Python is memory safe? Can’t you access/address memory with C bindings?

  • Feathercrown@lemmy.world
    link
    fedilink
    English
    arrow-up
    52
    arrow-down
    3
    ·
    edit-2
    9 months ago

    $100 says his response boils down to “just don’t write unsafe code”

    Edit: It did. He also said C++ is working to implement optional safety features, but tl;dr:

    Of the billions of lines of C++, few completely follow modern guidelines

    And the modern guidelines are mostly an unenforced list of things not to do.

    • merthyr1831@lemmy.world
      link
      fedilink
      arrow-up
      24
      arrow-down
      2
      ·
      9 months ago

      doesnt enforce memory safety damn all these stupid devs dont know how to write memory-safe code!!!

    • porgamrer@programming.dev
      link
      fedilink
      arrow-up
      21
      arrow-down
      2
      ·
      9 months ago

      Even following the guidelines, modern C++ is just a huge pile of half-finished ideas. It goes pretty well for the first few hundred lines of code, and then you hit a very basic problem where the solution is “yes this will work great in C++26, if the proposal doesn’t get delayed again”.

      • lysdexic@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        7
        ·
        9 months ago

        Even following the guidelines, modern C++ is just a huge pile of half-finished ideas.

        You’re making it pretty clear that you are completely oblivious to what C++ is, what are the differences between C++ versions, and what are the real world issues solved by each new version.

        I would ask you to clarify your persona clams by providing a concrete example to back each of your statements, but I know you have none.

        • porgamrer@programming.dev
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          9 months ago

          Lol okay. Here are some concrete examples I don’t have:

          Templates as basic generics

          • Templates still show bizarre error messages far too deep into instantiation, despite at least three major features which provided opportunities to fix the problem (static_assert, type_traits, and then concepts)

          Templates for metaprogramming

          • 33 years after the introduction of templates, there are still many common cases in which the only good way to abstract a pattern is by using a macro, and many cases that neither macros or templates can solve
          • There is finally an accepted proposal to fix part of the problem, which will be introduced in C++26, and probably not usable in real code until 2030 at the earliest
          • In 2035, people will still be reluctantly using string macros and external code generation to solve basic problems in C++

          Safe union types

          • C++17, std::variant was introduced to provide a safe inline union type
          • The main API for accessing it is inexplicably slow, unlike in every competing language
          • The fast alternative is an eyesore that can’t integrate with switch statements except via weird, unmaintainable hacks
          • Everyone keeps using custom struct/union/enum combos instead
          • CVEs everywhere

          Error handling

          • C++ uses exceptions as the primary error handling mechanism
          • Exceptions are so slow and so riddled with problems that some companies ban them, and almost all consider them bad practice for representing common failure paths (e.g. failing to parse something)
          • std::expected eventually approved, similar to Rust’s Result type, but with no equivalent to the ‘?’ operator to make the code readable
          • Now there is a proposal to introduce “value type exceptions” instead, which is gathering momentum before std::expected has even stabilised, but will probably not be available for 10 years

          Subtype polymorphism deprecated

          • Now that virtual methods and inheritance are widely considered tools of last resort, they obstruct the introduction of better alternatives
          • Instead we have widespread use of specialised template structs and CRTP to replace instance inheritance with a kind of static inheritance designed for templates
          • It’s all a hack, and as a result it’s full of edge cases that don’t work very well, and poor tool support

          References

          • Good C++ programmers use references where possible, because pointers can be null
          • Good C++ programmers avoid unnecessary copies and allocations
          • Good C++ programmers avoid patterns that can permit unintended coercions with no error
          • Oh no, I accidentally assigned a reference to an auto variable in a template, and instead of giving a helpful type error it implicitly coerced a new copy of my vast memory buffer into existence
          • Okay fine I’ll pass pointers to avoid this, and just trust they won’t be null
          • Oh no, C++ has standardised the idea that raw pointers represent nullability even in all their newest standard library types (thanks again, std::variant)
        • orangeboats@lemmy.world
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          9 months ago

          I think if you consider anything post C++03 (so C++11 or newer) to be “modern C++” then Concepts must be the top example, doesn’t it?

          Counting from C++0x that’s almost a decade of waiting.

    • Oliver Lowe@apubtest2.srcbeat.com
      link
      fedilink
      arrow-up
      10
      arrow-down
      2
      ·
      9 months ago

      $100 says his response boils down to “just don’t write unsafe code”

      Edit: It did. He also said C++ is working to implement optional safety features, but tl;dr:

      Of the billions of lines of C++, few completely follow modern guidelines

      Pretty sure this is a No true Scotsman moment. (I’ve always wanted to bring this fallacy up but I never knew when lol)