|
|
|
|
|
|
by Vecr
1316 days ago
|
|
|
It prevents data races, use-after-free, double-free, buffer overflow, invalid type punning, etc. You can still do all those things in unsafe code though, and you could in safe code if the unsafe code you depend on (including the kernel) behave/are programmed incorrectly. You can also have hardware issues and stochastic bit flips that Rust and SPARK can't deal with. |
|
|