On 5/5/23 03:53, Miguel Ojeda wrote:
Definitely, in the end subsystems know best if there is enough time available (from everybody) to pull it off. I only meant to say that the security angle is not the only benefit. For instance, like you said, the error handling, plus a bunch more that people usually enjoy: stricter typing, more information on signatures, sum types, pattern matching, privacy, closures, generics, etc.
These are all great advantages of Rust. One potential cause of memory corruption caused by block drivers is misprogramming the DMA engine of the storage controller. This is something no borrow checker can protect against. Only an IOMMU can protect against the storage controller accessing memory that it shouldn't access. This is not a criticism of Rust - I'm bringing this up because I think this is something that is important to realize. Bart.
