Rust code calling Rust code definitely brings safety improvements. The problem is that a lot of Rust code also needs to interact with C code (to work with pointers, for example) and that’s where unsafe becomes a requirement, and where the compiler’s optimizations don’t get applied automatically anymore.
Unsafe Rust code in the kernel is as safe as the existing C code because unsafe code is the norm, and that’s why Rust only makes things safer. However, in terms of performance improvements alone, you need to have in-depth knowledge of what abstractions you can or cannot use, and unsafe can make a bunch of easy automatic optimisations stop working.
Rust code calling Rust code definitely brings safety improvements. The problem is that a lot of Rust code also needs to interact with C code (to work with pointers, for example) and that’s where
unsafebecomes a requirement, and where the compiler’s optimizations don’t get applied automatically anymore.Unsafe Rust code in the kernel is as safe as the existing C code because unsafe code is the norm, and that’s why Rust only makes things safer. However, in terms of performance improvements alone, you need to have in-depth knowledge of what abstractions you can or cannot use, and
unsafecan make a bunch of easy automatic optimisations stop working.