Hacker News new | past | comments | ask | show | jobs | submit login

The code contains things that make any modern C++ or Rust developer cringe: naked pointers, unsafe type casts, raw loops, using malloc/free to manually allocate memory for buffers, and calls to unsafe free functions like strcat. So much slow boilerplate is required to do things like handling memory allocation. The increased source code size for even the simplest things becomes harder to maintain.

Danger is waiting around every corner for you to commit a buffer overflow or type confusion error after a long day of work. Infinite chances are offered for you to leak memory. The alternative is that you could be using a language that uses highly optimized RAII types on the stack which are impossible to leak, and written by some of the best programmers in the world so you don’t have to juggle chainsaws.

C invites disaster through seemingly normal use of the language. Just embrace modernity; your code will be smaller, more expressive, more performant, and you’ll be grateful.




You literally go from thread to thread posting the same pro-Rust anti-C drivel, derailing every thread.

Sorry to be crude, but can you people take this self-righteous bs elsewhere? Not every thread needs to be about the superiority of Rust or your gripes with C.

This cancer is ruining every thread on HN now.


Let's not call genuine opinions 'cancer' please. If this were some viagra spam bot, then maybe though it would still not be constructive, but let's keep in mind there's a human on the other end of the line.


As far as I can tell, this is an open forum. If people keep repeating the same mistakes when they use C, I’ll keep promoting the alternatives.

I’m not trying to eschew flamebait, it just so happens that people get upset when their ideas are challenged. If it makes people uncomfortable, then that’s fantastic, because no one who was comfortable ever learned anything.

I get it: learning new things and new languages is hard. But like I said before, it will pay dividends, and save time for the people in the future who come hunting down your bugs.


It seems you think their mistake was using C in the first place, and not the way they used C.

Calling people out for not using a language that you prefer is not helping them learn, nor is it bitter medicine to those who find learning your preferred language "hard".


> It seems you think their mistake was using C in the first place, and not the way they used C.

I mean, guns are restricted in all countries, while of course it's the way guns are used that is truly what people take issue with. If you hang it up on your own wall and never take it off, nobody has an issue with your gun, but enforcement of that is nigh impossible and so we restrict the ownership to policemen and allow only things like hunting rifles for the small group that still likes to go hunting.

As someone working in security, I'd make a similar though obviously less extreme case for unsafe languages like C. If you don't need it, then why use something that you can shoot yourself in the foot with? You put other people at risk through using it incorrectly and it's nigh impossible to enforce secure coding. Many people seem to think that you need C++, C, or assembly to write fast code whereas nowadays there are plenty of alternatives without some of C's biggest issues.


To me, this is not a simple matter of preference like your choice of editor or the way you prefer to have it configured, to be used by you and you alone.

Software, especially open source software, is often collaborative. The programming language is a way of expressing yourself not only to your compiler, but also to other human beings.

Would you write a book today in Middle English, when the rest of the world is expecting modern English?


> As far as I can tell, this is an open forum

Your original point may very well still stand, but I'd like to point out that there's actually a whole bunch of guidelines for posting here:

https://news.ycombinator.com/newsguidelines.html


"Eschew" means "to avoid habitually especially on moral or practical grounds".


Perhaps you'd like to point out an actual bug you've found...?

This sort of dogmatic cargo-culting paranoia-rant is exactly why people are getting sick of hearing about the "modern" BS.


The modern C++ techniques being referred are 10 years old at this point already and have stayed in consensus. No need to get salty.


I already have to debug C/legacy C++ code (“C with classes”) on a daily basis for my day job, so I sure certainly am not going to waste my free time doing it. The best I can do is be an evangelist for better practices, a fly on the ass of people who still pump C into the garbage stream of the internet.


Since the text in your parent post is more or less the same of your last comment from 10 hours ago, I agree you are in a sort of "keyword oriented" evangelization crusade against good'ol C. The question would be, why caring so much?

Hey, as long as people keeps writing C and C with classes, you'll have a day job.


Yeah, it’s shocking that almost every day I log onto HN and see either (1) security exploits in legacy C code or, (2) new C code being introduced into the world that invites the same exploits to the untrained programmer. The same way people keep repeating the same mistakes, I will keep repeating my criticisms. We’re stuck in an infinite loop.


> The alternative is that you could be using a language that uses highly optimized RAII types on the stack which are impossible to leak, and written by some of the best programmers in the world so you don’t have to juggle chainsaws.

Please, tell "the best programmers" that it's "impossible to leak" memory. Apparently they do not know this.

https://doc.rust-lang.org/book/ch15-06-reference-cycles.html


Thanks for sharing, I’m unfamiliar with the nuances of Rust’s implementation of RAII as I’m primarily a modern C++ developer. Modern C++ mostly guarantees against leaks since it encourages the stack as much possible.

https://github.com/isocpp/CppCoreGuidelines/blob/master/CppC...


It's the same deal as creating a circular references using `std::shared_ptr` in C++.


Ownership semantics in rust largely prevent circular references, so it's not the same deal


Sorry, I'm not a Rust pro, but from the docs about reference cycles linked above:

> We can see that Rust allows memory leaks by using Rc<T> and RefCell<T>: it’s possible to create references where items refer to each other in a cycle. This creates memory leaks because the reference count of each item in the cycle will never reach 0, and the values will never be dropped.

This sounds a lot like what happens when you create a circular reference with std::shared_ptr ?


Yes, but grep for `Rc::new()` in actual rust code bases compared to `shared_ptr` in C++. Interior mutability is cumbersome and not a natural pattern in practice.


Yes, it is the same thing.


Leak can mean different things. None of those types in the link are stack allocated, I think.


> Be me

> Rewrite h.264 in rust

> Depends on swap_bits crate by Wladimir Jinping Jr.

> NIH hacked by unknown people

> NYT title next day "Cargo cult package manager behind NIH hack"


Very true. This is why I appreciate C++’s lack of a universal package manager.


C with Asan or Valgrind is faster to write and just as performant (usually better) as Rust or C++. There's a reason the world runs on C, and only part of it is historical.


Now you just need to also write a testsuite that covers every possible path through your code and you've proved the absence of errors that Valgrind can find. I'm not sure that building such a test suite is less work than using a safer language.


I just can’t recommend using it for new code in light of the sexy new alternatives that can compile down to the same binary with source code that’s way more intuitive and readable.

I do have nostalgia for C since it was my first language, and I think a lot of people are in the same boat, which is a problem. That’s why I think we need to stop teaching C. Kate Gregory has a good cppcon talk on the topic: https://youtu.be/YnWhqhNdYyk


I... don't even know how to start answering this.

"C" is glorified assembly and learning assembly is *fundamental* to understand how computers work. "C" *should* be the first language programmers learn when they get serious (ex: first year computer science classes).

When I write "C" I know exactly what is going on with each of my CPU cycles and where my variables are being allocated. The compiler is a dead simple translator who doesn't play funny tricks behind my back.

"C" is the perfect language to learn and have fun with the underlying architecture.

"C" is very easy to learn and not that hard to master. It is fast to compile, fast to run and available everywhere.

I don't like "C++". All code bases maintained by more than one single developer (no matter the language it is written in) become rotten with time but, from my experience, the larger the amount of features a language has, the worst this becomes. All big "C++" projects I have worked on (except for one) were horrendous. This also happens in "C", but in "C" I can just "grep" the keyword and immediately know where it comes from.

I don't like "Rust". I've tried to learn it twice and failed. There are too many places where I lose track what the compiler is doing, the (formal?) specification is big and complex and keeps growing (approaching "C++" absurdity levels). There is never an "obvious" way to do one thing. I get "Rust" is a test bench for language designers, but they are creating an over-engineered monster that is not easy to use (think "low gravity ink injection pen" vs "pencil")

So... "C" is perfect for me (and many others). It's simple, fast and as powerful as it gets, which means it is also fun. As others have mentioned on this thread, together with "cppcheck", "valgrind", "electric-fence" and friends it is also as secure as any other.

"C" is here to stay.


> The compiler is a dead simple translator who doesn't play funny tricks behind my back.

When did you last look at the assembly your compiler produces at O2 or higher? Because decades of C compiler development would very much like to disagree with that statement.

> As others have mentioned on this thread, together with "cppcheck", "valgrind", "electric-fence" and friends it is also as secure as any other.

Where do all the memory safety problems in any nontrivial C or C++ codebase come from then? Do you think that for example the Chrome team is just incompetent? It is certainly possible to write safe C, but that involves _a lot_ more effort than using valgrind. You could for example write MISRA-C. Together with extensive manual checking those rules lead to fairly save C, but the effort needed is really big.


> "C" is glorified assembly and learning assembly is fundamental to understand how computers work. "C" should be the first language programmers learn when they get serious (ex: first year computer science classes).

I agree that a CS education may include an understanding of low level details, but if you want to learn assembly and understand assembly, use assembly.

> When I write "C" I know exactly what is going on with each of my CPU cycles and where my variables are being allocated. The compiler is a dead simple translator who doesn't play funny tricks behind my back.

It really depends on what you tell the compiler. And if you’re using GNU, g++ compiles both C and C++. The compiler will aggressively optimize your code down to practically nothing, and you’ll find that the resulting machine code has high probability of being identical whether you wrote it in C or C++, so it’s a matter of choosing the language that is shorter and easier to read/understand.

I really do respect where you are coming from, but in my opinion one should use the tool that’s most appropriate for the job in light of what’s available. Just because we can keep using lead paint in buildings, or wire wrapping/vacuum tube amplifiers in electronics, doesn’t mean we should. Maybe for fun, maybe as a hobby, but not professionally, and that’s the mindset I approached this with.


C is very fun to write. You get down to the machine level (nearly). Op did so because he probably wanted to just use it. Maybe to study it, maybe to learn how to write in an unsafe language.

You can program Rust if you want and all you want and feel safe by doing so. Feel free. But this reply really does not contribute anything of value. Especially not for Op. Ofc there are languages with better abstractions reg memory and concurrency. But who cares? its Op's freedom to use whatever he wants to use.

and btw. this attitude is precisely why so many people think Rusters are fucking annoying.


Yeah I've been using rust for more and more small projects at work (we are a c++ house but rust is "ok") and love it. However, it's annoying to hear rustaceans constantly pushing their wares


Thanks is, as the GitHub title says, for iot and embedded devices.

There’s a whole class of these that don’t have the resources to run C++ or rust. Source: develop on a Linux system with 7 megabyte roofs and 16 megs of ram. Oh! We have a 1 meg application partition.


If it can run C, it can run C++ (or rust I guess). The majority of abstractions have little to no overhead. Also 16 megabytes were enough for a very decent desktop computer in the '90, enough to run very complex C++ applications with ease.


I think there's some truth in what as-j is saying. Rust binaries (and C++ ones) tend to be larger than C ones. I think the major reasons are (a) Rust dependencies being statically linked due to a lack of ABI stability, (b) inclusion of portions of the (statically linked, see a) Rust standard library used by the program where C code uses libc, (c) code bloat due to monomorphization, (d) the ease of just using a full-featured library where someone writing in C might cheat a little bit. As an example of what I mean by the last point, see sdp_attribute_get_answer in this codebase. [1] It's writing JSON, but it doesn't use a JSON library that actually escapes the included string. It just assumes the included string doesn't have a quote character in it. Is that assumption valid? Will it always be valid? I'm not sure on quick inspection.

There are ways around all of these:

* a. Static vs dynamic linkage: in an embedded system, it'd be reasonable to just produce a single userspace binary that does everything. It can change its behavior based on argv[0]. I think this is not too unusual for constrained systems even with C binaries. Eg busybox does it. If you only have one binary, you don't need dynamic linking. Also, I think it's not strictly true that Rust doesn't support dynamic linking. I think you can dynamically link everything if you ensure the whole system is built with the same compiler version.

* b. Standard library. You don't have to use it at all, or you can use it sparingly, paying only for what you use.

* c. Monomorphization. You could write (for example) a Go-like map [2] rather than relying so heavily on monomorphization. I'd love to see someone take this idea as far as possible; it might be a good idea for a lot of non-inner-loop code in general, not just on tight embedded systems.

* d. Using full-featured libraries. Obviously no one is making you do this; the same cheats available in C are available in Rust.

but in fairness, the further you go down this path, the further you are from just being able to just take advantage of the whole Rust ecosystem.

Personally, I'd still rather develop or use a #![no_std] Rust codebase than a C one. Memory safety is important to me. IOT devices are no exception to that. Their security history is horrible, and I'd like their security future to be better...

[1] https://github.com/sepfy/pear/blob/b984c8dccaafdcdd1b181786a...

[2] https://dave.cheney.net/2018/05/29/how-the-go-runtime-implem...


Space is so cheap these days, it doesn't matter much unless you're on a really low budget. That said I still get a kick out of programming specialty cases with 8 and 16 bit micros. It's nice to have just about everything you need on a chip (a2d, d2a, CAN, I2C, SPI, timers, tons of general I/O). All you kids should do at least one project like that, you'd be surprised at how fun it can be to pick and choose exactly what the hardware is doing down to the clock cycle :)


Really? You have megabytes of memory but can't run C++? Which architecture is this?


lol none, someone who says that doesn't really know what they're talking about. You can use zero overhead subset of c++ just fine and it will take barely any more room than C. Now if you pull in the std library it's over :)


Dude. The alternative is that the author would not have written the project. Not everyone has hundreds of hours of free time to throw away at learning the next hot programming language.


There's definitely an argument to be made for sticking with stuff you know and love rather than investing in the latest fad. There also comes a point, though, where the solution you know of has clear disadvantages and there are various alternatives with good support and third party libraries available to use.

Also consider that it also impacts other people if you put unsafe code out there or if others want to contribute or build upon it (even if your C is better than even the chromium team, that doesn't mean your contributors' or developer-users are).

In my opinion C has reached a point where using a project like this as a learning opportunity to try out another language, if you don't know one already, would be worth considering.


Or do what you want. However I think c++ with just RAII and smart pointers brings so much more safety than C I don't know why it doesn't get more attention. You don't have to use all the rest, just those couple of things can bring a lot of safety to a project


Oh man, wait till you see the Linux source code...


Bit of a difference between a kernel and video conferencing.

One of these absolutely needs raw memory management and all the unsafe-if-not-very-carefully-done features that C(++) offer, the other definitely does not.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: