top | item 47121728

(no title)

> Modern C++ pretty much solves the safety issues.

I always wonder how can one come to such a conclusion. Modern C++ has no way to enforce relationship between two objects in memory and the shared xor mutable rule, which means it can't even do the basic checks that are the foundation of Rust's safety features.

Of course, this statement is also trivially debunked by the reality of any major C++ program with complexity and attack surface of something like a browser. Modern C++ certainly didn't save Chrome from CVEs. They ban a bunch of C++ features, enforce the rule of two, and do a bunch of hardening and fuzzing on top of it and they still don't get spared from safety issues.

discuss

GoblinSlayer|6 days ago

FWIW Chrome includes third party libraries like freetype and lots of bugs are in javascript. I imagine defensive checks in javascript will be controversial since performance of javascript is controlled by webdev, not by browser.

Koranir|6 days ago

Note that Chrome is replacing[1] FreeType with Skrifa[2], which is a Rust-based library that can handle a lot of the things FreeType is being used for in Chrome. A lot of Chrome's dependencies are being rewritten in Rust.

[1]: https://developer.chrome.com/blog/memory-safety-fonts

[2]: https://github.com/googlefonts/fontations/tree/main/skrifa

abuyalip|6 days ago

Yeah sure. Thing is, C does just fine people are making “safe” ways to run libc. Rust is a complicated monstrosity with a bunch of “unsafe” sprinkles.

What does the memory safety even matter when hackers poison heavily used crates?