←back to thread

The C23 edition of Modern C

(gustedt.wordpress.com)
515 points bwidlar | 1 comments | 15 Oct 24 16:06 UTC | HN request time: 0.525s | source
Show context
ralphc ◴[15 Oct 24 18:30 UTC] No.41851601[source]
How does "Modern" C compare safety-wise to Rust or Zig?
replies(4): >>41852048 #>>41852113 #>>41852498 #>>41856856 #
WalterBright ◴[15 Oct 24 19:18 UTC] No.41852113[source]
Modern C still promptly decays an array to a pointer, so no array bounds checking is possible.

D does not decay arrays, so D has array bounds checking.

Note that array overflow bugs are consistently the #1 problem with shipped C code, by a wide margin.

replies(2): >>41852316 #>>41857792 #
layer8 ◴[15 Oct 24 19:39 UTC] No.41852316[source]
> no array bounds checking is possible.

This isn’t strictly true, a C implementation is allowed to associate memory-range (or more generally, pointer provenance) metadata with a pointer.

The DeathStation 9000 features a conforming C implementation which is known to catch all array bounds violations. ;)

replies(4): >>41852348 #>>41852932 #>>41854734 #>>41855111 #
1. trealira ◴[16 Oct 24 01:20 UTC] No.41854734[source]
> The DeathStation 9000 features a conforming C implementation which is known to catch all array bounds violations. ;)

That actually really does exist already with CHERI CPUs, whose pointers are tagged with "capabilities," which catch buffer overruns at runtime.

https://tratt.net/laurie/blog/2023/two_stories_for_what_is_c...

https://msrc.microsoft.com/blog/2022/01/an_armful_of_cheris/