430
average c++ dev
(programming.dev)
I don't think that casting a range of bits as some other arbitrary type "is a bug nobody sees coming".
C++ compilers also warn you that this is likely an issue and will fail to compile if configured to do so. But it will let you do it if you really want to.
That's why I love C++
You didn't say "programmers should be aware that rust doesn’t automatically mean safe". You said:
You then went on to mention
unsafe, conflating "security" and "safety"; Rust's guarantees are around safety, not security, so it sounds like you really mean "more safe" here. But Rust does make software more safe than C++: it prohibits memory safety issues that are permitted by C++.You then acknowledged:
...which seems to be the opposite of your original statement that Rust doesn't make software "more secure". But in the same comment:
...well, no, there IS a guarantee that Rust is "automatically" (memory) safe, and to violate that safety, your program must either explicitly opt out of that "automatic" guarantee (using
unsafe) or exploit (intentionally or not) a compiler bug.This is also true! "Safety" is a property of proofs: it means that a specific undesirable thing cannot happen. The C++ compiler doesn't provide safety properties[1]. The opposite of "safety" is "liveness", meaning that some desirable thing does happen, and C++ does arguably provide certain liveness properties, in particular RAII, which guarantees that destructors will be called when leaving a call-stack frame.
[1] This is probably over-broad, but I can't think of any safety properties C++ the language does provide. You can enforce your own safety properties in library code, and the standard library provides some; for instance, mutexes have safety guarantees.