[jakelazaroff]

Right, but the point is that you now have an explicit todo list of blocks to fix. You can trivially enumerate all sources of unsafety, and when a grep for unsafe blocks turns up empty you know your codebase is memory safe. When could you say the same about your Zig or C/C++ codebase?

I'm writing this as someone who doesn't even really like Rust; I'd probably prefer to write Zig! But those unsafe blocks definitely buy you something.

[gspr]

For normal use of unsafe in Rust, I completely agree, and I love the concept. But if you have a gazillion unsafe blocks written by someone (something) you don't trust to at least try to do the right thing, you're bound to have unsoundness in one of those blocks. And now your entire codebase is UB.

I don't see how this is any different from every line trailing with a comment of the form "FIXME: This line might be wrong".

And I say this as something of a Rust fanboy. I love the way unsafe blocks work, and the "locality of danger" they give you. But that all goes out the window if there's a gazillion haphazardly written such blocks.

[jakelazaroff]

They have a gazillion such blocks today. If they still have a gazillion such blocks in a year, sure. But presumably the plan is to replace them with safe Rust.