KevinMarks, 2 months ago

@mcc previously https://www.kevinmarks.com/personality

bluGill, 2 months ago

@mcc Modern C++ is reasonably safe, but it is amazing how often people write C++98 even though C++11 added many easy to use features that make it easy to avoid most (not to be confused by all!) issues. However nothing stops you from writing code that is difficult to follow and has many opportunities for memory problems.

the_wiggler, 2 months ago

@mcc int main(){ return 1; }

Xucaen, 2 months ago

@mcc

Programmer: of course my C code is completely safe!

Manager: that's great! Glad to hear it.

Other programmers: -.-

tshirtman, 2 months ago

@mcc I was thinking "surely it's possible to write safe trivial programs in C", and then i remembered it's C, and i'm not so sure, maybe the standard hello world is unsafe in some circumstances. 😆

mcc, 2 months ago

@tshirtman sincerely: if we consider the case of C++, C++ specifically, it is literally necessary to solve the halting problem in order to determine whether you have written a C++ program or not. Because the C++ language standard requires all loops to terminate, and if you ever violate this rule, the compiler is free to do anything at all without indicating a warning you that it has done so

tshirtman, 2 months ago

@mcc that's an... Interesting design decision indeed. Can't say I wanted to try to write a C++ program ever again anyway, but good to know. 🥲

beeoproblem, 2 months ago (edited 2 months ago)

@mcc I'm sure perfectly safe C is just as possible as solving the Halting Problem

mcc, 2 months ago

@beeoproblem i'm sure there exist interesting subsets of the halting problem which are solvable

beeoproblem, 2 months ago (edited 2 months ago)

@mcc More or less. My choice of metaphor is because I believe "prove this program is 100% safe" is equivalent in difficulty to solving the Halting Problem for the same program.

It may be doable for a specific program with some form of formal analysis but a general solution that works for all programs is likely impossible

tef, 2 months ago

@mcc i am willing to accept "i can write safe c but it's very expensive to write and goes through formal verification" but most software doesn't come with proofs, so

mcc, 2 months ago

@tef The thing that concerns me most is people who are trying to express "it is possible to write C or C++ to a level of safety which is acceptable for certain applications" and word that as "it is possible to write safe C" and using the second phrase to describe the first situation is very concerning behavior

JamesWidman, 2 months ago

@mcc @tef they don't even have a complete list of all the undefined behaviors yet:
https://community.intel.com/t5/Blogs/Tech-Innovation/Tools/Why-do-we-need-a-Undefined-Behavior-Annex-for-the-C-standard/post/1574397

tef, 2 months ago

@mcc cf "don't roll your own crypto"

at least the people who can write crypto dissuade people from doing it

c0dec0dec0de, 2 months ago

@tef @mcc I slightly overstate my actual position here: https://hachyderm.io/@c0dec0dec0de/111856800940476470

glyph, 2 months ago

@tef @mcc the people who can write safe C do not begin by attempting to write C, though, they know that the first thing to write is some TLA+

glyph, 2 months ago

@tef @mcc to rephrase somewhat more punchily: it is possible to write safe C, but is not possible to write safe C by writing C

jond, 2 months ago

@mcc @tef Second'd! In my C/C++ work (power control systems) I try to be clear that it's possible to write safe-ENOUGH C/C++ if the system and processes are built to that end.

This means rules like "hardware MUST fail-safe by design and implementation; software verifiably MUST NOT be able to impact that; single points of failure MUST NOT exist for any control output", etc. etc. etc.

Safe enough, but we never believe it is safe. Difference between engineering and smashing hardware together.