C++ creator rebuts White House warning - eviltoast

Python is memory safe? Can’t you access/address memory with C bindings?

  • Ryan@programming.dev
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    4
    ·
    edit-2
    8 months ago

    I’m still onboard with rust as being better than C, however…

    My understanding is that it is considerably harder to correctly write unsafe rust than it is to correctly write c, because if you accidentally violate any of safe rust’s guaranteed invariants in an unsafe block, things go bananas.

    • BatmanAoD@programming.dev
      link
      fedilink
      arrow-up
      25
      arrow-down
      3
      ·
      8 months ago

      That’s true in C as well, though. This is what people mean when they say things like “undefined behavior can result in time travel”.

      The difference is twofold:

      • Rust’s rules for valid unsafe code are not completely formalized yet. This means that there are open questions about whether particularly complex patterns in unsafe code will be guaranteed by future versions of the compiler to be sound. Conversely, the C and C++ spec are generally sufficient to determine whether any particular piece of code has undefined behavior, even if actually analyzing it to find out is not possible automatically using existing static analysis tools.
      • Because safe Rust is so strict about what it permits, the compiler is able to make more aggressive optimizations; in theory, this could indeed cause undefined behavior to be “worse” at runtime than a comparable situation in a globally-unsafe language. I’m unaware of any actual examples of that phenomenon, though.
    • Traister101@lemmy.today
      link
      fedilink
      arrow-up
      12
      arrow-down
      2
      ·
      edit-2
      8 months ago

      Yes Rust is harder to write than C, that’s basically by design as it’s due to the statically guaranteed memory safety. That’s pretty magical. C doesn’t have that and neither does C++ even with smart pointers and such. Rusts unsafe keyword is poorly named, what it actually does is tell the compiler that you the programmer guarantee Rusts rules are upheld within the unsafe block.

      For example

      Access or modify a mutable static variable

      That is a global, that’s incredibly hard to impossible to statically prove it’s safely done, so you have to do it in an unsafe block. So you violating Rusts rules within an unsafe block is actually using the unsafe block wrong. That’s not what it’s for

      • Solemarc@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        8 months ago

        I remember watching a video of someone writing C code and making the same thing in unsafe rust. While the C code worked just fine the rust code had UB in it and was compiled to a different set of instructions.

        Unsafe rust expects you to uphold the same guarantees that normal rust does and so the compiler will make all the same optimisations it would if the code wasn’t unsafe and this caused UB in the example rust code when optimised for performance. It worked just fine on the debug build, but that’s UB for you.

      • Fal@yiffit.net
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        8
        ·
        8 months ago

        Yes Rust is harder to write than C

        I would totally argue with this. Rust is way easier to write than C

        • vext01@lemmy.sdf.org
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I agree for the most part, but writing data structures with shared mutable state can be a total pain in Rust.

          • Fal@yiffit.net
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            3
            ·
            8 months ago

            How so? That’s like, the thing that makes rust awesome to write.

            • vext01@lemmy.sdf.org
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              It’s hard to get those kinds of data structures through the borrow checker.

              Try writing a doubly linked list.

              • Fal@yiffit.net
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                4
                ·
                8 months ago

                It’s because it’s hard to make them correct. It’s not any harder to write it in rust than in C. Just C lets you do it wrong

                • vext01@lemmy.sdf.org
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  That’s not right.

                  Try and write a mutable doubly linked list in Rust and you will find that it’s problematic for the borrow checker.

                  Search online and you will find solutions that work around this using ‘RefCell’ (to delegate mutable borrows to runtime), or raw pointers with ‘unsafe’.

                  • calcopiritus@lemmy.world
                    link
                    fedilink
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    8 months ago

                    Both RefCell and unsafe are features of the language. That’s like saying python’s OOP sucks if you don’t use the class keyword.

        • Traister101@lemmy.today
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          I’d probably say it depends but I’m no Rust expert and I have no direct experience with C (though quite familiar with C++).

          Basically I’d expect writing C to be easy, but not safe. IE you can quickly and easily write C that compiles but has runtime issues. Rust for the most part will catch everything but logic issues during/before compilation meaning once the program runs you’ll have very high confidence in it’s runtime behavior leading to time spent “fighting the compiler” instead of figuring out wtf is going wrong at runtime.

          • Traister101@lemmy.today
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            8 months ago

            I think primarily I don’t really care to argue about if it’s harder to write or not since it doesn’t really matter. I think the pros Rust provides are worth all it’s cons

          • Fal@yiffit.net
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            3
            ·
            8 months ago

            IE you can quickly and easily write C that compiles but has runtime issues.

            So what’s “easy” about it then? Just getting something to compile? That’s not a very good measure of “easyness”.

    • Tobias Hunger@programming.dev
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      8 months ago

      That depends a lot on how you define “correct C”.

      It is harder to write rust code than C code that the compiler will accept. It is IMHO easier to write rust code than to write correct C code, in the sense it only uses well defined constructs defined in the C standard.

      The difference is that the rust compiler is much stricter, so you need to know a lot about details in the memory model, etc. to get your code past the compiler. In C you need the same knowledge to debug the program later.