I love the idea of C and C++, but I hate C and C++. They’re fast and give me an immense amount of control, and they break all the time (which is ultimately my fault, I suppose). Given this, you can imagine how happy I was when I discovered Rust, a language with all the control of C++ but with a new set of compile-time static analysis on top that guarantees memory safety. There have been many talks and blog posts about how Rust catches many things at compile time, which is great, but the best feature I’ve found so far is the runtime safety.
Rust code will never segfault. Rust code will never have a buffer overrun. For example, this program in C will give you a bad time:
Precisely, it will read data from somewhere in memory that it shouldn’t (i.e., places after array) until it eventually segfaults:
Running this through the line counter reveals that it produces about 1000 lines of output, which means it’s basically dumping the entire contents of its process and some random surrounding memory. This could easily be a very bad security problem.
In Rust, the equivalent program might be:
This results in a much better outcome:
No security problem, and it’s far, far clearer what went wrong.
In addition to Rust’s many, many static analysis benefits, it has better runtime safety than C and completely eliminates several classes of security problems right off the bat.