I remember reading this exact part of the 'nomicon and being really put off by it. I understand it's a joke, but it's a bit tasteless, and terribly condescending. I was surprised by how much it bothered me.
I feel that way about the disclaimer on the homepage, but the transmuting to &mut disclaimer is literally true.
Apologies if you're already familiar with this: It doesn't mean it's not sometimes necessary to have two `*mut T` to the same location, it's that the compiler makes specific assumptions about `&mut T` such that two &mut to the same location existing, even if never used, is UB. To work around this you need to stay in raw pointer land and use APIs like ptr::write.
I'm not sure why it's surprising that some things might bother some people but not others. (?)
Anyway, I thought the passage was an interesting reflection of the perspective of the 'nomicon authors. I'm fairly new to rust, and I've observed the culture – or at least, some part of the culture, and only as it's visible to newcomers – to be astonishingly friendly and helpful, but also sometimes, well, condescending. I sometimes get the occasional vibe of "this is bad and you want a bad thing" instead of "let me acknowledge your concern and here're options for addressing it" (with all the usual caveats: this attitude isn't by any means universal or even exemplified by a particular individual; obviously, the rust community doesn't owe anyone anything, so don't interpret the complaint as a demand; &c).
I wonder whether other people have had a similar perception.
haha C++ is actually my primary language at work ^_^ and UB crosses my mind pretty often: there've been times I've read through the spec to make sure I avoid it.
My feeling isn't really about `unsafe` in particular, though; it's more general. (Although I do see the potential conflation of "safe = correct, unsafe = incorrect" as problematic.)
I view it more as "sound = correct, unsound = incorrect" (where unsound code is code that breaks Rust's rules and/or allows LLVM to generate malfunctioning code). The design goal of the language is that all code without unsafe is sound, and unsafe code
I also feel "moralistic" about soundness, and I do see that in the community. You could argue that such moral thinking is misguided, IDK.
Additionally, async fn desugarings and Tokio's intrusive linked lists (self-referential objects that can create &mut references) are unsound under Stacked Borrows (Rust's currently popular "formal memory model" for deciding what code/optimizations are sound), though I've heard promises that Stacked Borrows will be adjusted to declare these as sound.
IIUC, transmutes in rust completely destroy lifetimes. Unsafe in rust gives you a few more things you can do, it doesn't do stuff like disable the borrow checker. But transmute basically kills lifetime checking.
> This is really, truly, the most horribly unsafe thing you can do in Rust. The guardrails here are dental floss.