This is the government's strongest stance yet on software security, which puts manufacturers on notice: fix dangerous coding practices or risk being labeled as negligent.
That’s why I did not said it was impossible, just order of magnitude harder to catch in C++ compared to Rust.
To have asan finding the bug, you need to have a valid unit test, that has a similar enough workload. Otherwise you may not see the bug with asan if the vector doesn’t grow (and thus ref would still be valid, not triggering UB), leading to a production-only bug.
Asan is a wonderfull tool, but you can’t deny it’s much harder to use and much less reliable than just running your compiler.
That’s why I did not said it was impossible, just order of magnitude harder to catch in C++ compared to Rust.
To have asan finding the bug, you need to have a valid unit test, that has a similar enough workload. Otherwise you may not see the bug with asan if the vector doesn’t grow (and thus
refwould still be valid, not triggering UB), leading to a production-only bug.Asan is a wonderfull tool, but you can’t deny it’s much harder to use and much less reliable than just running your compiler.