Never used Rust but I’d like to point out the YouTube channel Low Level which covers security vulnerabilities (CVEs). He ends each video with “would Rust have fixed this?” and it’s pretty interesting.
According to him, when writing embedded software in Rust (and UEFI is embedded), you have to use Rust in unsafe mode which basically disables all the memory safety features. So in that kind of environment Rust isn’t really better than C, at least when it comes to memory safety.
That’s not to say Rust isn’t still a good option. It probably is.
Again, I never used Rust so I’m just parroting stuff I’ve heard, take all of this with a grain of salt.
I am glad for your comment because I work with mcus and embedded solutions in C, so Rust, in that case, wouldn’t be neccesarily safer than C.
I will have to look into it. I need to do 30h of training every two years, so I will learn Rust regardless, but I was thinking about eventually switching to Rust for embedded projects. Might just keep Rust as my scripting language because it is easier for me than Python
Never used Rust but I’d like to point out the YouTube channel Low Level which covers security vulnerabilities (CVEs). He ends each video with “would Rust have fixed this?” and it’s pretty interesting.
A very recent one is this: https://youtu.be/BTjj1ILCwRs?t=10m (timestamped to the relevant section)
According to him, when writing embedded software in Rust (and UEFI is embedded), you have to use Rust in unsafe mode which basically disables all the memory safety features. So in that kind of environment Rust isn’t really better than C, at least when it comes to memory safety.
That’s not to say Rust isn’t still a good option. It probably is.
Again, I never used Rust so I’m just parroting stuff I’ve heard, take all of this with a grain of salt.
Rust doesn’t have “safe” and “unsafe” modes in the sense your comment alludes to.
You can just do the little unsafe thing in a function that guarantees its safety, and then the rest of the code is safe.
For example, using C functions from rust is unsafe, but most of the time a simple wrapper can be made safe.
Example C function:
int arraysum(const int *array, int length) { int sum = 0; while (length > 0) { sum += *array; array++; length--; } }In rust, you can call that function safely by just wrapping it with a function that makes sure that
lengthis always the size ofarray. Such as:fn rust_arraysum(array: Vec<i32>) -> i32 { unsafe{ arraysum(array.as_ptr(), array.len() as i32)} }Even though
unsafeis used, it is perfectly safe to do so. And now we can callrust_arraysumwithout entering “unsafe mode”You could do similar wrappers if you want to write your embedded code. Where only a fraction of the code is potentially unsafe.
And even in unsafe blocks, you don’t disable all of the rust checks.
I am glad for your comment because I work with mcus and embedded solutions in C, so Rust, in that case, wouldn’t be neccesarily safer than C.
I will have to look into it. I need to do 30h of training every two years, so I will learn Rust regardless, but I was thinking about eventually switching to Rust for embedded projects. Might just keep Rust as my scripting language because it is easier for me than Python