←back to thread

C and C++ prioritize performance over correctness (2023)

(research.swtch.com)
92 points endorphine | 2 comments | 28 Mar 25 20:26 UTC | HN request time: 0.4s | source
Show context
netbioserror ◴[31 Mar 25 17:21 UTC] No.43537431[source]
There's a way I like to phrase this:

In C and C++, it's easy to write incorrect code, and difficult to write correct code.

In Rust, it's also difficult to write correct code, but near-impossible to write incorrect code.

The new crop of languages that assert the inclusion of useful correctness-assuring features such as iterators, fat-pointer collections, and GC/RC (Go, D, Nim, Crystal, etc.) make incorrect code hard, but correct code easy. And with a minimal performance penalty! In the best-case scenarios (for example, Nim with its RC and no manual heap allocations, which is very easy to achieve since it defaults to hidden unique pointers), we're talking about only paying a 20% penalty for bounds-checking compared to raw C performance. For the ease of development, maintenance, and readability, that's easy to pay.

replies(2): >>43537487 #>>43545348 #
grandempire ◴[31 Mar 25 17:26 UTC] No.43537487[source]
> but near-impossible to write incorrect code.

Except most bugs are about unforeseen states (solved by limiting code paths and states) or a disconnect between the real world and the program.

So it’s very possible to write incorrect code in rust…

replies(4): >>43537549 #>>43537582 #>>43537814 #>>43538545 #
kstrauser ◴[31 Mar 25 19:04 UTC] No.43538545[source]
> Except most bugs are about unforeseen states

Study after study shows that's not true, unless you include buffer overflows and the various "reading and writing memory I didn't mean to because this pointer is wrong now" classes of bugs.

It's possible to write logic errors, of course. You have to try much harder to write invalid state or memory errors.

replies(2): >>43539998 #>>43541660 #
gpderetta ◴[31 Mar 25 21:09 UTC] No.43539998[source]
Parent said bugs, not security bugs.
replies(1): >>43550040 #
1. kstrauser ◴[01 Apr 25 18:34 UTC] No.43550040[source]
There's a fine line between a crash and a vulnerability.
replies(1): >>43550815 #
2. gpderetta ◴[01 Apr 25 20:07 UTC] No.43550815[source]
not all bugs are crashing bugs, and not all crashing bugs are vulnerabilities (and not all vulnerabilities are crashing bugs, although they are all bugs).