[penpapersw]

I'm not that optimistic. In my experience, nightmare-level code will be written by the person who wrote it no matter what language they use. Rust doesn't look all that cleaner than C++, just that it has a few more safety guarantees. I'm sure terrible code will be written in it. And I'm sure clean code will be written in it that people without context will call terrible code.

[SamReidHughes]

The way I'd put it is, I'd be much more confident in the ability of an open source project to survive receiving contributions from the general public if it were written in Rust rather than C++.

[moosingin3space]

Yes! This has been my view on Rust for a while -- it's a relatively inexpensive way to boost productivity and general security of projects. This is especially true when the alternative is formal verification, which is less ergonomic than Rust and effectively would require a rewrite of C code anyway.

[moosingin3space]

I've written awful Rust code myself, and I'd still rather be writing Rust than C++, because sticking to Rust idioms makes it harder to do the wrong thing without it being obvious.

[wtetzner]

I think the bigger problem is that nightmare code is the stuff nobody understands. So it's the hardest to re-write, because nobody knows what it does.

So nightmare code is the code that lives forever, whereas well-written code is easily replaceable.

[vvanders]

People can definitely write bad code in any language, however Rust relentlessly forces you towards single-ownership(unless you're using RefCell) which is a really good thing.

[zanny]

The thing is nightmare Rust code is usually obvious - the dev is using a lot of unsafe{} blocks, or Cell, or is spewing out a really complex type signature.

With C++, the nightmares are just really obscured pointer manipulation that can work but have infinite edge case failure states that cause endless undefined behavior.

In Rust, if it compiles, it is at least constrained to only break what the dev explicitly broke, it doesn't break everything.

[sanxiyn]

Note that Cell is entirely safe and not problematic. It is RefCell that can cause problems.

[staticassertion]

People will write awful rust code. The impact of this will not be an attacker's ability to completely take over a system. That's a level of "awful" I'll take.