this post was submitted on 26 Feb 2024
258 points (96.4% liked)

Programming

17841 readers
169 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
258
White House: Future Software Should Be Memory Safe (www.whitehouse.gov)
submitted 10 months ago by [email protected] to c/[email protected]
128 comments fedilink hide all child comments
 

On the one side I really like c and c++ because they’re fun and have great performance; they don’t feel like your fighting the language and let me feel sort of creative in the way I do things(compared with something like Rust or Swift).

On the other hand, when weighing one’s feelings against the common good, I guess it’s not really a contest. Plus I suspect a lot of my annoyance with languages like rust stems from not being as familiar with the paradigm. What do you all think?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 10 months ago* (last edited 10 months ago) (17 children)

I'm going to advocate for C here: the sheer simplicity, fast compile times, and power it gives you means it's not a bad language, even after all these years. Couple that with the fact that everything supports it.

Rust, while I don't actually know how to write it, seems much more difficult to learn, slower to compile, and if you want to do anything with memory, you have to fight the compiler.

And memory bugs are only a subset of bugs that can be exploited in a program. Pretending Rust means no more exploitation is stupid.

[–] carpelbridgesyndrome 10 points 10 months ago (6 children)

In cases where bugs have been counted they tended to make up the majority of vulnerabilities. Chrome, Firefox, and Windows reported that around 70% of security vulnerabilites were memory corruption. Yes a subset, but the majority of the worst subset.

[–] [email protected] 0 points 10 months ago (5 children)

I've also heard that unsafe Rust is even more dangerous than C. I guess that's probably something to do with the fact that you're always on your toes in C vs Rust? I don't know. But if you need to do any sort of manual memory management you're going to need unsafe Rust.

[–] carpelbridgesyndrome 4 points 10 months ago

The thing is the whole c program is unsafe. In rust individual parts are marked unsafe. This means auditing should be easier. Also being always on your toes isn't really viable. Breaking down the program into safe vs unsafe is probably an improvment

load more comments (4 replies)
load more comments (4 replies)
load more comments (14 replies)