There is no rust language without the unsafe keyword. It doesnt exist. The unwinding is unsafe. see the recent thread on /r/rust about mysterious segfaults.
Thats the point.
You cannot assert your rust program cannot crash.
Even if your code is perfect, there may be bugs in either the std library or some dependency you use that does crash.
Im not saying everyone uses unsafe code (or should) in their own code. Far from it.
Im saying that every rust program invokes unsafe code at some point.
So this myth of the 'pure rust' that is 'completely safe' is just that. A myth.
I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.
You can write a library in rust that will never invoke unsafe code, even if you can't have an entire standalone program.
>I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.
It's okay for now, but I'm eagerly waiting for a version where the important pieces of unsafe code can be formally verified. Give me safe unwinding, memory allocation, and sockets, and I can cover half the world.
As far as I know this isn't an especially difficult request. I could probably cobble together something right now by borrowing bits of verified C and gluing them to library-limited rust.
Thats the point.
You cannot assert your rust program cannot crash.
Even if your code is perfect, there may be bugs in either the std library or some dependency you use that does crash.
Im not saying everyone uses unsafe code (or should) in their own code. Far from it.
Im saying that every rust program invokes unsafe code at some point.
So this myth of the 'pure rust' that is 'completely safe' is just that. A myth.
I dont understand why this is difficult idea for people to accept. Just use the good bits of rust. rust doesnt need to be 100% safe; its not, and thats completely ok.