[steveklabnik]

Okay so, technically in theory you can introduce logic bugs, but not memory safety bugs, if you don't consider unwind safety in safe code. Logic bugs can happen in any code, of course.

The practical, day-to-day implications of this still round to zero, though.

[quotemstr]

> The practical, day-to-day implications of this still round to zero, though.

Vendors have been using similar language to downplay potential bugs for decades, usually to disastrous results. At one point, even memory safety wasn't a big deal. I'm just waiting for a software package to have a security vulnerability when an attacker is able to trigger an untested Rust unwind path and put some Rust daemon into a state it didn't expect.

There are many good parts of Rust, but I don't think I'm ever going to convinced that the error handling wasn't a huge and unfixable mistake. It's because error handling is such a big mistake that Rust has grown layers of syntactic sugar --- try!, !, etc. --- to paper over the ugly spot in the language.

[steveklabnik]

Again, I am only speaking of logic bugs here. You cannot introduce memory safety bugs without unsafe code.

> I don't think I'm ever going to convinced that the error handling wasn't a huge and unfixable mistake.

That's fine. No language can satisfy everyone.

[quotemstr]

Logic bugs can be just as disastrous as memory safety bugs. From an attacker's point of view, they're ultimately about making a program do something not intended. Downplaying logic bugs (where Rust is weak) and emphasizing memory safety (where Rust is strong) might make Rust look better, but it's not doing any favors for computing.

[steveklabnik]

I agree that they can be. There are a few differences:

1. It is not clear that we will ever be free of logic bugs to the same degree that we can minimize memory safety bugs.

2. We're in a specific context in this sub-thread, and that's that you claimed that this is a pervasive issue that everyone must consider all the time. These logic bugs can only be introduced in a context that is very unusual, and so my claim is not that logic bugs in general are irrelevant, but that the context that this kind of bug can appear is smaller than you say it is.

> logic bugs (where Rust is weak)

Rust gives you way more tools than C to reduce logic bugs as well.

[quotemstr]

The whole point of secure programming is caring about those "unusual" contexts. And the comparison to C isn't really fair: C is dangerous for everything. Yes, Rust is better than C, and even better in some ways than C++, but my point is that there's another Rust out there, a Rust^, that's even better than Rust, and Rust^ uses exceptions for error handling throughout.