|
leper khan posted:C is good Not saying this.
|
#
?
Apr 15, 2024 13:53
|
|
|
|
| # ? Jun 7, 2024 06:45 |
|
|
Athas posted:Not saying this. i get that you arent, but i am
|
|
#
?
Apr 15, 2024 14:00
|
|
|
leper khan posted:C is good
|
|
#
?
Apr 15, 2024 14:07
|
|
|
Maybe in the 70s
|
|
#
?
Apr 15, 2024 14:52
|
|
|
leper khan posted:C is good
|
|
#
?
Apr 15, 2024 15:06
|
|
|
Lots of people saying things I wouldn't say.
|
|
#
?
Apr 15, 2024 15:10
|
|
|
what is kind of weird is that pascal looked to be winning out for quite some time, but c then returned to relevance. at any rate and all history aside c should go away on security grounds ityool 2024.
|
|
#
?
Apr 15, 2024 15:34
|
|
|
C is a p-lang
|
|
#
?
Apr 15, 2024 16:07
|
|
|
C is blood.
|
|
#
?
Apr 15, 2024 16:20
|
|
|
Cybernetic Vermin posted:what is kind of weird is that pascal looked to be winning out for quite some time, but c then returned to relevance. eh. most of the security issues that aren't also problems in other languages have warnings available yes there are flags you should enable in 2024CE. but there's heinous poo poo you can do in all languages if you ignore recommendations
|
|
#
?
Apr 15, 2024 17:23
|
|
|
leper khan posted:eh. most of the security issues that aren't also problems in other languages have warnings available much like properly handled and bonded into some other material asbestos is really entirely safe.
|
|
#
?
Apr 15, 2024 17:37
|
|
|
the difference being that asbestos is intrinsically excellent at insulating c is not intrinsically efficient or mechanically sympathetic for modern machines, it just has a gigantic amount of inertia and platform nepotism in its favor
|
|
#
?
Apr 15, 2024 18:49
|
|
|
look, serious world-power nation-states have tried to make their own os's from scratch and have failed, so that platform nepotism thing is not a useful statement because we can't really get off of posix-and-windows
|
|
#
?
Apr 15, 2024 18:52
|
|
|
yeah. there’s a huge amount of inertia behind the existing platforms. it’s quite straightforward to introduce a new one but, guess what, now you’re just yet another platform with no software, which it’s still on you to fix. basically every talking point about windows vs mac from the last thirty years but amped to 11 because your userbase is optimistically in the three figures. nobody can get their work done there yet, not even the people writing software for it. embracing an existing platform and providing a compelling alternative that plays well with it is a far more plausible way to move things forward c isn’t intrinsically good at anything but it does have a very simple translation model which makes it easy to optimize, for both the compiler and the programmer. compiler optimizations are limited by some facets of the model, but that model also avoids a lot of implicit work that other languages are prone to. and if we’re traveling back to the 70’s, most of the languages it was competing with were even worse from a safety perspective
|
|
#
?
Apr 15, 2024 19:05
|
|
|
leper khan posted:eh. most of the security issues that aren't also problems in other languages have warnings available are there warnings for data races or use-after-free in C in modern compilers? I haven’t honestly written pure C in a long time
|
|
#
?
Apr 15, 2024 19:35
|
|
|
Subjunctive posted:are there warnings for data races or use-after-free in C in modern compilers? I haven’t honestly written pure C in a long time use after free yes. not sure about data races, but may have been added after C11's thread support
|
|
#
?
Apr 15, 2024 19:46
|
|
|
i'm sorry, you want your C compiler to help you use the C programming language correctly? well, blah blah undecidable, blah undefined behavior. so we gave up, sorry
|
|
#
?
Apr 15, 2024 19:51
|
|
|
the general attitude from the outside seem to be; you're just supposed to know which functions to use, and if you don't, and if you havent read the spec, you shouldn't be a C/C++ programmer like not even a linter or static analyzer that's like "hey you cant use memcpy() (or whatever this is the first one that poppped into mind) anymore"
|
|
#
?
Apr 15, 2024 20:01
|
|
|
all the modern compilers warn on stuff like gets or whatever, and the various risky str* functions, but those are easy to detect I'm impressed by use-after-free detection, I didn't know that C compilers could model lifecycles well enough at this point!
|
|
#
?
Apr 15, 2024 20:10
|
|
|
Subjunctive posted:are there warnings for data races or use-after-free in C in modern compilers? I haven’t honestly written pure C in a long time yes, especially if you’re willing to add an understanding of a particular host operating system or technology’s multiprocessing features to the analysis tooling (which isn’t really any different than adding detection of use after free, since things like malloc and free are library-not-language too)
|
|
#
?
Apr 15, 2024 22:04
|
|
|
this is typically an analyzer feature though not a compiler feature directly
|
|
#
?
Apr 15, 2024 22:05
|
|
|
Share Bear posted:the general attitude from the outside seem to be; you're just supposed to know which functions to use, and if you don't, and if you havent read the spec, you shouldn't be a C/C++ programmer https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler#analyzing_c_string_operations people are still developing on the tools used for C, its amazing!
|
|
#
?
Apr 15, 2024 22:07
|
|
|
in gcc, -Wuse-after-free will emit warnings if it detects a use after free scenario. iirc if you tag a custom alloc/free as being an alloc/free function it'll do use after free detections on those as well
|
|
#
?
Apr 15, 2024 22:08
|
|
|
1. there are some very good static analyses that catch common bugs in c/c++ 2. they are almost all still static analyses and therefore conservative rather than strict. nobody has made c into a safe language 3. there are a whole bunch of projects to impose a stricter model by default on c. i’ll brag on clang’s -fbounds-safety, which my coworkers are doing, but there are similar efforts out of msr and academia 4. nobody is saying that #3 is in any way adequate except, unfortunately, a lot of the leaders of the c++ community
|
|
#
?
Apr 16, 2024 00:00
|
|
|
yeah, "c has use-after-free detection" is one of those things that sounds good until you see the list of asterisks, at which point it sounds like "c does not have use-after-free detection"
|
|
#
?
Apr 16, 2024 00:55
|
|
|
c has use after free detection if you never allocate
|
|
#
?
Apr 16, 2024 03:12
|
|
|
it's fitting that every pointer in c comes with an asterisk
|
|
#
?
Apr 16, 2024 03:43
|
|
|
pokeyman posted:it's fitting that every pointer in c comes with an asterisk
|
|
#
?
Apr 16, 2024 04:33
|
|
|
simply unmap the pages when you free the memory and never use them again. easy.
|
|
#
?
Apr 16, 2024 04:40
|
|
|
There’s something nice about going back to the simplicity of C and bare-metal programming. Been doing that for a bit for a small client of the business and it’s nice. Just me, registers, and pointers. 
|
|
#
?
Apr 16, 2024 04:47
|
|
|
Share Bear posted:the general attitude from the outside seem to be; you're just supposed to know which functions to use, and if you don't, and if you havent read the spec, you shouldn't be a C/C++ programmer there are six thousand c functions called things like strlncpy and strnl_cpy and lnstr_nlcpy_st and if you use one of the 5998 old, wrong ones then your program will result in the complete takeover of your machine. and different platforms will have different subsets of these functions available
|
|
#
?
Apr 16, 2024 09:26
|
|
|
pokeyman posted:it's fitting that every pointer in c comes with an asterisk thread title
|
|
#
?
Apr 16, 2024 09:28
|
|
|
redleader posted:there are six thousand c functions called things like strlncpy and strnl_cpy and lnstr_nlcpy_st and if you use one of the 5998 old, wrong ones then your program will result in the complete takeover of your machine. and different platforms will have different subsets of these functions available They are also all wrong. strcpy is the dangerous one strncpy is the one that looks correct and is also the dangerous one, strlcpy is just extremely dumb
|
|
#
?
Apr 16, 2024 09:36
|
|
|
strcpy_ver4_FINAL_USE_THIS_ONE
|
|
#
?
Apr 16, 2024 11:24
|
|
|
pseudorandom name posted:simply unmap the pages when you free the memory and never use them again. easy. that's not entirely unlike what asan does
|
|
#
?
Apr 16, 2024 16:07
|
|
|
once you’ve cycled through the entire 2^48 bit address space you should serialize your execution state and restart the program because something else has surely gone wrong by now. good practice for crash only software too
|
|
#
?
Apr 16, 2024 20:03
|
|
|
Xarn posted:They are also all wrong. it’s almost like the real problem was nul-terminated strings all along
|
|
#
?
Apr 17, 2024 00:02
|
|
|
FlapYoJacks posted:There’s something nice about going back to the simplicity of C and bare-metal programming. Been doing that for a bit for a small client of the business and it’s nice. Just me, registers, and pointers. c is pretty far from bare metal on a modern system and that’s half the problem. registers are a nice example. feel free to use the register keyword in c, chances are it does nothing at all. even your assembly registers aren’t the real registers and haven’t been for decades. it might tickle the feels to program for a nice simple pdp-11 inspired architecture, but that’s not the architecture you have. might as well just be another virtual machine
|
|
#
?
Apr 17, 2024 00:29
|
|
|
sup guys just got back from my job in the instrinsics mines
|
|
#
?
Apr 17, 2024 01:06
|
|
|
|
| # ? Jun 7, 2024 06:45 |
|
|
DELETE CASCADE posted:even your assembly registers aren’t the real registers and haven’t been for decades. w- what are you trying to say? 
|
|
#
?
Apr 17, 2024 02:17
|
|
