part of the problem is that rust has not yet a standardized memory model (there are candidates, wip)
this means there are limits to soundness analysis tools and guardrails you can provide ins table rust
through there had been pretty convincing examples about how under some of the (more promising) memory model candidates you can provide additional/different functions which are much harder to accidentally misuse
and soundness analysis tools do already exist, too
I believe that rust has the _potential_ to make it easier to write a lot of unsafe code correctly in rust then in C -- in the future.
Through the issue with people using a "it's only bits" mind set when doing unsafe code stays around, and is wrong, not just in rust but in C, too. No matter how much some people try to pretend C is a high level assembly.
this means there are limits to soundness analysis tools and guardrails you can provide ins table rust
through there had been pretty convincing examples about how under some of the (more promising) memory model candidates you can provide additional/different functions which are much harder to accidentally misuse
and soundness analysis tools do already exist, too
I believe that rust has the _potential_ to make it easier to write a lot of unsafe code correctly in rust then in C -- in the future.
Through the issue with people using a "it's only bits" mind set when doing unsafe code stays around, and is wrong, not just in rust but in C, too. No matter how much some people try to pretend C is a high level assembly.