• fckreddit@lemmy.ml
    link
    fedilink
    arrow-up
    72
    ·
    1 year ago

    C is reliable in the sense that your C program reliably has memory leaks and security holes.

      • PaX [comrade/them, they/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 year ago

        Programmers can trust language security features too much…

        Of course, they’re nice to have and really can make things easier to implement securely but it’s still very easy to introduce security problems or bugs into any code. This is just an unsolvable problem of writing imperative code. All imperative code will reliably have memory leaks (even in Java!) and security holes because no compiler can check to see if you thought of everything.

        And large and complex compilers/interpreters with these security features can end up introducing their own security problems or bugs in the process of implementing them.

        I’m just tired of people entirely dismissing languages like C because they don’t have these features. Especially when the operating systems their code runs on and their languages may even be implemented in C!

        • space_comrade [he/him]@hexbear.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          because no compiler can check to see if you thought of everything.

          We can try to get closer to that with better language design. You’ll never get there but I think there are obvious benefits as to why you’d want to do that.

          I write way less bugs in Rust than I have in Java or C++, and that’s mostly thanks to the language design.

          I’m just tired of people entirely dismissing languages like C because they don’t have these features. Especially when the operating systems their code runs on and their languages may even be implemented in C!

          Because that code has been review and re-reviewed and patched by experts in the field for years. You’re not gonna write a backend for an app with short deadlines in C because that would be absolutely fucking insane.