SoylentNews is people
SoylentNews
Google: After using Rust, we slashed Android memory safety vulnerabilities:
Google's decision to use Rust for new code in Android in order to reduce memory-related flaws appears to be paying off. Memory safety vulnerabilities in Android have been more than halved -- a milestone that coincides with Google's switch from C and C++ to the memory-safe programming language, Rust.
This is the first year that memory safety vulnerabilities are not the biggest category of security flaws, and comes a year after Google made Rust the default for new code in the Android Open Source Project (AOSP).
Other memory-safe languages Google has used for Android include Java and Java-compatible Kotlin. C and C++ are still dominant languages in AOSP, but Android 13 is the first version where most of the new code is from memory-safe languages. After Google adopted it for AOSP in April 2021, Rust now accounts for about 21% of new code. The Linux kernel project this year adopted Rust as the new official second language to C.
Android version 10 from 2019 had 223 memory safety bugs, while Android 13 has 85 known memory safety issues.
Over that period, memory safety vulnerabilities have dropped from 76% down to 35% of Android's total vulnerabilities, notes Android security software engineer Jeffrey Vander Stoep. With this drop in memory safety vulnerabilities, Google is also seeing a decline in critical and remotely exploitable flaws.
Vander Stoep notes that this change was not driven by "heroics" — just developers using the best tools for the job. The Android team plans to step up usage of Rust, although there are no plans to get rid of C and C++ for its systems programming.
"If I had to identify a single characteristic that makes this possible, I would say 'humility'. There's a willingness within all levels of the Android team to say 'How can we do better?' along with the fortitude to follow through and make changes, including systemic changes," he noted in a tweet.
"Humility needs to go both ways though. Rust doesn't solve all problems, and there are areas where C/C++ will continue to be the most practical option for development, at least for a while. That's OK."
(Score: 4, Insightful) by Anonymous Coward on Sunday December 04 2022, @08:58AM (5 children)
Guess you haven't been paying attention to the real world for the past few decades?
If you use the correct tools some errors become impossible or require extra effort from the programmers to shoot their own feet or others.
C++ is a bad tool for most people and most cases. It's unsafe in most hands.
C++ is like driving a manual transmission car without a clutch: https://www.youtube.com/watch?v=WWhI6VoTj_s [youtube.com]
There's probably a bunch of people in the world who can consistently use it safely. But there's a much larger group who merely think they can do it safely but they actually can't (the proof can be seen regularly in CERT). Those people should be using/doing something else where possible.
(Score: 0) by Anonymous Coward on Sunday December 04 2022, @02:39PM (1 child)
Perhaps the 2nd group should switch careers to the janitorial field.
(Score: 4, Touché) by turgid on Sunday December 04 2022, @05:10PM
I've got better things on which to expend my brain power, thanks. I also have a machine for washing dishes.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by Beryllium Sphere (r) on Sunday December 04 2022, @08:46PM
Everyone will have noticed I posted a specific request for information which went unanswered.
Here's an answer. It didn't take long to find an example of someone getting a double free while (mis)using smart pointers. Avoidable, of course, but only by having an accurate understanding of the language design and the intended use of the features.
https://stackoverflow.com/questions/39987897/double-free-or-corruption-with-shared-pointers [stackoverflow.com]
Another one is that std::vector is only guaranteed to protect against out of bounds errors if you use .at(). operator[] is not required to do anything desirable with an out of bounds reference.
And here is an entertaining debate about Rust versus modern C++.
https://www.quora.com/Is-modern-C-20-as-safe-as-Rust-if-I-program-according-to-the-latest-standards-and-keep-all-the-guidelines-SEI-CERT-etc [quora.com]
(Score: 2) by tangomargarine on Monday December 05 2022, @06:24AM (1 child)
Not 100% sure what your intention with this analogy is, but thought I should mention...after watching that video my first throught was "this definitely isn't destroying your gearbox in the process..."
https://en.wikipedia.org/wiki/Float_shifting [wikipedia.org]
Driving a manual transmission is sort of an example case of "if it sounds too good to be true, it probably is." Yes there are shortcuts, but you should only take them if you really know what you're doing. (Spoiler: you probably don't.)
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Monday December 05 2022, @06:33AM
Also, supposedly--depending on model--it's possible to *start* a manual transmission vehicle without using the clutch (or a downhill slope), by cranking your starter in first. Although of course your transmission will hate you.
https://www.reddit.com/r/cars/comments/j07wip/i_accidentally_learned_to_float_shift_but_im_not/ [reddit.com]
Always learning new weird facts about stick shift, and how many different ways they've been built over the years.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"