> No memory allocation means no Rust benefits.

This isn't really true; otherwise, there would be no reason for no_std to exist. Data race safety is independent of whether you allocate or not, lifetimes can be handy even for fixed-size arenas, you still get bounds checks, you still get other niceties like sum types/an expressive type system, etc.

> OS / Kernel - Nearly all of the relevant code is unsafe.

I think that characterization is rather exaggerated. IIRC the proportion of unsafe code in Redox OS is somewhere around 10%, and Steve Klabnik said that Oxide's Hubris has a similarly small proportion of unsafe code (~3% as of a year or two ago) [0]

> Browsers - Despite being born in a browser, Rust is unlikely to make any inroads.

Technically speaking, Rust already has. There has been Rust in Firefox for quite a while now, and Chromium has started allowing Rust for third-party components.

[0]: https://news.ycombinator.com/item?id=42312699

[1]: https://old.reddit.com/r/rust/comments/bhtuah/production_dep...

> Google has probably the largest C++ codebase in the world. Migrating to Rust would be so expensive that the board would squash it.

Google is transitioning large parts of Android to Rust and there is now first-party code in Chromium and V8 in Rust. I’m sure they’ll continue to write new C++ code for a good while, but they’ve made substantial investments to enable using Rust in these projects going forward.

Also, if you’re imagining the board of a multi-trillion dollar market cap company is making direct decisions about what languages get used, you may want to check what else in this list you are imagining.

> No memory allocation means no Rust benefits

There are memory safety issues that literally only apply to memory on the stack, like returning dangling pointers to local variables. Not touching the heap doesn't magically avoid all of the potential issues in C.

Rust is already making substantial inroads in browsers, especially for things like codecs. Chrome also recently replaced FreeType with Skrifa (Rust), and the JS Temporal API in V8 is implemented in Rust.

> Embedded - This will always be C. No memory allocation means no Rust benefits. Rust is also too complex for smaller systems to write compilers.

Modern embedded isn't your grandpa's embedded anymore. Modern embedded chips have multiple KiB of ram, some even above 1MiB and have been like that for almost a decade (look at ESP32 for instance). I once worked on embedded projects based on ESP32 that used full C++, with allocators, exceptions, ... using SPI RAM and worked great. There's a fantastic port of ESP-IDF on Rust that Espressif themselves is maintaining nowadays, too.

    > Rust is also too complex for smaller systems to write compilers.

> No memory allocation means no Rust benefits.

Memory safety applies to all memory. Not just heap allocated memory.

This is a strange claim because it's so obviously false. Was this comment supposed to be satire and I just missed it?

Anyway, Rust has benefits beyond memory safety.

> Rust is also too complex for smaller systems to write compilers.

Rust uses LLVM as the compiler backend.

There are already a lot of embedded targets for Rust and a growing number of libraries. Some vendors have started adopting it with first-class support. Again, it's weird to make this claim.

> Nearly all of the relevant code is unsafe. There aren't many real benefits.

Unsafe sections do not make the entire usage of Rust unsafe. That's a common misconception from people who don't know much about Rust, but it's not like the unsafe keyword instantly obliterates any Rust advantages, or even all of its safety guarantees.

It's also strange to see this claim under an article about the kernel developers choosing to move forward with Rust.

> High Frequency Traders - They would care about the standard library except they are moving on from C++ to VHDL for their time-sensitive stuff. I would bet they move to a garbage-collected language for everything else, either Java or Go.

C++ and VHDL aren't interchangeable. They serve different purposes for different layers of the system. They aren't moving everything to FPGAs.

Betting on a garbage collected language is strange. Tail latencies matter a lot.

This entire comment is so weird and misinformed that I had to re-read it to make sure it wasn't satire or something.

> The true future of "safe" software is already here, JavaScript.

only in interpreter mode.

Rust isn't that complex unless your pulling in magical macro libraries or dealing with things like pin and that stuff,which you really don't need to.

It's like saying python is complex becasue you have metaclasses, but you'll never need to reach for them.