Joshua BarrettoDec 17

> Rust is too constrained without [unsafe blocks] to get any useful work done.

Just saw this in the wild again.

@veloren has about 330,000 lines of Rust code today. It's a networked, multi-threaded, 3D, portable game and game engine played by thousands of people. Very much not a contrived example. Name any sort of code and you'll find it in there: GUI, packet parsing, physics, DSP, decision trees, database calls, ECS, procgen, audio. It's all in there.

It has 12 instances of `unsafe`:

(1/2)

Show threadJoshua BarrettoDec 17

Of those 12 instances:

- 6 relate to hot reloading (dynamic linking) and aren't even presented in public builds

- 3 relate to the plugin system (JIT compilation and other things that are almost impossible to provide hard soundness proofs for)

- 2 relate to shader compilation (also JIT)

- 1 relates to accessing the OS clipboard and is unsafe because the underlying abstraction is perilously easy to abuse (thanks C)

Show threadJoshua BarrettoDec 17
I know these people are just trolls, but still. It irks me to see people still saying this in the wild.
Show threadJoshua BarrettoDec 17
One argument I've heard is "okay, now tell me how much unsafe is in the dependency tree" but this entirely misses the point: nothing in the dependency tree looks even slightly like a physics engine or a server, let alone a full game & game engine. The measure of things must surely be how much forward progress one can make without leaning on unsafe code. After all: even the safest of languages contain huge language runtimes written in perilously unsafe code. Dig deep enough and you will find it.
Show threadJoshua BarrettoDec 17
(This is a subtoot about the first Linux kernel CVE present in Rust code having been found. The CVE was caused by code in an unsafe block, apparently)
Show threadPeter Bindels
@jsbarretto dang, it's gotta suck to have 99% of your code be marked as "extremely likely not where memory safety issues are".
Dec 17 at 9:04pmWeb
Show threadJoshua BarrettoDec 17
@dascandy Yeah, what a curse to live with. We might aim at the stars, but hitting the moon instead might as well be failure