This is true; unsafe Rust has a bunch if additional guarantees you need to be careful about. Not much, and it's not hard to keep track, but they exist. (Also, because you MUST worry about all possible inputs in unsafe rust it's a bit harder on that axis)https://twitter.com/hoodie_de/status/944917957033021440 …
This seems off, since C++ has C in it. Is C really safer than unsafe Rust?
-
-
Rust has pervasive noalias, for one. Rust unsafe also doesn't make it hard to do *really* weird things, whereas C++ still puts roadblocks. Less so C but I'm talking about C++ codebases here, that use constructors and stuff.
-
C++ has C in it, but you can't suddenly start doing C things with your C++ types in your C++ codebase.
-
I'm saying this from experience doing really weird things in Gecko ffi and realizing that unsafe rust lets me do pretty funky things that I have to hack my way around in C++.
-
Ok fair enough. You mean "modern C++ codebases with normal compiler settings"
-
Even non-modern c++ codebases, really. Normal ones.
End of conversation
New conversation -
-
-
I imagine they are referring to how unsafe code must do the right thing regarding pointers/mem/UB but *also* uphold Rust’s invariants around references, single mutable pointers vs multiple immutable, and UnsafeCell when violating that safely.
-
That doesn't sound like it's more unsafe. C code also has to uphold the same invariants, but only the best programmers have the right mental model. Rust effectively encodes safety best practices in its safe dialect.
-
Rust unsafe blocks have the benefit of having all invariants locally specified which significantly reduces cognitive overhead for programmer. I agree on that aspect.
-
There are more invariants to uphold WRT Rust's borrowing semantics. From that perspective, there is more damage you can do from an unsafe block in Rust than from C.
-
There's also the challenge of knowing when you need UnsafeCell for aliasing mutable pointers.
End of conversation
New conversation -
-
-
C has years of tooling on static analysis, etc.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.