I guess I should have been more explicit that I was talking about the language itself (without the unsafe keyword). Not libraries written in other languages, not compilers. It's the job of theorem provers and whatnot to make those safe.
In other words I'm talking about code the programmer makes themselves.
>Its easy to say, 'well, thats a bug in the library, not a problem with rust', but thats the same as with C++ isnt it?
In C++ nothing prevents the lines I write from having memory errors. It's not the same at all.
>If you can assert any code is 100% bug free then why do we care about the nice safety features in rust?
Oh well you shouldn't do that, but you also don't have to use unsafe code willy-nilly. In C++ everything you touch is unsafe unless proven otherwise.
>What are going to do? Vet every line of every part of every dependency in the code you use?
There is no rust language without the unsafe keyword. It doesnt exist. The unwinding is unsafe. see the recent thread on /r/rust about mysterious segfaults.
Thats the point.
You cannot assert your rust program cannot crash.
Even if your code is perfect, there may be bugs in either the std library or some dependency you use that does crash.
Im not saying everyone uses unsafe code (or should) in their own code. Far from it.
Im saying that every rust program invokes unsafe code at some point.
So this myth of the 'pure rust' that is 'completely safe' is just that. A myth.
I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.
You can write a library in rust that will never invoke unsafe code, even if you can't have an entire standalone program.
>I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.
It's okay for now, but I'm eagerly waiting for a version where the important pieces of unsafe code can be formally verified. Give me safe unwinding, memory allocation, and sockets, and I can cover half the world.
As far as I know this isn't an especially difficult request. I could probably cobble together something right now by borrowing bits of verified C and gluing them to library-limited rust.
In other words I'm talking about code the programmer makes themselves.
>Its easy to say, 'well, thats a bug in the library, not a problem with rust', but thats the same as with C++ isnt it?
In C++ nothing prevents the lines I write from having memory errors. It's not the same at all.
>If you can assert any code is 100% bug free then why do we care about the nice safety features in rust?
Oh well you shouldn't do that, but you also don't have to use unsafe code willy-nilly. In C++ everything you touch is unsafe unless proven otherwise.
>What are going to do? Vet every line of every part of every dependency in the code you use?
For unsafe blocks? Sure, that's easy.