Anyone claiming they can write memory safe / defined C code at scale either has no experience with it or has their head buried in the sand.
-
-
Use-after-free, double-free, out-of-bounds accesses, etc. happen in every C codebase, even with extreme diligence like SQLite.
-
It's also infeasible to even deploy instrumentation taking a 2-3x performance hit to provide basic memory safety for C code.
-
It ends up catching too many real world latent bugs where code is doing things that are undefined but not breaking (noticeably).
-
Could definitely write safe C code by defining a safe dialect with annotations, and having the compiler verify memory safety.
-
I think it's plausible you could well enough without annotations, just a subset of the language excluding bad stuff.
-
Annotations meaning stuff like forcing pointers to be passed with a size marked as being associated, forcing bounds checks, etc.
-
Only allowing bounds checks to be omitted if a simple set of rules can prove safety, and forbidding most manual mem management.
-
Only allow memory management via specially marked types/functions for managing different kinds of ownership (unique, shared).
- 1 more reply
New conversation -
-
-
I agree strongly that it's hard to audit for safety though. Perhaps "at scale" includes that.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.