Rust is not a “safe language” (opens in new tab)

While correct, the headline is a bit disingenuous and the content is kind of obvious. No systems language will ever be 100% safe, and Rust is not the exception, as Safe is a spectrum, as Andrew Kelley points out [1].

However, Kelly also points out that Rust tends toward safety. Different languages tend toward safety at different rates, and Rust tends toward safety at a high rate for many reasons. In my experience Rust is the safest language that still allows me to accomplish the professional development tasks I do.

[1] https://twitter.com/andy_kelley/status/1554933549999894528

Is there a word for the type of verbal shell game where a purposefully-ambiguous phrase is used to imply an indefensible position? For example, the old joke about functional vs "non-functional" languages.

In one sense, saying "X is not a safe language" could mean that X is not a language that exclusively allows proven-safe constructions. One might say that Rust is not a safe language because it has `unsafe`, or Ada is not a safe language because SPARK isn't mandatory.

But this isn't what a typical reader should be expected to understand from the quoted phrase -- to say that Rust is "not safe" is to say that it is unsafe. It feels unreasonable to claim Rust is "not safe" when the same accusation would never credibly be leveled at Go, Java, C#, or other languages that encourage (without mandating) memory-safe programming.

--

  > The people saying that safety is all or nothing are toxic and
  > Rust community needs to stop turning a blind eye.

There is no such thing as a "Rust community". There cannot be a community for a programming language when (1) there's no way to prevent someone from using that language, and (2) the barrier to entry is an HTTP download and 15-minute tutorial.

I never hear about people discussing the "C++ community", or writing on Twitter about how the "Java community" needs to do something or other. It wouldn't fly, there's too many people known to use those languages to ascribe a common motivation to them. Yet when there's a smaller language -- Rust, Haskell, Go, Zig, whatever -- suddenly people start treating them as if they are a group, and criticizing people who use Rust for the behavior of other people who (claim to) use Rust. It's madness.

At best there can be a "posters on Reddit's /r/rust subforum" community, or "posters on Twitter's #rust hashtag community", but these are even more dubious. The only requirement to be a member of these "communities" is an email address and enough sense to not get banned.

Nobody would say "the Twitter #rust hashtag community needs to ..." because it would be obviously silly to expect good behavior from freshly registered user "PmMeToePhotos123456".

I agree with "Safety is a spectrum". By all accounts, Java is a "safe language"... until your code uses sun.misc.Unsafe

This title is pure clickbait. It's a cherrypicked line taken out of context.

For reference, this is the tweet in it's entirety:

"I agree with this person, along with many Rust community members. Rust is not a "safe language". It's a language that strongly encourages safety. Safety is a spectrum.

The people saying that safety is all or nothing are toxic and Rust community needs to stop turning a blind eye."

The reddit quote (image, sigh) is right: in Rust `unsafe` has its place. The language has been designed with the escape hatch from the start, so the "safe" subset of Rust is not a complete language. Rust wouldn't get far as a systems programming language if it always had to face limits of the borrow checking model and require the mythical Sufficiently Smart Compiler to magically fix every performance overhead.

Rust still helps ensuring that the "hold my beer" blocks are correct by reducing their scope to a few clearly marked places. This helps focus code reviews and fuzzing. Rust also encourages wrapping of high-risk code in foolproof abstractions, and has universal rules for how tight and robust such abstraction has to be. In a way, Python or Java are also safe abstractions on top of "unsafe" CPython or HotSpot. In Rust this division is just more granular, with the same syntax on both sides.

It's worth remembering that in Rust "safe" refers to Rust's specific guarantees around memory safety and thread safety, but the field of software security is much larger than that. There are lots of possible logic bugs and security issues beyond that, and Rust won't stop you from running `remove_dir_all("/")`.

Of course any systems programming language needs an unsafe escape hatch, if nothing else the ability to link into Assembly code, and then the pandora box is open.

The big difference is how much regular application developers are forced to go down that path, outside writing drivers or kernel stuff.

Zig should focus its security story in being better than just a Modula-2 (1978) with C inspired syntax.

RIDF roundup: the thread. Hit us with your best Rust activism!

Actually Rust is a syntax error. It passes the duck test for a syntax error - it looks like a syntax error, it acts like a syntax error, and it prints a syntax error, so it is a syntax error.