> What is unsafe about using atomic reference counting?
Nothing at all. But sharing objects between threads is unsafe.
> Like having a VM implemented in C defeats the purpose of the VM for that language being safe.
You can prove that VM code is memory safe? Good for you.
> Sure you can - owned and borrowed pointers in Rust are represented as raw pointers at runtime. It's a safe abstraction. And if there turns out to be a bug in that interface, and they aren't really safe, then that will have to be fixed promptly - unlike in C/++, where one would be forced to say "Well, that's your fault for not being careful".
And in C++ we have value and move semantics. Nobody uses pointer arithmetic to implement arrays and strings anymore. std::unique_ptr is a standard way to implement the same semantics as borrowed pointers in rust. Array access can be range checked if you want. So being careful in C++ is easy today, can I say that C++ is safe? :)
> Nothing at all. But sharing objects between threads is
> unsafe.
This is mistaken, as sharing immutable data between threads is trivially safe, and Rust's type system gives you the tools you need to prove that data is actually immutable (good luck sticking anything in an Arc if it contains an Rc (or any other non-Send type) anywhere within it). And sharing mutable data between threads can be safe if you get the locking right: Rust gets the locking right for you, so that you don't have to.
> std::unique_ptr is a standard way to implement the same
> semantics as borrowed pointers in rust
No, std::unique_ptr is analogous to the Box smart pointer in Rust, except more onerous to use because move semantics are not the default in C++. C++ has no equivalent to Rust's borrowed references.
> So being careful in C++ is easy today, can I say that
> C++ is safe?
Sure, if you're willing to throw out all C++ code written before C++11, and if you're willing to lower your standards of "safety" to "trivially, silently, and often surprisingly unsafe". :) I actually have a higher opinion of C++ than most developers you'll find (PHP too, but that's a different story...), but let's not pretend that safety is at all C++'s forte.
C++ is unsafe by default. You have to opt-in to obtain all of the safety (by adhering to a particular pattern of use, or using a particular kind of class, etc.).
Rust is safe by default. You have to opt-out to head into dangerous territory.
That difference may be trivial to some, but to me, it's enormous.
> Nothing at all. But sharing objects between threads is unsafe.
If sharing stuff between threads in Rust is unsafe, then that is a bug which you should report.
> You can prove that VM code is memory safe? Good for you.
Uh, that's my point... VM implementations are usually not proved to be safe, any more than unsafe code in Rust is proved to be safe.
> And in C++ we have value and move semantics.
Which aren't bulletproof - if you're not careful, they can be used in an unsafe way. Well, this is second-hand information, so take that for what you will. You could ask pcwalton about it if you want a truly informed opinion.
> So being careful in C++ is easy today, can I say that C++ is safe? :)
Sure you can. You can say, "My code is safe, because I only use feature X, Y, Z / because I avoid this and that...". While someone using Rust should be able to say "My library is safe, since I make no use of unsafe blocks".
Nothing at all. But sharing objects between threads is unsafe.
> Like having a VM implemented in C defeats the purpose of the VM for that language being safe.
You can prove that VM code is memory safe? Good for you.
> Sure you can - owned and borrowed pointers in Rust are represented as raw pointers at runtime. It's a safe abstraction. And if there turns out to be a bug in that interface, and they aren't really safe, then that will have to be fixed promptly - unlike in C/++, where one would be forced to say "Well, that's your fault for not being careful".
And in C++ we have value and move semantics. Nobody uses pointer arithmetic to implement arrays and strings anymore. std::unique_ptr is a standard way to implement the same semantics as borrowed pointers in rust. Array access can be range checked if you want. So being careful in C++ is easy today, can I say that C++ is safe? :)