I don't claim I can write code at scale at all, but if you can, safety need not be significantly harder.
-
-
It's straightforward to permit direct (not decayed to pointers) usage with compiler enforcing that you need to do bounds checks.
-
Can do the same thing for signed integers. Permit it but force checks each time then add simple rules where they can be omitted.
-
Could build a safe dialect of C like that, where it's still very usable/complete and could still compile with old toolchains.
-
Can't see it being made sane any other way. Need compiler-enforced, simple / understandable set of rules for writing safe code.
-
End up not being able to use any existing code or APIs though, at least without annotating / wrapping them as you would in Rust.
End of conversation
New conversation -
-
-
You could cheat and keep strings by only allowing snprintf & passing to std functions (paths etc.), no other access.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.