Anyone claiming they can write memory safe / defined C code at scale either has no experience with it or has their head buried in the sand.
-
-
Array indexing is just pointer arithmetic. Pointers as a whole are extremely unsafe without a whole bunch of enforced rules.
-
Right. C without arrays.
-
It's straightforward to permit direct (not decayed to pointers) usage with compiler enforcing that you need to do bounds checks.
-
Can do the same thing for signed integers. Permit it but force checks each time then add simple rules where they can be omitted.
-
Could build a safe dialect of C like that, where it's still very usable/complete and could still compile with old toolchains.
-
Can't see it being made sane any other way. Need compiler-enforced, simple / understandable set of rules for writing safe code.
-
End up not being able to use any existing code or APIs though, at least without annotating / wrapping them as you would in Rust.
End of conversation
New conversation -
-
-
That doesn't require any annotation; it's pure language-subsetting.
-
FWIW by annotation, I mostly mean having a header defining functions/types that you are forced to use to make the code compile.
-
So you aren't allowed to use pointers, you MUST use a special typedef that has enforced safety semantics for ownership, etc.
-
It would be really easy to provide safe unique and shared ownership. It's much harder to provide lightweight references though.
-
You don't really need them though, if you're find with the performance hit you can just use enforced shared ownership.
-
Could avoid needing any annotations via *comments*. It could all be via special magical typedefs, functions, etc.
-
And could provide a standard library with features like tagged unions, etc. all exposing a proper safe API... but why though?
-
For portability, making a compiler from Rust or another safe language -> well-defined C would accomplish the same thing.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.