Comment by procaryote
Comment by procaryote 2 days ago
If you can rely on memory errors panicing before the memory error can have an effect, you're memory safe. Memory safety doesn't require "can't crash".
Comment by procaryote 2 days ago
If you can rely on memory errors panicing before the memory error can have an effect, you're memory safe. Memory safety doesn't require "can't crash".
From a definition point of view that might be right and it’s no doubt a good step up, compared to continuing with tainted data. In practice though, that is still not enough, these days we should expect higher degree of confidence from our code before it’s run. Especially with the mountains of code that LLMs will pour over us.
It's a nice ambition, but it's a different thing than memory safety
Exactly. Or Rust wouldn't be memory safe due to the existence of unwrap().
Not that crashing can't be bad, as we saw recently with Cloudflare's recent unwrap-based incident.