Remix.run Logo
steveklabnik 4 hours ago

Memory safety is:

1. Foundational for other forms of safety

2. Has an objective definition, when some other forms of safety are either subjective or inter-subjective.

That said, I don't understand why your parent brought this up to you, you are talking about memory safety in your original comment here, so that's what Rust's safety is about.

inigyou 2 hours ago | parent [-]

I feel that the buzz phrase "memory safety" has been defined by Rust to mean "the safety Rust gives you". Obviously memory usage can be more safe or less safe, and Rust is decidedly on the safe end of the spectrum, but it also has the gaping type system holes demonstrated in cve-rs which completely shatter any claim that safe code is safe, and there are other bugs which occur in Rust while the programmer is distracted by trying to prove their code is memory-safe.

steveklabnik 2 hours ago | parent [-]

> the buzz phrase "memory safety" has been defined by Rust to mean "the safety Rust gives you".

It's more that Rust's safety guarantee is memory safety. No more, no less. It's not about buzz, this term was used long before Rust existed.

> it also has the gaping type system holes demonstrated in cve-rs

This is not a "gaping hole". It is a compiler bug, which has never been found in the wild.

> there are other bugs which occur in Rust

This is true! Every language can have bugs in it, and Rust does not claim to solve all bugs.

inigyou 2 hours ago | parent [-]

Does cve-rs break any type system rules? If so, why hasn't it been fixed yet?

steveklabnik 2 hours ago | parent [-]

> Does cve-rs break any type system rules?

Yes.

> If so, why hasn't it been fixed yet?

Pretty classic software engineering reasons.

The part of the system that it involves was in the process of being re-written already. The re-write fixes the bug. Because it is essentially a theoretical issue, and not an actual problem in any real code, it is not a five alarm fire. Waiting for that re-write to land makes the most sense, instead of putting in a ton of work that will be thrown away.

Other, more serious miscompilations get fixed faster. In fact, a version of the Rust compiler was released today to fix one, even https://blog.rust-lang.org/2026/07/16/Rust-1.97.1/

This one was impacting actual users, and did not require re-writing entire subsystems to fix properly. So the engineering and product tradeoffs are different.

inigyou an hour ago | parent [-]

If cve-rs exists, is safe rust safe? Can one prove that Rust code is safe only by auditing the unsafe blocks?

steveklabnik 44 minutes ago | parent [-]

Every compiler has bugs.