|
|
|
|
|
|
by LoganDark
19 days ago
|
|
|
I feel like your charactization of Rust is based on a misunderstanding. Safe Rust does not rely on predicting every future execution path, nor on understanding all runtime states. Safe Rust relies on making it provably impossible to take an execution path or reach a runtime state that is unsafe. This is a completely, entirely distinct approach and is not anything like existing static analyses e.g. of C. In fact that very drawback of being "forced to change otherwise natural data structures and API designs" is exactly for when you cannot sufficiently prove they are Safe Rust. Since you are not a fan of that, of course Rust may not be for you. But to pose it as an issue of unattainable static analysis is incorrect. Safe Rust achieves the analyses it does because it simply does not have constructs that require knowing every execution path or every runtime state. Its safety does not depend on that. You can choose to depend on it in Unsafe Rust, but then the soundness of that will depend on you, the programmer, rather than on the language. |
|
|