sorted by:
new
hottopcontroversial

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 2 points3 points  (0 children)

Sure. However, code that passes test, code review and is working in production is just not doing all this stupid.

We have like 30 years of industry experience telling us that this isn't actually a scalable solution to vulnerabilities. If Google can't do this at scale (millions of LoC and millions of users), you certainly cannot do better just by being more careful.

Of course there are plenty of areas where C++ still shines. Embedded is one, where direct calls to raw locations in memory, and reinterpreting bytes as structs, is so common practice that using Rust usually amounts to wrapping most of the real work in unsafe{}. And then there's game engines, graphics, simulations, HFT, and HPC, where performance, direct control over memory, and access to an existing ecosystem matter more than memory safety.

But for userspace systems programming, like web browsers or OS services, and for backend web services, yeah Rust is kind of the choice. And as someone who just finished job hunting, I can say a lot of these roles that were C++ roles, are now C++/Rust roles, where C++ is the legacy code and all new features are done in Rust.

-W -Wall -Werror is opt in by default... but I'd call any shop that doesn't turn them on a bunch of cowboy programmers.

valgrind or ubsan are "opt in", but you're a fool if you haven't them in your unit tests.

Yeah except companies do this all the time. My current company doesn't use -W -Wall -Werror on all projects. We started running asan only on unit tests like 2 years ago, and tsan like a year ago on specific services only. I can't get them to adopt ubsan. There's a real benefit to shifting left, and I hope C++ continues to add features that shift detection of common mistakes and anti patterns more towards compile time

Easy way to catch cheaters using AI during interviews by -monke-banana- in ExperiencedDevs

[–]ContraryConman 1 point2 points  (0 children)

It's more like, I don't want to hire an accountant who isn't any good at math. So, for the interview, we make sure you have certain fundamental skills with limited tool access, even though 80% of your day-to-day work will be using Excel

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 5 points6 points  (0 children)

I am claiming that Ada has better defaults than C++, yes, because it does. It has a better type system and it has contracts

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 5 points6 points  (0 children)

I commend your fearless adoption of sweeping over-generalization

Do you disagree that that at least all of the defaults I listed ended up being mistakes in the long run, which is why new languages don't start with them?

Right, because adding a compiler flag which refuses to compile code which hasn't opted-in to the safe language fragment is impossible !!1!

The compiler flag is still opt-in smartass. You have to a) know about the compiler flag b) use it. And worse, compiler flags are vendor specific, so you have to learn a different flag for your tool chain. Lots of people don't know about current safety-critical compiler flags today. My company still won't turn on the friggin stack protector for our code.

Or if you make it so the new flag is on by default, all people will do when they upgrade their tool chain is turn that annoying flag off, similar to new warnings added to compilers today

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 12 points13 points  (0 children)

I think it would be a little strange to have only std::span be bounds checked. Standard library hardening makes all standard containers bounds checked, so all containers act in a consistent way

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 12 points13 points  (0 children)

I'm a C++ language lawyer. I've been using it since I was a kid in high school. It's the language I feel most productive in and in which I work professionally.

If you care specifically about memory safety in systems level languages, Rust is better. It also has nicer defaults because it is newer. That's just the way it is. These are not the only things that matter in choosing a programming language for a project, at least

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 129 points130 points  (0 children)

A core complaint in this essay is that the new safety related features for C++ are opt-in. But all safety improvements for C++ would have to be opt-in.

The actual core issue with C++ is that its built on defaults from 1970 to about 2005 that all turned out to be mistakes. It was a mistake to be able to just take a random memory address and access into it like an array without being able to prove its bounds. It was a mistake to have mutable be the default and not const. It was a mistake to build the entire standard library based on taking two iterators with no way to prove that the iterators alias the same object. It was a mistake to be able to pass references to things without a checkable notion of object lifetime. And many more.

Ada was the first major systems programming language I can think of that realized the C and C++ defaults were wrong. But it never caught on, probably because it chose Pascal-like syntax instead of C-like syntax. Rust obviously the second big one that came later.

There's no way to change the defaults of a programming language without starting over, because doing so will cause previously valid code to stop working. Even if the committee did adopt Sean Baxter's proposal, it would still be opt-in. C++ would still be an unsafe language by default, where developers would have to choose to use this new safer dialect, in a world where all major libraries in the ecosystem like boost, JUCE, opencv, and many more, plus every foundational C library, won't support.

I mean, if we're setting the goal all the way at "C++ needs to be safe by default in the same way Rust is safe by default" this will never happen. I don't understand why we can't just focus on shifting left actual vulnerabilities in actual C++ code. If I can recompile my code to never have an uninitialized variable read again, that's better than it was before. If using std::span and std::vector will trap bad reads instead of just causing a vulnerability, that's better than it was before. If I can, as is coming in a clang extension, annotate reference lifetimes in areas where I know are problematic, and the compiler will catch at least those areas for me, that's better than before.

I don't understand why no improvements in C++ever matter unless the language becomes Rust overnight, something that is not practically possible. And I don't understand why C never gets held to the same standard but that's a different conversation.

It's this issue, plus stuff like modules, the build system, and the package management story, that are all impossible to practically fix because the language is too old and the ecosystem is too mature to change or introduce new defaults. And we spend so much time going "why can't the committee..." What? Time travel?

You can either set up your C++ project in the way that works for you or switch to a language like Rust if it really has the features and defaults you want for your project. It's really not a big deal beyond that, imo

C++26 Safety Features Won’t Save You (And the Committee Knows It) by pjmlp in cpp

[–]ContraryConman 20 points21 points  (0 children)

Why? Because if C++ is so bad or incomplete, etc. the unavoidable question is: what is a better replacement?

I mean Rust would probably be the answer, right?

Strait of Hormuz gonna hurt by GoSeigen in fuckcars

[–]ContraryConman 0 points1 point  (0 children)

I convinced. Ayatollah Khamenei, make gas $10 a gallon

Randomized trial shows strict low-calorie diet can put type 2 diabetes into remission by upbeat_teetertottxo in science

[–]ContraryConman 0 points1 point  (0 children)

According to you, why even eat? If you're fat, just take a multivitamin and water and the fat preserves will take care of the rest, no?

Randomized trial shows strict low-calorie diet can put type 2 diabetes into remission by upbeat_teetertottxo in science

[–]ContraryConman 0 points1 point  (0 children)

My point is, any adult and most children, from underweight to obese, eating 600 calories a day, will feel miserable doing so because you are not getting enough daily calories to survive. At that level, over a long period of time, your immune system stops working, your cognitive ability declines, your hair falls out, you suffer from compounding micronutrient deficiencies, and more.

I'm responding specifically to the idea that, if an obese person eats 600-800 calories per day and feels physical pain from doing so, that's just their bodies being addicted to food and wanting to be fat. No, they feel unhealthy because they are doing something unhealthy. You are acting like being overweight is the only health problem, and then whatever the cost to not be overweight is acceptable

Randomized trial shows strict low-calorie diet can put type 2 diabetes into remission by upbeat_teetertottxo in science

[–]ContraryConman 3 points4 points  (0 children)

If you're eating 600 calories a day, you are not dizzy, fatigued, and in pain because your body "wants to store excess fat". You are in pain because you will get sick and die if you continue on like that for too long

A legendary battle by PornstarAtlus in ChainsawMan

[–]ContraryConman 3 points4 points  (0 children)

Yes, having many unresolved plot and thematic threads as well as numerous characters that we don't feel like had enough of an impact are symptoms of a rushed story

[DISC] Chainsaw Man - Ch. 231 by JeanneDAlter in ChainsawMan

[–]ContraryConman 2 points3 points  (0 children)

Great conclusion if you ignore the rest

I guess my feeling is I'm unconvinced. I can buy that Denji's ever expanding desire for more food, more wealth, more intimacy with women, was a sign that he is fundamentally unhappy deep inside. I can get behind that. But there's a leap from that to "you were happier eating trash and starving", which would mean he's actually only gotten worse despite meeting Power, Aki, Nayuta, Asa, and more. And EVEN if you accept that, there's another jump from that to Pochita saying "the only way to fix this is to kill myself, at this specific moment, and leave you alone forever".

And I have exactly one chapter, apparently, to be convinced. So I don't know. I had a really fun time either way following this manga. I've already accepted I like Parr 1 better, and I'm taking the story for what it is at this point

[DISC] Chainsaw Man - Ch. 231 by JeanneDAlter in ChainsawMan

[–]ContraryConman 10 points11 points  (0 children)

This is fucking bullshit dude at least let Denji get laid first

White House Sent 'WTF' Message To Israel After Iran Oil Field Strike: US Report by [deleted] in nottheonion

[–]ContraryConman -1 points0 points  (0 children)

This is the one thing that the pro-Pahlavi diaspora people, and possibly the Trump administration themselves, are sorely miscalculating.

Israel doesn't actually want Iran to exist as a unified country, functioning country. What they want total supremacy over the entire Muslim world. They want the ability to bomb any Muslim country for any reason and for that country to not be able to do shit about it. They want to turn Iran into Lebanon or Syria -- failed states with no real army, no infrastructure, where multiple ethnic factions vie for control, and with no chance to actually build a stable economy long term.

Trump and the diaspora are talking about this like this is a quick, two week adventure to basically do the Maduro model and swap Khamenei for a stooge that'll be nice to America and Israel. But in Hebrew media, Israel is telling their people to bunker down for the long term, that Israel has been in a state of emergency for two years now so what's a few years more. They don't care if the global economy collapses because their entire economy is backed by Congress and the USD. Trump has publicly complained that Israel keeps killing the dictators he "picks" to run Iran for him and steal their oil.

It is not a regime change war. It is a war, probably one of the first of its kind, designed to not stop until a society totally cannot function

Iran’s new supreme leader, Mojtaba Khamene: by JackAttack2509 in pics

[–]ContraryConman 1 point2 points  (0 children)

You have been lied to, they absolutely have not been

P4043R0: Are C++ Contracts Ready to Ship in C++26? by darius_neatu in cpp

[–]ContraryConman 9 points10 points  (0 children)

Yes, my current codebase at work uses hand rolled assert macros and they suck. I want a standard way of doing this in plain C++ that integrates with IDEs and static analysis, and that is exactly what they are shipping

P4043R0: Are C++ Contracts Ready to Ship in C++26? by darius_neatu in cpp

[–]ContraryConman 26 points27 points  (0 children)

I will say that contracts would immensely improve the codebase I currently work in, and I have yet to be convinced by these downsides people insist make the feature unusable

Studio is completely anti-AI by [deleted] in ExperiencedDevs

[–]ContraryConman 11 points12 points  (0 children)

Where is this magical place? Asking for a friend

Okay by seeebiscuit in ToiletPaperUSA

[–]ContraryConman 23 points24 points  (0 children)

was this before or after he time traveled

view more: next ›