Originally posted by oleid
View Post
https://crates.io/crates/cargo-geiger is an example of such a tool for unsafe, although doing the same with RefCell is kind of pedantic and pointless because if Rust programmers are using RefCell they know there is an addition runtime cost (in the exact same way if you use virtual in C++ you know there is a runtime cost since you are creating a vtable).
I mean whats next, you are going to start claiming that C isn't a zero cost language because the Linux kernel implemented a vtable (which obviously incurs a runtime cost).
Originally posted by ultimA
View Post
The Rust compiler may internally validate within your program that an under/over flow doesn't happen, but if you are accepting input from the outside world then its possible for someone else to construct an input that causes an under/overflow.
Thats why they are enabled by default, because literally this is the biggest cause of CVE's in C/C++. This is why Java has enforced boundary checks on things like Array's and because of this, at least this class of security problems basically don't exist in Java unless you are really trying hard to bypass it.
You can for example "disable" some of these checks in Rust by putting in things like assert, because then the compiler can see that the program will crash before such an over/under flow can happen (see https://doc.rust-lang.org/std/macro.assert.html#uses)
Comment