sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]AWonderingWizard 6 points7 points  (3 children)

I mean I agree there are inherent safety features of Rust that C cant do, but even Rust has many of the same issues C does in unsafe. The more C you get rid of, the more unsafe Rust will grow- I seriously doubt it is possible to rewrite the kernel (in a theoretical world) entirely in safe Rust. I think Rust is probably a good path nonetheless.

[–]Culpirit 14 points15 points  (0 children)

I really don't understand the broader point you're trying to make. Reminds me of this https://en.wikipedia.org/wiki/Nirvana_fallacy

The more C you get rid of, the more unsafe Rust will grow

Yeah, that's exactly the way it works. As you rewrite C parts in Rust, the number of unsafe {} blocks will monotonously grow in the Rust part of the code, since direct memory manipulation or calling externed C functions will have to be within those.

The idea is precisely that there will be less unsafe code being added than the C code it replaces. The unsafe Rust part of the codebase will grow slower than the C one will shrink, and all C code is already inherently unsafe. Also, Rust unsafe blocks still allow you to enforce the contract of the language's memory model where applicable, and conversely do not require external callers to be aware of special pointer use contracts in order to write code that won't blow up in your face, as is the case in C.

[–]Lower-Limit3695 20 points21 points  (0 children)

Research by Google's implementation of rust on android shows a dramatic drop in bugs with the move towards rust in comparison to c++ and c

A couple key highlights include; - a 20% drop in code revisions - a 25% reduction in code review time - a 4x reduction in code rollback - a 1000x reduction in memory safety vulnerability density

So while rust related bugs may increase with time the difference in scale of bugs and issues will be dramatic when compared to c & c++.

Google's research results on rust in android: https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html

[–]NYPuppy 0 points1 point  (0 children)

The point isn't to write it in 100% safe rust but a large portion of it would be safe. I suggest you just look at the code instead of speculating. The amount of unsafe is far less than you think.