Without any ::prelude and some void* arguments. Maybe you have thoughts about it.

The URL is just a sample of “why” but not “because”.

I have my own preference but will keep it inside my mind to not burn a tornado that will erase me from the matrix of the world.

P.S.: I think C is faster, more powerful, and more elegant. I like it more than Rust.

  • BatmanAoD
    link
    fedilink
    arrow-up
    7
    ·
    11 months ago

    I very much understand thinking that Rust has too much hype, but the differences between C and Rust are so fundamental that “switching between” them just to “keep your interest fresh” seems ill-advised to me. To be honest, your statements about both C and Rust so far seem pretty superficial; have you actually used Rust for anything nontrivial?

    C syntax is simple, yes, but C semantics are not; there have been numerous attempts to quantify what percentage of C and C++ software bugs and/or security vulnerabilities are due to the lack of memory safety in these languages, and although the results have varied widely, the most conservative estimate (this blog post about curl; see the section “C is unsafe and always will be”) ended up with an estimate of 40%, or 50% if you only count critical bugs. If I recall correctly, Microsoft did a similar study on one of their projects and declared a rate closer to 70%.

    This means that the choice of language is not just about personal preference. Bugs aren’t just extra work for software developers; they affect all users of software, which means they affect pretty much everyone. And, crucially, they’re not just annoyances; cyberattacks of various kinds are extremely prevalent and can have a huge impact on people. So if 50% or more of critical software vulnerabilities are due to the choice of language, then that is a very good reason to pick a safer language.

    Rust is not the only choice for memory-safe languages. If you like the simplicity of C, you should definitely learn Go (it’s explicitly designed to be as simple as possible to learn). But I would also strongly recommend looking into Zig, which hews much closer to C than Rust does; in fact, it has probably the best interoperability with C of any modern language.

    • lysdexic
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      11 months ago

      C syntax is simple, yes, but C semantics are not; there have been numerous attempts to quantify what percentage of C and C++ software bugs and/or security vulnerabilities are due to the lack of memory safety in these languages, and (…)

      …and the bulk of these attempts don’t even consider onboarding basic static analysis tools to projects.

      I think this comparison is disingenuous. Rust has static code analysis checks built into the compiler, while C compilers don’t. Yet, you can still add static code analysis checks to projects, and from my experience they do a pretty good job flagging everything ranging from Critical double-frees to newlines showing up where they shouldn’t. How come these tools are kept out of the equation?

      • robinm
        link
        fedilink
        arrow-up
        5
        ·
        11 months ago

        I’m not familiar with C tooling, but I have done multiple projects in C++ (in a professionnel environnement) and AFAIK the tooling is the same. Tooling to C++ is a nightmare, and that’s and understatement. Most of the difficulty is self inflicted like not using cmake/meson but a custom build system, relying on system library instead of using Conan or vcpkg, not using smart-pointers,… but adding basically anything (LSP, code coverage, a new dependency, clang-format, clang-tidy, …) is horrible in those environments. And if you compare the quality of those tools to the one of other language, they are not even close. For exemple the lint given by clang-tidy to the one of Rust clippy.

        If it took no more than an hour to add any of those tools to a legacy C project, then yes it would be disingenuous to not compare C + tooling with Rust, but unfortunately it’s not.

      • BatmanAoD
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        11 months ago

        You are making an extreme assumption, and it also sounds like you’ve misread what I wrote. The “attempts” I’m talking about are studies (formal and informal) to measure the root causes of bugs, not the C or C++ projects themselves.

        I cited one specific measurement, Daniel Stenberg’s analysis of the Curl codebase. Here’s a separate post about the testing and static analysis used for Curl.

        Here’s a post with a list of other studies. The projects analyzed are:

        • Android (both the full codebase and the Bluetooth & media components)
        • iOS & MacOS
        • Chrome
        • Microsoft (this is probably the most commonly cited one)
        • Firefox
        • Ubuntu Linux

        Do you really think that Google, Apple, Microsoft, Mozilla, and the Ubuntu project “don’t even consider onboarding basic static analysis tools” in their C and C++ projects?

        If you’re curious about the specifics of how errors slip through anyway, here’s a talk from CppCon 2017 about how Facebook, despite copious investment into static analysis, still had “curiously recurring” C++ errors. It’s long, but I think it’s worthwhile; the most interesting part to me, though, starts around 29:40, where he asks an audience of C++ users whether some specific code compiles, and only about 10% of them get the right answer, one of whom is an editor of the C++ standard.

        • lysdexic
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          11 months ago

          You are making an extreme assumption, and it also sounds like you’ve misread what I wrote. The “attempts” I’m talking about are studies (formal and informal) to measure the root causes of bugs, not the C or C++ projects themselves.

          I think you’re talking past the point I’ve made.

          The point I’ve made is that the bulk of these attempts don’t even consider onboarding basic static analysis tools for projects. Do you agree?

          If you read the post of other studies you’ve quoted, you’d be aware that some of them quite literally report results of onboarding a single static analysis tool to C or C++ projects. The very first study in your list is quite literally the results of onboarding projects to Hardware-assisted AddressSanitizer, after acknowledging that they haven’t onboarded AddressSanitizer due to performance reasons. The second study in your list reports results of enabling LLVM’s bound sanitizer.

          Yet, your personal claim over “the lack of memory safety” in languages like C or C++ is unexplainably based on failing to follow very basic and simple steps like onboarding any static analysis tool, which is trivial to do. Yet, your assertion doesn’t cover that simple step. Why is that?

          Again, I think this comparison is disingenuous. You take zero effort to address whole family of errors and then proceed to claim that whole family of errors are not addressed, even though nowadays there’s a myriad of ways to tackle those. That doesn’t sound like a honest comparison to me.

          • BatmanAoD
            link
            fedilink
            arrow-up
            2
            ·
            11 months ago

            You’re misunderstanding the posts you’re explaining. Sanitizers, including ASan, HWASan, and bound sanitizer, are not “static analysis tools”. They are runtime tools, which is why they have a performance impact. They’re not intended to be deployed as part of a final executable.

            I don’t know how you can read this sentence and interpret it to mean that they “haven’t onboarded AddressSanitizer”:

            In previous years our memory bug detection efforts were focused on Address Sanitizer (ASan).