Rust’s compile-time verification is renowned for helping build robust code that is memory-safe. Combined with good practices, the modern language and tooling can go a long way towards making what most would consider “good” code.
However, when digging in the details, it becomes apparent that the community who designed the language didn’t make the tooling absolute or mathematically complete, by design. Instead, the intention is to provide a majority of the quality within reasonable compilation time, to make it very practical for the majority. The remaining aspects are left to either runtime instrumentation or other analysis tools.
This presentation will focus on exposing the types of bugs “left” in the code, based on analysis of production code using TrustInSoft Analyzer. This will hopefully give a picture of where/when additional tools are relevant, and when you can address issues in the most efficient way.
