I am referring to the software currently written and deployed in things like cars, airplanes, spacecraft, medical devices, and the like. Stuff that gets certified by processes like ISO 26262 and DO-178C.
Ada is of course used here too, but we're talking about the lack of checks at the language level being a problem. My point is that it is not, with languages that have less checking than Rust being used for these sorts of things routinely.
My point is that if unsafe Rust is the best that Rust can deliver for safety, it leaves a lot to be desired, and while it is better than other some other languages, Rust is just not the panacea it is advertised to be. I am not convinced that it's the best that's theoretically possible.
Okay. That's a different thing than what I'm talking about. This thread started with "How can it be safe with `unsafe`?". That's what I was trying to address in this sub-thread.
Rust has never advertised itself as a panacea.
I agree that Rust is not the best language that can theoretically ever exist. I do disagree that it is possible to have a 100% compiler checked memory safe language. There will always exist some portion of these systems that need to be verified by hand. And that's okay. The goal here, and how other languages could improve upon what Rust does, is to do what Rust did to other languages: expand on what is expressible within the safe subset.
Rust may not, but random Rust programmers rave about it all the time as if it were a panacea.
> expand on what is expressible within the safe subset
I hope that Rust itself keeps going further in this direction. Even with the residual unsafe code, bounds could be implemented to limit the possible damage, and correct it as soon as feasible.
Ada is of course used here too, but we're talking about the lack of checks at the language level being a problem. My point is that it is not, with languages that have less checking than Rust being used for these sorts of things routinely.