Rust is generally a better alternative.

That being said, it would be pretty easy to implement some pointer semantics even in C that can do 95% of what Rust does.

And tell me how that pointer semantics would do * a very strict type checking * Pattern matching * Algeberic data type

Plenty of people don't write Rust for additional memory safety, they write Rust because the features provided by it is overall very balanced & encourages developer to write code which handles almost all edge cases.

Nope, Rust compiler depends on LLVM and GCC (ongoing), both written in C++.

Then there are enough industry standards that are defined for C and C++, where Rust isn't even visible.

Most of these is confirmation of easily observable reality, but the 4x difference in rollback rates, jesus christ.
We all knew rust was safer. It was the 1000x number that surprised me.

Which is more that rust isn’t that safe in my mind, it’s that bugs are that prevalent. I never would have guessed that.

That 4x rate is very impressive too.

Great seeing all this data from a large big complicated codebase.

The issue with most codebases is nobody thinks about starting out with acceptance testing system.

The way it should work is that before even writing code, you design a modular acceptance system that runs full suite of tests or a subset based on what you are working on.

This is essentially your contract for software. And on a modular level, it means that it scopes down the contracts to the individual sub systems. And things like memory and cpu runtime constraints are a part of this.

If you have this, you basically replace what the Rust compiler is doing for you with tests. Memory leaks are caught. However, as a benefit, you also can verify changes in the dev cycle with things like performance degradation, all in the same system.

Note that Google still doesn't have official support for using Rust in Android userspace, though.

Despite all pluses on the blog, NDK only supports C and C++ tooling, same on Android Studio, and it is up to the community to do the needful work, if anyone feels like using Rust instead.

(comment deleted)
They've been trying to strangle the NDK for years. You can't even make an app without a ton of glue code on the JVM.
At this point I feel like it's no longer an uphill climb to get Rust into foundational, mission-critical code adoption. The benefits are so obvious. Maybe it's just a lingering religious war?

In any case, I'm glad we're seeing more and more evidence and case-studies of why "rewrite it in Rust" isn't just a meme.

Go look at the comments on any Phoronix article involving Rust in any way and you'll see that it's 80% rust haters making all the same arguments every Rust hater makes. You can implement the same safety features in C++ and assembly if you know what you're doing! You can still write bugs in Rust! I know someone who tried to learn rust and he accidentally deleted his home directory so everyone may as well stick to C!

It's all nonsense, but it would be hilarious if it weren't so ignorant.

Rust makes sense in the case of Android, where the kernel and software is rolled by Google. In the same way that Java made sense for a lot of the backend services in 2010s despite its drawbacks before Node and Python got major improvements in speed and compute became cheaper.

That however is a very niche case where Rust is applicable. The anti-rust people (like me) aren't saying that Rust is bad. We are just arguing against its adoption for everything.

When you see shit like "[...] should be rewritten in Rust because memory safe", it shows that people have no idea what memory safety even is. There is this dumb belief stemming from lack of proper CS education that any code you write can just randomly have memory safety issues.

The downsides of Rust is that its ownership semantics are often cumbersome to write, which slows down development. Rust is also still evolving because of the stuff that happens under the hood. And for a lot of things, where network latency is dominant and cpu cycles are spent sleeping waiting for responses to come back, you don't need natively compiled code in lieu of python or node that are way more flexible and faster to develop in.

So in most cases, Rust is not applicable, when you can write perfectly memory safe code faster.

This isn't control for confounding factors.

For example: folks are more likely to rewrite stuff that is well-understood, and stuff that is well-understood is going to have shorter review times and lower rollback rate.

That gnarly horrid mess that only a few greybeards grok and has massive test coverage, a long tail of requirements enforced by tests and experience, and a culture of extreme rigor? Longer reviews, more rollbacks, and less likely to be rewritten.

That is somewhat mitigated by grouping comparisons of S/M/L change sizes.

It would be interesting to group changes by line-deletions, say to indicate rewrites (and size of them)

> Chromium: Parsers for PNG, JSON, and web fonts have been replaced with memory-safe implementations in Rust, making it easier for Chromium engineers to deal with data from the web

I find this surprising, isn't Wuffs[1] (also made by Google) an even better fit for this particular use-case? (It has compile-time spatial memory safety, where Rust has compile-time temporal safety but runtime spatial safety, with bound checking).

Obviously for general-purpose system programming, Rust is a no-brainer and I'm happy to see Google pursuing their rustification of Android.

[1]: https://github.com/google/wuffs

If you're parsing untrusted data, then some level of runtime checking is unavoidable. And Rust's pretty good at letting you encode "I already checked this and therefore don't need to check it again" into the type system.
(comment deleted)
The graphs aren't showing up for me on the site unless I click on them
Don't let Lunduke Journal see this post, he might have an annurism.
I don't understand the graphs presented here. On the first graph showing "New Memory Unsafe Code" and "Memory safety Vulns" we don't have any steady state. The amount of both "unsafe code" and "memory safety vulns" had apparently already been dropping before 2019. None the matter though, we see a great big drop at 2022 in both.

Then in the next graph, showing "Rust" and "C++", we see that the amount of C++ code written in 2022 actually increased, with rust not really having gained any significant momentum.

How can one possibly square those two pieces of data to point at rust somehow fixing the "memory safety vulns"? Somehow an increase in C++ code led to a decrease in the amount of both "New Memory Unsafe Code" and "Memory safety Vulns".

Also "this approach isn’t just fixing things, but helping us move faster." is an AI red flag.

I’m a little perplexed why every time something in rust compiles, there’s a blog post about it. I was under the impression Ada, especially when using provers, has been around much longer and is more robust. I just can’t decide if the massive Rust evangelism budget is a red flag or just a curious sociological case study, but I wish I knew the truth.
> Also "this approach isn’t just fixing things, but helping us move faster." is an AI red flag.

Who do you think AI learned it from

I use rust for gamedev (not bevy). I'm unlikely to consider anything else exactly because of stability and throughput.

    5 million Rust LOC 
    One potential memory safety vulnerability found 
    Rust is 0.2 vuln per 1 MLOC.

    Compared to 
    C and C++ : 1,000 memory safety vulnerabilities per MLOC. 

Key take.
The thing about Rust is you pay for everything up front, and the dividends come later. You pay first to learn it, which is not easy. Then you pay every time you have to compile your code, which can kill development momentum. When you are learning, often times this manifests as a moment where you have to completely rearchitect your approach because plowing forward is too costly. It's at this point a lot of people say "Rust is too hard!" and they give up.

But if you stick it out, as Google has, the dividend is that more often than with other languages, you are not paying these costs continually but instead reaping dividends on the long run.

First of all, Rust has the Haskell-like property that (as long as the logic is sound) if your code compiles, it usually runs just fine. This is why testing speeds up, because all of the edge cases that are explored during testing were already accounted for by the compiler.

It also translates into easier refactoring, where you can make sweeping changes in the codebase and feel confident that you can put it all back together again.

And then there's the fact that the programs themselves are fast. How many times has uv been brought up here and the #1 remark people have is "wow it's so fast!". Fast is a feature, and your users benefit from it every time they run your code.

It's hard to find that nexus of features in other languages. Usually they are just as fast and hard to write as Rust, without the safety guarantees. Or they are just as safe as Rust, but without the speed. And that's why Rust has hit a sweet spot where other languages can't quite get it.

Rust has been such a "pain" to learn - at least compared to other, more straight-forward languages. But boy does it feel good when you know that after a few back and forths with the compiler, the code compiles and you know, there is not much that is going to go wrong anymore.

Of course, I am exaggerating a bit - and I am not even that experienced with Rust.

But after coding with Ruby, JS/TS and Python - it feels refreshing to know that as long as your code compiles, it probably is 80-90% there.

And it is fast, too.

I thought this article was about using Rust for mobile development, like Tauri on Android.
This was a great breakdown. Loved the different aspects they captured beyond memory safety, including the skill improvements within the team as they grew comfortable.
now ahow me how rust can protect us against tech giants doing sauron moves on our software ecosystems?
My friend told me he likes writing rust because he loves doing things that have already been done his senior pushed management to rewrite in rust and got approved after 2 months, he jokingly told him I guaranteed us a job for the next 3 years rewriting will take time. One paycheck collection strategy push Rust -> get adoption -> rewrite code (now memory safe yay) -> collect paycheck rewriting . In the meantime others will write memory unsafe code for you which is new and provide you a paycheck guarantee and the rust compiler helps you take your time when rewriting you can read the old code while it compiles.
It'll be interesting down the road to see how this affects the rate of security bugs that are not memory safety related.
I hope that Google and/or Rust community can use the 4% of unsafe Rust code in Android to design new Rust functionalities that will help replace some/most/all of them with something safe. Linux would perhaps benefit from that, too.
[flagged]
I find it very ironic that you are calling out sockpuppets when your name is literally "RustSupremacist" and your submission history is less than stellar.