Why does C get flak for UB and memory-unsafety while all the new popular languages have a fucking eval()?!?
But it's a "feature" that exists purely for the sake of writing insecure code.
-
-
my REPLs are indeed meant to provide arbitrary code execution, but I'm quite okay with that
-
you have to *actually call eval* for it to run — not so much for UB/memory unsafety
-
Vast majority of UB/mem-unsafety in C is traceable back to doing idiotic things ppl should know not to do.
-
a lot of it is subtle enough that we have a hard time building static analysis tools for finding them
-
writing something that analyses a (dynlang!) program for whether it can get hold of eval is often significantly easier
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.