Not trying to be a Rust advocate and I actually don't work in it personally.
replyBut Rust provides both checked alternatives to indexed reads/writes (compile time safe returning Option<_>), and an exception recovery mechanism for out-of-bounds unsafe read/write. Fil-C only has one choice which is "crash immediately".
What makes you think that one can not add an explicit bound check in C?
replyIt's trickier than it looks because C has mutable aliases. So, in C our bounds check might itself be a data race! Make sure you cope
replyDepending on what you are doing, yes. But the statement I responded to "your only choice is crash" is certainly wrong.
replyIf you can correctly add all the required explicit bounds checks in C what do you need Fil-C for?
replySame reason any turing complete language needs any constructs - to help the programmer and identify/block "unsafe" constructs.
replyProgramming languages have always been more about what they don't let you do rather than what they do - and where that lies on the spectrum of blocking "Possibly Valid" constructs vs "Possibly Invalid".
For temporal memory safety.
reply>And inability to prove correctness does NOT imply incorrectness.
replyAnd inability to prove incorrectness does NOT imply correctness. I think most Rust users don't understand either, because of the hype.