If it can be avoided, it should be avoided unless there’s a strong reason to not to do so.
The point is that the unsafe code portions of a crate should be as small as possible and easy to prove correct.
(See Learn Rust with Entirely Too Many Linked Lists) For example, implementing a Linked List is quite a nightmare that to do it well you need unsafe.
There are algorithms that require unsafe code to work efficiently, or to be practical (or both).
The standard library uses a lot of unsafe code (in small quantities, but in lots of places). It’s near to impossible to get rid of it, as it is one of the basic building blocks of Rust.
All Rust programs depend at some level on unsafe code.
If I would fix it to match better what I intended to say, I would write instead: “Rust is less secure than a GC’ed language for web apps if you use any crates that abuse unsafe code”.īut still this is overly simplistic, and it’s hard to put it in few words. It seems that there was a bit of a misunderstanding, because I don’t agree with this wording at all. Heck, if you ask some people, Rust is less secure than a GC’ed language for web apps if you use any crates that have unsafe code – which includes Actix, the most popular web framework, because unsafe code allows things like deferencing raw pointers. There, Tom wrote the following piece referring to my post: It also was featured in r/Rust reddit community! (Strangely, the post in reddit goes to the original author’s blog: Rust is a hard way to make a web API) Turns out that today I received a pingback to my article Actix-web is dead (about unsafe Rust) from Rust is a hard way to make a web API blog post. Here I go again writing about Unsafe Rust.