Rust and SPARK: Software Reliability for Everyone (2017)

<i>&gt; Programming languages often defer reliability and security to tools and processes. Two initiatives--SPARK and Rust--state that language is key to reaching those objectives.</i><p>I wouldn&#x27;t quite put it like that. I can&#x27;t speak to SPARK, but Rust absolutely doesn&#x27;t want to displace or discount the value of tools and processes--it wants to augment them.<p>Rust positions itself as one layer in a defense-in-depth strategy; that&#x27;s the reason why Rust, despite striving to provide strong memory safety guarantees, still compiles programs with RELRO, NX, ASLR, PIE, basically whatever binary-level mitigations it can get its hands on.<p>As far as tools go, the Rust compiler is viewed as just the first tool of many. Rust recently changed the default allocator of Rust programs to be the system allocator rather than jemalloc (the system allocator was already the default on some platforms, like Windows), in order to (among other reasons) support Valgrind out of the box. And I don&#x27;t know the current level of support for these, but Rust does eventually seek to support LLVM&#x27;s various sanitizers: asan, tsan, ubsan, msan, etc. (currently I think these might work primarily on 64-bit Linux). Rust is also developing external tools of its own; see for example this blog post series from Ralf Jung about creating a tool to dynamically check the validity of unsafe code in Rust programs, with the eventual goal of having a formally-proven model: <a href="https:&#x2F;&#x2F;www.ralfj.de&#x2F;blog&#x2F;2018&#x2F;11&#x2F;16&#x2F;stacked-borrows-implementation.html" rel="nofollow">https:&#x2F;&#x2F;www.ralfj.de&#x2F;blog&#x2F;2018&#x2F;11&#x2F;16&#x2F;stacked-borrows-impleme...</a><p>As for processes, one of the impetuses for locking undefined behavior behind the `unsafe` keyword was to better focus developer processes on writing and reviewing code. For example, Servo has a bot that comments on any PR that touches a file containing the `unsafe` keyword. In an organization using Rust, I would expect any first-time Rust programmers to be disallowed from checking in code using the `unsafe` keyword until they get a handle on the language.

I am currently and avidly learning Rust. It&#x27;s a steep learning curve, but I hope it pays off in future. And by pay off I don&#x27;t mean financially, but creating some cool software.

It&#x27;s a solid comparison, but I find it interesting that the author refers to Rust&#x2F;Java&#x2F;C++ as coming from the “IT World”. I guess the bit about human subcultures being fractal rings true here.

(Note this is from April of 2017)

SPARK, the language. Whatever happened to that?