|
|
Log in / Subscribe / Register

do memory safe languages matter less now?

do memory safe languages matter less now?

Posted Apr 22, 2026 18:46 UTC (Wed) by wtarreau (subscriber, #51152)
In reply to: do memory safe languages matter less now? by josh
Parent article: Firefox: The zero-days are numbered

> On the contrary, I think it *strengthens* the argument for memory-safe languages, and other mechanisms that fix whole categories of security issues.

From the few bug reports I had the opportunity to see, the tool is powerful enough to find complex logic bugs. That places all languages on the same ground. And I would even suggest that some simple usual traditional operations that force you to more complex approaches in memory safe languages to satisfy the compiler's imposed constraints might even be more likely to trigger logic bugs than in traditional languages precisely because of the difficult constraints. So... we'll see.

I think that for now these tools are mostly trained on existing code base and that C, PHP, JS and Python are so much common that they might be more efficient there than on newer and less represented languages like Rust or Zig for example. Thus even the initial statistics do not mean much for the long term. This is an area that progresses in big steps.

to post comments

do memory safe languages matter less now?

Posted Apr 22, 2026 21:44 UTC (Wed) by josh (subscriber, #17465) [Link] (2 responses)

All languages aren't on the same ground for logic bugs, either. For instance, I think ADTs that support matching, with errors for non-exhaustive matching, help eliminate many logic bugs.

I do think these tools will find bugs in code in every language. The question is where it finds *more*, and which ones are exploitable.

do memory safe languages matter less now?

Posted Apr 23, 2026 8:11 UTC (Thu) by NAR (subscriber, #1313) [Link]

Those stack overflows and stuff can enable the attacker to completely take over the program. Logic errors can be also serious (e.g. transfer money from other people's account), but rarely give complete access to the attacker.

do memory safe languages matter less now?

Posted Apr 24, 2026 9:22 UTC (Fri) by taladar (subscriber, #68407) [Link]

Iterators and functional handling of containers with map/filter/fold/... style higher order functions also eliminate a whole lot of bugs in traditional C loops and in fact contrain what can happen there significantly (e.g. map can never change the number of elements, filter can never increase it,...)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds