[tialaramex]

> It's not going to find any in a memory safe language.

I mean, it's not supposed to find any in the unsafe language either, but that's why it was used.

Firefox not only uses unstable Rust features (via the exemption mechanism the same way Linux does it, trained professionals, closed course, do not attempt at home) it also presumably has some volume of its own explicitly unsafe Rust and so there's no reason this could not be checked, and what makes the difference here is whether it was or was not.

[IshKebab]

> I mean, it's not supposed to find any in the unsafe language either, but that's why it was used.

No it is supposed to find them in C++, because we all know humans are infallible and it's super easy to write memory errors in C++.

The whole point of Rust is that the borrow checker is infallible (pretty much anyway).

> it also presumably has some volume of its own explicitly unsafe Rust

"Some volume" is so tiny as to be irrelevant. There's no point going to this effort if Rust memory safety vulnerabilities are 1000 times less frequent than in C++.

That number is not made up. See https://blog.google/security/rust-in-android-move-fast-fix-t...

[tialaramex]

I assume you intended either "humans are fallible" or "humans aren't infallible" ?

I'd like to understand if Rust was skipped because they assumed it would be fine, skipped purely as happenstance, or in fact tested and found to not be problem. I don't like assuming things when I could measure instead.

[IshKebab]

> I assume you intended either "humans are fallible" or "humans aren't infallible" ?

Ha yes.