Pitfalls of Safe Rust

(corrode.dev)

168 points pjmlp | 2 comments | 04 Apr 25 17:55 UTC | HN request time: 0.473s | source

Show context

nerdile ◴[06 Apr 25 17:56 UTC] No.43603402[source]▶

Title is slightly misleading but the content is good. It's the "Safe Rust" in the title that's weird to me. These apply to Rust altogether, you don't avoid them by writing unsafe Rust code. They also aren't unique to Rust.

A less baity title might be "Rust pitfalls: Runtime correctness beyond memory safety."

replies(1): >>43603739 #

burakemir ◴[06 Apr 25 18:33 UTC] No.43603739[source]▶

>>43603402 #

It is consistent with the way the Rust community uses "safe": as "passes static checks and thus protects from many runtime errors."

This regularly drives C++ programmers mad: the statement "C++ is all unsafe" is taken as some kind of hyperbole, attack or dogma, while the intent may well be to factually point out the lack of statically checked guarantees.

It is subtle but not inconsistent that strong static checks ("safe Rust") may still leave the possibility of runtime errors. So there is a legitimate, useful broader notion of "safety" where Rust's static checking is not enough. That's a bit hard to express in a title - "correctness" is not bad, but maybe a bit too strong.

replies(5): >>43603865 #>>43603876 #>>43603929 #>>43604918 #>>43605986 #

1. antonvs ◴[06 Apr 25 23:41 UTC] No.43605986[source]▶

>>43603739 #

> This regularly drives C++ programmers mad

I thought the C++ language did that.

replies(1): >>43606483 #

2. felbane ◴[07 Apr 25 01:14 UTC] No.43606483[source]▶

>>43605986 (TP) #

It certainly used to, but tbh C++ since 17 has been pretty decent and continually improving.

That said, I still prefer to use it only where necessary.

↑