"C is safe if you just program well" and other fairy tales
Conversation
Notices
-
Embed this notice
Alexey Yerin (yyp@fosstodon.org)'s status on Saturday, 31-Aug-2024 03:15:06 JST Alexey Yerin - Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 31-Aug-2024 03:15:44 JST Haelwenn /элвэн/ :triskell: @yyp C is safe if you rewrite the libc so much it could be considered another language. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 31-Aug-2024 03:21:20 JST Haelwenn /элвэн/ :triskell: @yyp Which I feel like is a bit Hare from first principles.
But not Rust, as it's stdlib depends on libc, with all the problems it entails. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 31-Aug-2024 03:27:14 JST Haelwenn /элвэн/ :triskell: @yyp Yeah, at least since something like C11 or C23 it's two's complement and both gcc and clang have options to make it either trap or wrap.
The one that would still be there are the nasty pointer arithmetics but you could consider that those are explicitly unsafe. -
Embed this notice
Alexey Yerin (yyp@fosstodon.org)'s status on Saturday, 31-Aug-2024 03:27:15 JST Alexey Yerin @lanodan Even without libc, the language itself has a lot of really nasty footguns especially relating to integer promotion and the infamous signed overflow
-
Embed this notice
Alexey Yerin (yyp@fosstodon.org)'s status on Saturday, 31-Aug-2024 04:04:22 JST Alexey Yerin @lanodan I think Rust's stdlib only uses POSIX APIs and not general C things like stdio.h, so this doesn't really apply here. Hare also does the same thing on OpenBSD
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 31-Aug-2024 04:04:22 JST Haelwenn /элвэн/ :triskell: @yyp Well at least it's only for OpenBSD and I guess given them you could expect say the "write" symbol to be the correct one.
Meanwhile Rust broke against musl 1.2.4+ with the removal of LFS64 (and sadly means mrustc currently doesn't works… again), and I guess is/will also be funky with migration to time_t 64 on 32-bit linux+glibc.