[smaddox]

Skimming MISRA C, it seems to be a collection of either extremely limiting or ineffectual directives. An example of each:

> Dir 4.12 Dynamic memory allocation shall not be used

> Rule 2.2 There shall be no dead code

https://github.com/sakura1083841400/MISRA-C/blob/main/MISRA%...

This provides nothing approaching the guarantees of safe Rust, as far as I can tell.

[spaceywilly]

Not sure what you’re getting at. We take those rules and use a static analysis tool (LDRA) to prove they are met. You can write unsafe code in any language.

[hgs3]

I wouldn't dismiss MISRA C so quickly as its guidelines may prove useful when deriving best practices for unsafe Rust.

[steveklabnik]

See also https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...