Most active commenters
  • survivedurcode(3)
  • pornel(3)

←back to thread

The C23 edition of Modern C

(gustedt.wordpress.com)
515 points bwidlar | 12 comments | 15 Oct 24 16:06 UTC | HN request time: 1.741s | source | bottom
1. survivedurcode ◴[16 Oct 24 05:02 UTC] No.41855777[source]
Continuing to use a memory-unsafe language that has no recourse for safety and is full of footguns and is frankly irresponsible for the software profession. God help us all.

By the way, the US government did the profession no favors by including C++ as a memory-unsafe language. It is possible to write memory-safe C++, safe array dereferencing C++. But it’s not obvious how to do it. Herb Sutter is working on it with CppFront. The point stands that C++ can be memory-safe code. If you make a mistake, you might write some unsafe code in C++. But you can fix that mistake and learn to avoid it.

When you write C, you are in the bad luck shitter. You have no choice. You will write memory—unsafe code and hope you don’t fuck it up. You will hope that a refactor of your code doesn’t fuck it up.

Ah, C, so simple! You, only you, are responsible for handling memory safely. Don’t fuck it up, cadet. (Don’t leave it all to computers like a C++ developer would.)

Put C in the bin, where it belongs.

replies(4): >>41855946 #>>41856045 #>>41856591 #>>41857805 #
2. purple-leafy ◴[16 Oct 24 05:38 UTC] No.41855946[source]
Skill issue
replies(1): >>41856860 #
3. fjfaase ◴[16 Oct 24 06:05 UTC] No.41856045[source]
There are still applications (especially with embedded devices) where you do not dynamically allocate memory or might not even use pointers at all.
4. dxuh ◴[16 Oct 24 07:46 UTC] No.41856591[source]
You can't just put a language in the bin that has been used for 50 years and that a huge percentage the present day software infrastructure is built on.

I see comments like yours everywhere all the time and I seriously think you have a very unhealthy emotional relationship with this topic. You should not have that much hate in your heart for a programming language that has served us very well for many decades and still continues to do so. Even if C was literally all bad (which imho isn't even possible), you shouldn't be that angry at it.

replies(1): >>41957186 #
5. pornel ◴[16 Oct 24 08:33 UTC] No.41856860[source]
It's been a skill issue for 40 years. How long are we going to continue searching for those programmers who don't make mistakes?
replies(1): >>41857317 #
6. worksonmine ◴[16 Oct 24 09:56 UTC] No.41857317{3}[source]
Programmers make stupid mistakes in the safest languages too, even more so today when software is a career and not a hobby. What does it matter if the memory allocation is safe when the programmer exposes all user sessions to the internet because reading Dockers' documentation is too much work? Even Github did a variant of this with all their resources.
replies(1): >>41858204 #
7. uecker ◴[16 Oct 24 11:17 UTC] No.41857805[source]
There good tools that help improving memory safety in C and I do not think Rust is a good language. Of course, the worst about Rust are its fans.
8. pornel ◴[16 Oct 24 12:16 UTC] No.41858204{4}[source]
Because memory vulnerabilities don't make programs immune to other dumb mistakes. You get these vulnerabilities on top of everything else that can go wrong in a program.

Manual checking of memory management correctness takes extra time and effort to review, debug, instrument, fuzz, etc. things that the compiler could be checking automatically and reliably. This misplaced effort wastes resources and takes focus away from dealing with all the other problems.

There's also a common line of thinking that that because working in C is hard, C programmers must be smarter and more diligent, so they wouldn't make dumb mistakes like the easy-language programmers do. I don't like such elitist view, but even if true, the better programmers can allocate their smarts to something more productive than expertise in programs corrupting themselves.

replies(2): >>41860345 #>>41957484 #
9. chongli ◴[16 Oct 24 15:38 UTC] No.41860345{5}[source]
Because memory vulnerabilities don't make programs immune to other dumb mistakes. You get these vulnerabilities on top of everything else that can go wrong in a program.

The issue is that these great new tools don't just fix the old vulnerabilities, they also provide a lot of new, powerful footguns for people to play with. They're shipping 2000 feet of rope with every language when all we need is 6 feet to hang ourselves.

replies(1): >>41861038 #
10. pornel ◴[16 Oct 24 16:31 UTC] No.41861038{6}[source]
There has been a bunch of failed C killers, and C++ has massively shat the bed, so I understand that people are jaded.

However, this pessimistic tradeoff is just not true in case of Rust — it has been focused from the start on preventing footguns, and actually does a great job of it. You don't trade one kind of failure for another, you replace them with compilation errors, and they've even invested a lot of effort into making these errors clear and useful.

11. survivedurcode ◴[26 Oct 24 19:43 UTC] No.41957186[source]
When you write C++, you can allocate memory all day long and write ZERO delete statements. That is possible, I’ve been writing C++ like that since 1998 (Visual C++ 5.0 and lcc). Can you imagine allocating memory and never risk a premature or a forgotten delete? It is not possible in C. You can call it opinion, but I see fact. That makes C all that bad.

When I say put it in the bin, I don’t mean that good software hasn’t been written already with it, or can’t be written with it. But you should stop using it given the earliest opportunity. When given the ability to write object-oriented software, clever engineers with too much time add insane complexity justified by unproven hypotheticals. Believe me, I know very well why people shy away from C++ like a trauma response. Overly-engineered/overly-abstracted complexity, incomprehensible template syntax, inadequate standard library, indecipherable error messages, C++ has its warts. But it is possible to write memory-safe software in C++, and it is not in C (unless we are talking about little code toys!). My answer is that you don’t have to write complicated garbage in C++. Keep it simple like you are writing C. Add C++ features only to get safety. Add polymorphism only when it solves a problem. Never write an abstract class ahead of time. Never write a class ahead of time.

Downvote me all day long. Call me angry. When billions of dollars are lost because someone, in our modern age, decided to write new software in C, or continue to develop software in C instead of switching to a mixed C++/C codebase with an intent to phase out new development in C.

It’s hard not to get angry when modern software is written with avoidable CVEs in 2020’s. Use after free, buffer overflows, are you kidding me? These problems should have been relics in 2010+, but here we are.

12. survivedurcode ◴[26 Oct 24 20:26 UTC] No.41957484{5}[source]
> programmers can allocate their smarts to something more productive than expertise in programs corrupting themselves

Amen. This is called progress.