First, any technical discussion here is irrelevant. Those organizations do not ask for it because they understand it, but because someone else told them, and that's where the definition of safety is located. In other words, if you are applying for a contract, what you think doesn't matter. Having said that:
> People consider Rust memory safe, but there are a few cases where it is not
The chance that you will encounter memory safety issues in Rust is very, very low (comparing to other popular languages). We are talking about bugs in stdlib (very unlikely) and usage of unsafe in your code and dependencies. If you happen to use unsafe directly in your app, I'd say it is a spectrum and you can be in a danger zone. Otherwise, it is a small enough issue to focus on other problems. For 99.9% of people, "using Rust" is enough of a guarantee to be safe.
> Are languages without GC memory safe?
In theory, not having a GC in itself tells nothing about safety. Commonly used languages without GC are mostly C/C++, so in practical terms, they are unsafe.
> Is idiomatic Zig memory safe?
Zig itself is not memory safe. Even if idiomatic Zig was, how do you verify that some code is idiomatic? In practical terms, I don't think there is enough examples of Zig code to make determination, so I count it as no.
> Is idiomatic modern C++ memory safe?
"Idiomatic modern C++" very likely will have non-idiomatic or non-modern dependencies. There are many examples of safety issues in modern C++ codebases, so definitely not.
In my opinion, any definition of safety that relies on developer skills or usage of extra tooling means it is unsafe.
I couldn’t find the word “suggest” or anything similar to it in that paper. They describe what they mean by “memory safety” and give examples of memoryxsafe languages (twice, both times the same list)
> People consider Rust memory safe, but there are a few cases where it is not
The chance that you will encounter memory safety issues in Rust is very, very low (comparing to other popular languages). We are talking about bugs in stdlib (very unlikely) and usage of unsafe in your code and dependencies. If you happen to use unsafe directly in your app, I'd say it is a spectrum and you can be in a danger zone. Otherwise, it is a small enough issue to focus on other problems. For 99.9% of people, "using Rust" is enough of a guarantee to be safe.
> Are languages without GC memory safe?
In theory, not having a GC in itself tells nothing about safety. Commonly used languages without GC are mostly C/C++, so in practical terms, they are unsafe.
> Is idiomatic Zig memory safe?
Zig itself is not memory safe. Even if idiomatic Zig was, how do you verify that some code is idiomatic? In practical terms, I don't think there is enough examples of Zig code to make determination, so I count it as no.
> Is idiomatic modern C++ memory safe?
"Idiomatic modern C++" very likely will have non-idiomatic or non-modern dependencies. There are many examples of safety issues in modern C++ codebases, so definitely not.
In my opinion, any definition of safety that relies on developer skills or usage of extra tooling means it is unsafe.
reply