Trying to write C/C++ after writing Rust feels ridiculous. Why should I have to keep track of things that the compiler can do for me, especially when the consequences are exploitable security bugs?
-
-
-
I agree. Though to be care, In C++ one rarely has to keep track of things manually, in modern codebases. Our experience maintaining a gigantic performance-sensitive legacy app that predates even the first ISO C++ (IIRC) biases us too much against C++.
-
For me the biggest annoyance is that Rust doesn’t have a wonderful solution for the most pernicious UAF in browsers: unexpected reentrancy from DOM into malicious JS. I don’t know that there *is* a good solution, really…
-
I'm still a fan of the DOM-is-implemented-in-JS idea.
-
Me too, from an elegance point of view. Still, there has to be a boundary between DOM and native *somewhere*, even if only at windowing layer.
-
I don't know quite why it's hard to find the places where we get unexpected reentrancy. I kind of imagine that most of this "unexpected" reentrancy happens many times through a few paths that are kind of stubbornly not rearchitected to avoid it. That's a pretty uninformed guess.
-
Mutation observers are the most common source of this problem. Remove a node from the DOM while in the middle of an operation on that node.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.