this post was submitted on 26 Feb 2024
267 points (96.5% liked)

Programming

17432 readers
230 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
267
White House: Future Software Should Be Memory Safe (www.whitehouse.gov)
submitted 8 months ago by [email protected] to c/[email protected]
139 comments fedilink hide all child comments
 

On the one side I really like c and c++ because they’re fun and have great performance; they don’t feel like your fighting the language and let me feel sort of creative in the way I do things(compared with something like Rust or Swift).

On the other hand, when weighing one’s feelings against the common good, I guess it’s not really a contest. Plus I suspect a lot of my annoyance with languages like rust stems from not being as familiar with the paradigm. What do you all think?

(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] -3 points 8 months ago* (last edited 8 months ago) (8 children)

I'm going to advocate for C here: the sheer simplicity, fast compile times, and power it gives you means it's not a bad language, even after all these years. Couple that with the fact that everything supports it.

Rust, while I don't actually know how to write it, seems much more difficult to learn, slower to compile, and if you want to do anything with memory, you have to fight the compiler.

And memory bugs are only a subset of bugs that can be exploited in a program. Pretending Rust means no more exploitation is stupid.

[–] [email protected] 9 points 8 months ago (6 children)

In cases where bugs have been counted they tended to make up the majority of vulnerabilities. Chrome, Firefox, and Windows reported that around 70% of security vulnerabilites were memory corruption. Yes a subset, but the majority of the worst subset.

load more comments (6 replies)
[–] [email protected] 2 points 8 months ago (2 children)

Zig is a pretty interesting alternative to C

Pretending Rust means no more exploitation is stupid.

I guess? Are you alluding to someone or something in particular?

load more comments (2 replies)
[–] [email protected] 3 points 8 months ago (1 children)

Maybe it’s just because I haven’t had to deal with the scenario yet but does compile time really matter? I mean for small programs it seems it’s almost instant on modern machines and for large programs I would assume, if it exists, that you would be using the equivalent of make so you would only be recompiling the small changes made.

[–] [email protected] 3 points 8 months ago

Compile times are a barrier. How much of hurdle that really is depends on the project and dev. Like readability, accessabilty, friendlyness, license and userbase it all adds up to who can work on the project.

I know in the DevX space the rule of the thumb is you want to have devs see results of a commit before the urge to check their phone/other tabs wins over because that context switching is timly for them.

load more comments (5 replies)
[–] [email protected] 9 points 8 months ago

The interpreter or compiler could also introduce memory issues into the code. Much less likely to happen, but it is not unknown.

[–] [email protected] 56 points 8 months ago (1 children)

let me feel sort of creative in the way I do things

🚩

[–] [email protected] 35 points 8 months ago (1 children)

they don’t feel like your fighting the language

I really understand what you mean wrt Rust. I really do - I was there once. But it's a phase you grow out of. Not just that - the parts you fight now will eventually become your ally.

and let me feel sort of creative in the way I do things

I had the same experience with C/C++. But as the design grows, you start hitting memory-safety bugs that are difficult to avoid while coding - even after you learn how those bugs arise in the first place. Just a lapse of concentration is enough to introduce such a bug (leaks, use-after-free, deadlocks, races, etc). I've heard that C++ got a bit better after the introduction of smart pointers and other safety features. But, it comes nowhere near the peace of mind you get with garbage collected languages.

That's where Rust's borrow checker and other safety measures kick in. The friction disappears when you acquire system knowledge - concepts of stack, heap, data segment, aliasing, ownership, mutation, etc. These knowledge are essential for C/C++ too. But the difference here is that Rust will actually tell you if you made a mistake. You don't get that with C/C++. The ultimate result is that when a Rust program compiles successfully, it almost always works as you expect it to (barring logical errors). You spend significantly less time debugging or worrying about your program misbehaving at runtime.

The 'friction' in Rust also helps in another way. Sometimes, you genuinely need to find a way out when the compiler complains. That happens when the language is too restrictive and incapable of doing what you need. You use things like unsafe, Rc and Refcell for that. However, most of the time, you can work around the problem that the compiler is indicating. In my experience, such 'workarounds' are actually redesigns or refactors that improve the structure of your code. I find myself designing the code best when I'm using Rust.

[–] [email protected] 1 points 8 months ago (1 children)

I do really like the error system in rust for its descriptions. I guess the difficulty for me, which maybe will go away after writing more rust, is that my intuition for what is efficient and what isn’t totally breaks down.

I find myself passing copies of values around and things like that, it might be that the compiler just takes care of that, or that I just don’t know how to do it well but that’s often the point of friction for me.

Totally agree on the refactor though, most of the time it doesn’t even take that much time since you know the skeleton of what you want at that point!

[–] [email protected] 9 points 8 months ago* (last edited 8 months ago)

I find myself passing copies of values around and things like that, it might be that the compiler just takes care of that,

Rust prefers explicitness over magic. So it does what you tell it and doesn't just take care of that.

If you're copying a lot of values around (I.e cloning. Not moving or borrowing), then you're definitely doing it inefficiently. But you don't have to worry too much about that. If there are too many difficulties in borrowing, it may be because those borrows are problematic with respect to memory safety. In such cases, sacrificing performance through cloning may be an acceptable compromise to preserve memory safety. In the end, you end up with the right balance of performance (through borrowing) and safety (through cloning). That balance is hard to achieve in C/C++ (lacking in safety) or in GC languages (lacking in performance).

If that's the friction you're facing in Rust, then I would say that you're already in a good position and you're just trying too hard.

load more comments
view more: ‹ prev next ›