This is true; unsafe Rust has a bunch if additional guarantees you need to be careful about. Not much, and it's not hard to keep track, but they exist. (Also, because you MUST worry about all possible inputs in unsafe rust it's a bit harder on that axis)https://twitter.com/hoodie_de/status/944917957033021440 …
That doesn't sound like it's more unsafe. C code also has to uphold the same invariants, but only the best programmers have the right mental model. Rust effectively encodes safety best practices in its safe dialect.
-
-
Rust unsafe blocks have the benefit of having all invariants locally specified which significantly reduces cognitive overhead for programmer. I agree on that aspect.
-
There are more invariants to uphold WRT Rust's borrowing semantics. From that perspective, there is more damage you can do from an unsafe block in Rust than from C.
-
There's also the challenge of knowing when you need UnsafeCell for aliasing mutable pointers.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.