Never used Rust but I’d like to point out the YouTube channel Low Level which covers security vulnerabilities (CVEs). He ends each video with “would Rust have fixed this?” and it’s pretty interesting.
According to him, when writing embedded software in Rust (and UEFI is embedded), you have to use Rust in unsafe mode which basically disables all the memory safety features. So in that kind of environment Rust isn’t really better than C, at least when it comes to memory safety.
That’s not to say Rust isn’t still a good option. It probably is.
Again, I never used Rust so I’m just parroting stuff I’ve heard, take all of this with a grain of salt.
Rust is actually awesome in many ways. No always the right solution, but nice to have in your toolbox.
Where would you say Rust isn’t the right solution?
We always hear how great Rust is, but I’d be curious to know where it isn’t.
Never used Rust but I’d like to point out the YouTube channel Low Level which covers security vulnerabilities (CVEs). He ends each video with “would Rust have fixed this?” and it’s pretty interesting.
A very recent one is this: https://youtu.be/BTjj1ILCwRs?t=10m (timestamped to the relevant section)
According to him, when writing embedded software in Rust (and UEFI is embedded), you have to use Rust in unsafe mode which basically disables all the memory safety features. So in that kind of environment Rust isn’t really better than C, at least when it comes to memory safety.
That’s not to say Rust isn’t still a good option. It probably is.
Again, I never used Rust so I’m just parroting stuff I’ve heard, take all of this with a grain of salt.
Rust doesn’t have “safe” and “unsafe” modes in the sense your comment alludes to.
You can just do the little unsafe thing in a function that guarantees its safety, and then the rest of the code is safe.
For example, using C functions from rust is unsafe, but most of the time a simple wrapper can be made safe.
Example C function:
int arraysum(const int *array, int length) { int sum = 0; while (length > 0) { sum += *array; array++; length--; } }In rust, you can call that function safely by just wrapping it with a function that makes sure that
lengthis always the size ofarray. Such as:fn rust_arraysum(array: Vec<i32>) -> i32 { unsafe{ arraysum(array.as_ptr(), array.len() as i32)} }Even though
unsafeis used, it is perfectly safe to do so. And now we can callrust_arraysumwithout entering “unsafe mode”You could do similar wrappers if you want to write your embedded code. Where only a fraction of the code is potentially unsafe.
And even in unsafe blocks, you don’t disable all of the rust checks.