| ▲ | pizlonator 2 days ago | |
The kind of "safe Rust" where you never use `unsafe` and never call into a C library is theoretical. None of the major ports of software to Rust achieve that. So, no matter what safe language we talk about, "safety" always has its caveats. Can you be specific about what missing safety feature of profiles leads you to be so negative about them? | ||
| ▲ | steveklabnik 2 days ago | parent | next [-] | |
No, I am saying that safe rust says “if unsafe is correct, safe rust means memory safety.” Profiles does not even reach that bar, it says “code under profiles is safer.” It’s not about specifics, it’s about the stated goals of profiles. They do not claim to prove memory safety even with all of them turned on. | ||
| ▲ | Measter 2 days ago | parent | prev | next [-] | |
You've misunderstood what Steve is saying, and what safe/unsafe means in Rust. In Rust, if I have a block of code that doesn't use any operations that require the unsafe keyword, then I am guaranteed (modulo compiler bugs) that this block of code is free of all undefined behaviour. It does not guarantee that code in any function being called within that block is free of it, but it does guarantee this block of code is. Profiles don't give you that. | ||
| ▲ | dwattttt 2 days ago | parent | prev [-] | |
> The kind of "safe Rust" where you never use `unsafe` and never call into a C library is theoretical. None of the major ports of software to Rust achieve that. An entire program ported to Rust will call into unsafe APIs in at least a few places, somewhere down the call stacks. But you'll still have swathes of code that doesn't ultimately end up calling an unsafe API, which can be trivially considered memory safe. | ||