←back to thread

Embedded Rust in Production?

(blog.lohr.dev)
205 points michidk | 1 comments | 14 Oct 24 06:06 UTC | HN request time: 0.207s | source
Show context
dextrous ◴[14 Oct 24 12:13 UTC] No.41836789[source]
I am a C/C++ dev learning Rust on my own, and enjoying it. I am finally starting to enjoy the jiu jitsu match with the compiler/borrow-checker and the warm “my code is safe” afterglow … but I have a question for the more experienced Rust devs out there, particularly in light of the OP’s observation about “lots of unsafe” in the Rust embedded realm (which makes sense).

If your Rust project leans heavily on unsafe code and/or many libraries that use lots of unsafe, then aren’t you fooling yourself to some degree; i.e. trusting that the unsafe code you write or that written by the 10 other people who wrote the unsafe libs you’re using is ok? Seems like that tosses some cold water on the warm afterglow.

replies(3): >>41836851 #>>41836872 #>>41846831 #
1. Ygg2 ◴[14 Oct 24 12:26 UTC] No.41836872[source]
> If your Rust project leans heavily on unsafe code and/or many libraries that use lots of unsafe, then aren’t you fooling yourself to some degree

That's why every unsafe block needs a SAFETY block.

Is using vec.get_unchecked(6) safe? No. Is it safe for a vector that will under all circumstances (i.e. invariant) have exactly 64 element. Yes.

As long as for all possible inputs in safe function your SAFETY block holds, that code is considered safe.