Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Logic bugs are far more common, yes, but also much easier to spot barring subtle edge cases. Whereas with memory unsafety, the reviewer must load every function's conditions and invariants to their brain to emulate the borrow checker, at review time. Also the severity and cost of memory unsafe bug are far more higher: 70% exploit from memory unsafe, finding such bugs are also MUCH harder than finding logic bug.


This is not C anymore. When you write modern C++, it's much much more hard to introduce memory safety errors. And the logic hides in corner cases, so when you need to review logic, you're necessarily also reviewing memory correctness. I also don't agree with you on the part that logic is much easier than memory corruption - perhaps you haven't worked on systems complex enough? The 70% quote includes programs written in C, which I would argue, has a much higher of memory corruption errors.


The thing with logic is that some logic is simple and some logic is complex. With C or C++ you have to check the simple logic just as carefully as the complex logic because any line of code might introduce a memory vulnerability and UB which could effect your entire project. With Rust, a quick glance over the simple logic is probably enough and you can focus your review effort on the complex bits and the few unsafe blocks (if your project uses any).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: