On the one side I really like c and c++ because they’re fun and have great performance; they don’t feel like your fighting the language and let me feel sort of creative in the way I do things(compared with something like Rust or Swift).
On the other hand, when weighing one’s feelings against the common good, I guess it’s not really a contest. Plus I suspect a lot of my annoyance with languages like rust stems from not being as familiar with the paradigm. What do you all think?
Depends on if you’re coding for critical infrastructure (i.e. - electrical grid), or writing a high performance video game that can run on older hardware.
We should absolutely have specific licenses like Civil Engineers do for computer infrastructure that is required for any software written for specific purposes. It would be a nightmare to implement, but at some point, it’s going to be needed.
writing a high performance video game that can run on older hardware
Unless it’s some really exotic platform, I’d honestly still say no. Rust has shown that memory safety and performance doesn’t have to be a tradeoff. You can have both.
But sure, if whatever you’re targeting doesn’t have a Rust compiler, then of course you have no choice. But those are extremely rare cases these days I’d say.
There’s always a trade-off. In rust’s case, it’s slow compile times and comparatively slower prototyping. I still make games in rust, but pretending there’s no trade-off involved is wishful thinking
They mean a trade off in the resulting application. Compile times mean nothing to the end user.
Can we stop pretending Rust doesn’t take performance trade-offs? Of course if you compare it one to one its roughly the same, since it’s compiled. But Optimizing memory for cache hits becomes a lot more difficult in Rust, to the point where you have to use unsafe. And unsafe Rust has more undefined behavior than C. In my opinion C is more safe than unsafe Rust.
If you want normal performance its a good Language, but once you need to Optimize memory, which is usually the bottleneck, You are out of luck.
I don’t even think we really need to eek out every MHz or clock cycle of performance these days unless your shipping code for a space vehicle or something (But that’s an entirely different beast)
We’ve got embedded devices shipping with 1GHz+ processors now
It’s just time to move on from C/C++, but some people just can’t seem to let go.
That is the mindset that gives us text editors using 100% cpu to blink a cursor because their css triggers a bug in the web browser they ship to render the text editor.
You can be memory save without shipping a whole browser, but disregarding power and memory efficiency will just make performance gained by hardware evaporate in overhead.
Battery life is a reason. I’ve had clients come to me complaining their solution from another vendor didn’t last very long. Turns out it was running Java on an embedded device.
Because there is still market for small mcus. A 1GHz processor is a lot more expensive than a 32 bits 75MHz. If you produce even a low number of units, the price difference can be huge.
It’s just time to move on from C/C++, but some people just can’t seem to let go.
The Rust community has 2 websites that I keep periodically checking: Are we game yet? and Are we GUI yet?. The answers on those sites are respectively (as of February 2024, when this comment is written) “Almost. We have the blocks, bring your own glue” and “The roots aren’t deep but the seeds are planted”. I’ve seen the progress in Bevy and Slint, but it’s still the same, those websites don’t change, and my situation WRT to making a Rust project for fun or work it’s the same.
I’ll be happy to start doing Rust projects whenever I get the chance (which will be when it’s a sufficient tool for my use cases). But I’m tired of smoke sellers.
let me feel sort of creative in the way I do things
🚩
I’m just glad to see the White House listening to people who understand technology for a change.
We need legislators who aren’t all literally older than cryptography. If they weren’t bought and paid for by billionaires that would be nice too.
Don’t blame the victims for a sham of a democracy. First-past-the-post (FPTP) is there to prevent anything outside of a two party system where primaries are filled with (fully allowed) election fraud and cheating.
“we could have voluntarily decided that, Look, we’re gonna go into back rooms like they used to and smoke cigars and pick the candidate that way. That’s not the way it was done. But they could have. And that would have also been their right.” - DNC Lawyer
It requires score voting so that, even if heavily gerrymandered, one can still meaningfully express a preference without throwing one’s ballot in the garbage.
I feel this is a bit of a moot point from the White House. Memory-safe languages have been around for decades. I feel like the amount of C/C++ out there isn’t so much that people think having dangerous stuff around is good, but more that nobody really wants to pay to change it.
You don’t have to ban C or C++; you just have to prove your programs are memory safe. It’s been decades since I’ve coded in C, but surely Valgrind and ilk are now capable of providing reasonable proof of memory safety. You might have to turn up all the dials and set all-warnings-are-errors, but I’d be surprised if C tooling wasn’t available to provide sufficient proof for a given statically-linked program.
I’d be surprised if C tooling wasn’t available to provide sufficient proof for a given statically-linked program.
Be prepared to be surprised then. If such tooling was available, why isn’t it being used by the projects for whom it matters? Yes, there is tooling available, but all the big parties using them are admitting it’s not good enough for them. Those tools help, but they do fail in the “sufficient proof” department.
For some follow-up reading:
- Microsoft: https://msrc.microsoft.com/blog/2019/07/why-rust-for-safe-systems-programming/
- Chromium: https://security.googleblog.com/2023/01/supporting-use-of-rust-in-chromium.html
- Android: https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html
- Apple: https://security.apple.com/blog/towards-the-next-generation-of-xnu-memory-safety/
They all share the same basic facts: C and C++ are inherently memory unsafe. If any of them could’ve “just prove[n] your programs are memory safe”, I think they would have.
they don’t feel like your fighting the language
I really understand what you mean wrt Rust. I really do - I was there once. But it’s a phase you grow out of. Not just that - the parts you fight now will eventually become your ally.
and let me feel sort of creative in the way I do things
I had the same experience with C/C++. But as the design grows, you start hitting memory-safety bugs that are difficult to avoid while coding - even after you learn how those bugs arise in the first place. Just a lapse of concentration is enough to introduce such a bug (leaks, use-after-free, deadlocks, races, etc). I’ve heard that C++ got a bit better after the introduction of smart pointers and other safety features. But, it comes nowhere near the peace of mind you get with garbage collected languages.
That’s where Rust’s borrow checker and other safety measures kick in. The friction disappears when you acquire system knowledge - concepts of stack, heap, data segment, aliasing, ownership, mutation, etc. These knowledge are essential for C/C++ too. But the difference here is that Rust will actually tell you if you made a mistake. You don’t get that with C/C++. The ultimate result is that when a Rust program compiles successfully, it almost always works as you expect it to (barring logical errors). You spend significantly less time debugging or worrying about your program misbehaving at runtime.
The ‘friction’ in Rust also helps in another way. Sometimes, you genuinely need to find a way out when the compiler complains. That happens when the language is too restrictive and incapable of doing what you need. You use things like unsafe, Rc and Refcell for that. However, most of the time, you can work around the problem that the compiler is indicating. In my experience, such ‘workarounds’ are actually redesigns or refactors that improve the structure of your code. I find myself designing the code best when I’m using Rust.
I do really like the error system in rust for its descriptions. I guess the difficulty for me, which maybe will go away after writing more rust, is that my intuition for what is efficient and what isn’t totally breaks down.
I find myself passing copies of values around and things like that, it might be that the compiler just takes care of that, or that I just don’t know how to do it well but that’s often the point of friction for me.
Totally agree on the refactor though, most of the time it doesn’t even take that much time since you know the skeleton of what you want at that point!
I find myself passing copies of values around and things like that, it might be that the compiler just takes care of that,
Rust prefers explicitness over magic. So it does what you tell it and doesn’t just take care of that.
If you’re copying a lot of values around (I.e cloning. Not moving or borrowing), then you’re definitely doing it inefficiently. But you don’t have to worry too much about that. If there are too many difficulties in borrowing, it may be because those borrows are problematic with respect to memory safety. In such cases, sacrificing performance through cloning may be an acceptable compromise to preserve memory safety. In the end, you end up with the right balance of performance (through borrowing) and safety (through cloning). That balance is hard to achieve in C/C++ (lacking in safety) or in GC languages (lacking in performance).
If that’s the friction you’re facing in Rust, then I would say that you’re already in a good position and you’re just trying too hard.
Leaders in Industry Support White House Call to Address Root Cause of Many of the Worst Cyber Attacks
And it’s called C/C++. It’s gotten so bad that even the friggin’ white house has to make a press release about it. Think about it, the place where that majority barely even understand the difference between a file browser and a web browser is telling you to stop using C/C++. Hell, even the creator and maintainers of the language don’t know how to make it memory safe. If that isn’t a wake up call, then nothing ever will be.
And this isn’t the first call! The IEEE also says more clearly: GTFO C/C++.
If you want memory-safe, don’t write C/C++. Trying to get that shit memory-safe is a hassle and a half. You’re better off learning a language that isn’t full of foot-guns, gotchas, and undefined behavior.
If you want memory-safe,don’t write C/C++.
Fixed that for you. There’s no situation where you want buffer overruns.
If you don’t want
memory-safebuffer overruns, don’t write C/C++.
Fixed further?
It’s perfectly possible to write C++ code that won’t fall prey to buffer overruns. C is a lot harder. However yes it’s far from memory safe, you can still do stupid things with pointers and freed memory if you want to.
I’ll admit as I grew up with C I still have a love for some of its oh so simple features like structs. For embedded work, give me a packed struct over complex serialization libraries any day.
I tend to write a hybrid of the two languages for my own projects, and I’ll be honest I’ve forgotten where exactly the line lies between them.
