If someone thinks that compiler for their favorite programming language provides safety they have no idea what safe code is.
C/C++ is used to write safe code for medical and aerospace applications every day. The compiler for the languages like C, C++, Ada, Rust or whatever, is not enough.
You can get better static and dynamic code analysis and test coverage analysis tools for C/C++/Ada than you can for Rust.
The term 'safe' varies a lot based on context. In this context it is being used to mean 'memory safe' - i.e. that the compiler can eliminate a class of behaviour that are the root of a number of recent security issues.
"Safe" in the context of medical and aerospace means something very different, but is much closer to the meaning of "Secure" in this context. No compiler is ever going to prevent you writing insecure code - there can always be a logic problem, bad choice of crypto algorithm etc..
> C/C++ is used to write safe code for medical and aerospace applications every day.
How comes we still catch lots of errors in reviews there? How comes that the best paying gigs for c/c++ coders are all code review? Best practices and an excellent toolchain don't help if they are not used. A compiler/language that enforces those is a giant leap forward.
> You can get better static and dynamic code analysis and test coverage analysis tools for C/C++/Ada than you can for Rust.
Of course, but comparing the toolchain of a relatively new language with those of languages into which - literally - billions of dollar were put does only make a temporary point. And with lessons learned from those billions incorporated into the design of the new language, closing the gap will be much, much less expensive and time consuming than the initial development for the languages you mentioned.
What makes you think that a team which doesn't follow practices or uses their excellent toolchain will use Rust properly (without unsafe at any step) or even at all?
Not sure what you mean about code review. Security reviews? I guess that's because C and C++ are easy to misuse and most programmers, teams and companies aren't that good at writing correct or safe code.
But we already knew that and the solution is not as easy as switching to a different programming language.
> What makes you think that a team which doesn't follow practices or uses their excellent toolchain will use Rust properly (without unsafe at any step) or even at all?
Rust tends to push you away from using unsafe all the time. Unsafe is a pain to use, because you don't have all the nice pointer operators you do in C and C++, so programmers naturally default toward working in the safe language. Even if you use unsafe more than you should, Rust tends toward much safer code than C and C++ in the aggregate. (This has been observed empirically.)
> I guess that's because C and C++ are easy to misuse and most programmers, teams and companies aren't that good at writing correct or safe code.
If you replace "most" with "virtually every" (i.e. everyone who isn't writing avionics/defense/aerospace/etc. code), I agree.
> But we already knew that and the solution is not as easy as switching to a different programming language.
Programs written in C and C++ empirically have far more memory safety related problems than programs written in memory safe languages do.
That safety-critical C/C++ code tends to be brutally constrained. Typically dynamic memory allocation is not allowed. It's also very expensive to write and verify. If that was the only way people were allowed to use C/C++, most programmers would migrate to Rust or whatever en-masse. I'm for it!
You write that the claim is (A) "there exists a compiler X that always produces safe code", but then argue against (B) "C++ always produces unsafe code". To argue against claim A, you have to show that some "compiler X" that always produces safe code cannot exist.
> what is "safe" code without a guarantee of memory safety?
Memory safety is the absolute minimum for safety critical code.
It seems to be surprise for most people that you can write memory safe code in C and check for that statically and that includes static stack and heap exhaustion checks.
It's actually appeal to authority. "Populum" appeals to the general populace, not specific industries. The people who smoke crack are not highly regarded.
C/C++ is used to write safe code for medical and aerospace applications every day. The compiler for the languages like C, C++, Ada, Rust or whatever, is not enough.
You can get better static and dynamic code analysis and test coverage analysis tools for C/C++/Ada than you can for Rust.