1. 7
  1. 2

    AFAICS, this crate uses the FoundationDB C client library which runs a separate communications thread (and I believe there is no way around it). This brings an interesting question (at least to me): is Rust ok with having non-Rust threads executed in the same process? Wouldn’t that make all Rust code at any point of execution essentially unsafe since there is unsafe code being executed in parallel?

    1. 4

      It’s OK! In a sense, it’s not that different from any other Rust FFI: Rust explicitly assumes that foreign code won’t mess up Rust’s own guarantees.

      In other words, Rust doesn’t protect you from the bugs in the C you link with. If that is buggy, than something inside Rust-land might break (for example, typically C and Rust would use the same malloc, and, if C messes up the shared heap, allocation in Rust might do something wild).

      The promise of Rust isn’t that it is 100% safe, everywhere. The point of Rust is unsafe – that you can designate a subset of the code and promise to the compiler that you are not making bugs in that subset, for which the compiler promises that, if you make a bug elsewhere, that’s going to be a “benign” Java-like bug, rather than outright UB.

      If you do FFI, everything on the other side is effectively unsafer and requires the programmer to “not make bugs”. It’s still much better if literally everything were unsafe.

      1. 2

        I dunno if you know this, but the OS is probably not written in rust and every time you do a syscall it runs unsafe code. The rust standard library also depends on libc, which usually is written in C too. The bootloader of your OS is possibly even written in assembly - it might corrupt the system before your rust code is even started! Even safe rust uses unsafe rust under the hood that might corrupt your system!

        That being said … less unsafe is probably better. I guess they had practical constraints and don’t want to waste time rewriting well tested code.

      2. 1

        How is this different from https://github.com/Clikengo/foundationdb-rs?