This! If you really care about security you should educate people about how to use available tools to analyze C instead of relentless Rust evangelism.
People arguing that "you can not ever write safe C" might also come to the conclusion that one "unsafe" somewhere in your Rust code potentially means that the whole code base is immediately at the same level of implicit memory safety as C.
> People arguing that "you can not ever write safe C" might also come to the conclusion that one "unsafe" somewhere in your Rust code potentially means that the whole code base is immediately at the same level of implicit memory safety as C.
No, the forced use of "unsafe" in Rust for some kinds of safety mechanisms to be disabled makes the code to audit easier to locate and reason about.
IF the code in the "unsafe" block does not actually isolate the "unsafe"-ness THEN conclusions can be drawn about the rest of the code.
Contrast that to C where the code introducing unsafeness, UB and unsoundness could be basically anywhere instead of a convenient "rg/grep unsafe" away.
I don't agree at all. Developing in Rust (or other memory-safe or mostly-memory-safe languages) is going to be orders of magnitude easier than writing things in C and then running through several dynamic and static code analyzers and quieting the mountain of false positives you'll see with those, plus the massive test suite that you need to make any use of them.
I was just pointing out that, in the case of the particularly diligent OP, he is probably getting an equivalent level of safety - for much more effort though.
To me writing C is orders of magnitude easier because I almost instantly can see in my mind the resulting assembly code generated by the C code. In comparison Rust feels very opaque (e.g. A simple writeln expands into a rather large macro and who knows what the compiler is doing with that). I'm sure with more experience you can get better but why bother.
Even with just static analysis and some sane coding conventions you can get C on the same safety level of Rust. I see Rust as a huge waste of everybody's time and resources and far too opinionated in many regards.
Your experience is obviously your experience. However, I don't think for the majority of people (and definitely not for myself) knowing what assembly results from my code is any way an aid in checking if it's correct or at least secure.
Either way, x86_64 assembly code is a high level language that gets interpreted by the CPU at runtime, so not sure how relevant it is to anything low level anymore.
People arguing that "you can not ever write safe C" might also come to the conclusion that one "unsafe" somewhere in your Rust code potentially means that the whole code base is immediately at the same level of implicit memory safety as C.