Safety and Soundness in Rust
Rust is designed around safety and soundness. Roughly speaking, safe code is code that doesn't use the
unsafekeyword, and sound code is code that can't cause memory corruption or other undefined behavior. One of Rust's most important features is the promise that all safe code is sound. But that promise can be broken when
unsafecode is involved, and
unsafecode is almost always involved somewhere. Data structures like
unsafecode in their implementations, as does any function like
File::openthat talks to the OS. This leads to a common question: "If Rust can't guarantee that all safe code is sound, how can it be a memory-safe language?" It's hard to give a short answer to that question, so this post is my attempt at a medium-length answer.
Source: Safety and Soundness in Rust, an article by Jack O'Connor.