maybe https://verdagon.dev/blog/fearless-ffi

It'd be more accurate to say that the relationship between C, C++, and Rust is like the relationship between CVS, Subversion, and DVCSes like Git and Mercurial.

C++/Subversion was an attempt at "a better C/CVS", but it proved to have flaws it couldn't shake, so people who still needed a better alternative to C/CVS took a second crack at the problem and, instead of looking to improve on the existing design, went back to build out from the requirements that inspired it in the first place.

...so Rust is more an independent second crack at "a better tool to fill C's niche" than an attempt at "C++ done right".​

That sounds very similar to wasm and I read in the link that they are heading that direction using "wasm2c".
With wasm, any language can be sandboxed and provides a safe FFI for not only vale, but also Rust, Java or Python.

That link and others from the same blog popped up in /r/rust/ a while ago. As I remember, Vale's biggest problem is that it hasn't actually been implemented yet and it reflects poorly on the creator that they speak with such confidence that their ideas that have never been implemented before will work as well as they claim in the real world.

(The whole "In theory, theory and practice are the same. In practice, they are not." ivory tower academic thing, except, this time, not being published in an academic journal or press.)

The entire rust language *is* the new tooling. They aren't even alone.

The window is closing for any new SPL to not be memory safe. Those are now the table stakes.

Ok so I tried to find some real world examples of professional, not amateur/noob mistakes, and I can't really find. Show some examples?

By far the most common "mistake" I see when people give example of Rust's "memory safety" is idiots returning the address of a stack variable. Who the actual fuck makes that mistake? You'd be fired on the SPOT if you did that in an interview. In fact most of the time this thing isn't even worth interviewing because it's literally only pisslows who do it.

The other examples typically given is casts of course, but casts are ugly in C++ for a reason. They stand out just as much as "unsafe" blocks in Rust.

And lastly it's people who give examples about standard library functions (mostly from C), which is an API issue, not language.

If we talk about misusing memory APIs, you can literally use HeapAlloc/HeapFree in Rust the same way I presume, unless they're "magically" marked by the language in some way (which is cheating, let's be honest, they're Windows API functions, not Rust's; you could mark them in C/C++ headers as well with compiler attributes). i.e. shooting yourself in the foot. And if you mean using the Rust standard library, then well, C++ has RAII and smart pointers.

So...? I really want to know a high profile mistake done by serious professionals not pisslow kids. I'm not sarcastic, I really want to know.

If I see another example of returning address of stack variable (which even the fucking C++ compiler warns about) I will forever spread hatred about Rust. Is that the best they can do?

It'd be nontrivial because we're talking about C. Hell, they even say that in the article. (why did you skip this part?)

Concurrency bugs are the obvious candidate. Why do you think Rust was created? If C++ was adequate for professionals, then why do the engineers at Mozilla think it's not adequate for their browser?

You can go read about the problems they had involving data races yourself.

There is no way to answer your question on a forum because its too big of an answer, but in general your comment only really make sense with really trivial/small code and completely falls apart when you are actually working on an actual codebase with thousands/hundreds/millions of lines of code and this is where safety guarantees around concurrency really start paying off since the number of interactions in your codebase typically scales exponentially the larger your code base is. Especially when you start implementing real concurrency/multithreading in your program, the problems with concurrency/multithreading really propagate to the rest of your program which is why a lot of C programmers either avoid multithreading or only use it for real low hanging fruit. One reason why a lot of the Rust equivalents are beating C programs is because the Rust programs take advantage of concurrency much more in C, and this is a lot easier in Rust.

To drive this point further you also have to understand the context, Rust was created in Mozilla precisely because of how unproductive/inefficient/difficult it was to deal with these concurrency/memory problems on what is arguably one of the largest open source C/C++ codebases , aside from the Linux kernel, Firefox. Its not even due to size why Firefox is complex, its also a web browser which arguably aside from game engines or operating systems is one of the hardest types of programs to make.

EDIT: Fun fact, one strong argument for why functional/purely functional programming started getting much more popular over time (in contrast to C imperative style) is that when you start implementing concurrency in your program, due to how it interacts with the rest of the program a lot of the abstractions/idioms in C style imperative programming fall apart for one reason or another, i.e. relying some form of global state which is typically implicit in a lot of C programs suddenly doesn't work so nicely because you know have to deal with multiple threads accessing that same state at once.

I mostly agree but not totally. For example if language is perfect for heavy majority of use cases you are about to implement but there is one architectural point not compatible with it, that doesn't mean you should abandon that language. For example mentioned Rust doesn't have inheritance and doesn't have exceptions but those issues are resolvable.

Rust also is important here performance wise because design Cloudflare did is very hard to implement secure way in languages in C. You need language that has certain security guarantees with as big performance as possible. Fact you can do something in C doesn't mean it will be secure, and languages with similar security guarantees like Go are slower. When you have all threads accessing same connection it is very hard to make it in C securly. Rust design patterns allow you to do that with much less pain.