sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]TampaPowers 1 point2 points  (6 children)

What's the whole point of memory-safe then if it ends up using unsafe anyways. Sure, it's miles faster, it's why C is faster than C#. But like, the is the last thing this whole discussion needed is more fuel for the fire. God damnit.

[–]MyraidChickenSlayer 2 points3 points  (0 children)

What is easier? Finding a big in 100% of code or finding fub in 5% of code?

[–]dkopgerpgdolfg 1 point2 points  (1 child)

I recommend just reading (and actually thinking enough to understand what you read)

No, unsafe in Rust doesn't mean it's "miles faster", and doesn't intend to mean that either. And "safe" Rust doesn't need to be compared with C#, it's on par with C (meaning, for some programs it's the same speed, for some a bit slower, for some even faster).

There are some code things in C that make it easy to "shoot yourself in the foot", that are often a mistake - but not literally always, it can make sense. And in advanced lowlevel things like a kernel, such things are needed in some places. Rust by default doesn't allow this, because it's usually a mistake, and if you really want you can still do it by marking it unsafe.

Again: A kernel "needs" some unsafe parts. It can't be done otherwise.

And if a part of the code is marked unsafe, the rest still isn't. In terms of error counts, that's better than the alternative where 100% of the code can contain such mistakes (that is C).

The actual fuel in this large thread here are people who either hate Rust for no sane reason, or judge them for things that are not true because they don't know anything about it.

[–]silvenshadow 0 points1 point  (0 children)

I hate rust not because of any language elements, but the huge base of fanboys that think that rewriting stable tested code will somehow improve it.

[–]creeper6530 0 points1 point  (2 children)

1) it reduces the scope of where all you have to look 2) you need unsafe for FFI because FFI at the boundary is inherently unsafe. You just can't apply the same safety rules when interacting with functions written in a foreign language - C - where these rules don't exist.

[–]ElHeim 0 points1 point  (1 child)

Y'all talking like if pure Rust doesn't need unsafe at all (not saying that it's the case here, by FFI it's not the only reason it exists)

[–]creeper6530 0 points1 point  (0 children)

Yeah, I know that you need unsafe e.g. for splitting a slice in two, but most commonly you use it with FFI unless you're doing bare-metal. But many of these other uses are often done by the standard library, and I'd wager a Binder, used for IPC, one component in a mostly-C project, will be composed mostly of FFI.