In real life people are putting MS Windows inside medical equipment, which I consider horrifying, so to some degree the bar is quite low.
I have worked in avionics, and that was better than an MRI machine running MS Windows, but it wasn’t as good as they pretend.
Compared to the scary examples, I think Rust must already better, but Rust has higher aspirations than that. Compared to the better examples (avionics), I suspect Rust is also up-to-snuff, but Rust is still new.
How bad could internal Rust bugs be at this point?
Another considerations is libraries. How bug-free is the standard library? How bug-free are the other libraries one might expect to use?
I can see your point about tooling, but a lot of the tooling needed around C++ is going to be to make up for shortcomings that Rust doesn’t have. Still, I can see other tools would still help.
I hadn’t thought of that, that might be the biggest problem. Rust makes it easy to pin library versions, what practical problems would arise in pinning the compiler version?
P.S. An aside: I have a book somewhere about provably correct software. It described a formal specification language and software could be checked against it! Um, what’s to stop anyone from writing new bugs in this new language? (The language looked compilable, certainly complete enough to write bugs in.) Making people write the program twice, once in each of two different languages, has some appeal, but a lot of the bugs I have written over the years were bugs in my understanding not in my typing. That kind of bug is easy to write twice.