this post was submitted on 17 Sep 2024
35 points (94.9% liked)

C++

1763 readers
1 users here now

The center for all discussion and news regarding C++.

Rules

founded 1 year ago
MODERATORS
Nihili0@programming.dev
lysdexic@programming.dev
35
The empire of C++ strikes back with Safe C++ blueprint (www.theregister.com)
submitted 1 month ago* (last edited 1 month ago) by cmeerw@programming.dev to c/cpp@programming.dev
38 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] lysdexic@programming.dev 1 points 1 month ago* (last edited 1 month ago) (20 children)

From the article.

Josh Aas, co-founder and executive director of the Internet Security Research Group (ISRG), which oversees a memory safety initiative called Prossimo, last year told The Register that while it's theoretically possible to write memory-safe C++, that's not happening in real-world scenarios because C++ was not designed from the ground up for memory safety.

That baseless claim doesn't pass the smell check. Just because a feature was not rolled out in the mid-90s would that mean that it's not available today? Utter nonsense.

If your paycheck is highly dependent on pushing a specific tool, of course you have a vested interest in diving head-first in a denial pool.

But cargo cult mentality is here to stay.

[–] hunger@programming.dev 9 points 1 month ago (4 children)

If you could reliably write memory safe code in C++, why do devs put memory safety issues intontheir code bases then?

Even highly paid (and probably skilled) devs in the IT industry manage to mess that up pretty regularly. Even if it was: devs using memory safe languages make much fewer mistakes wrt. managing memory... so that tooling does seem to help them at least more than the C++ tooling helps the C++ devs.

[–] lysdexic@programming.dev -3 points 1 month ago (1 children)

If you could reliably write memory safe code in C++, why do devs put memory safety issues intontheir code bases then?

That's a question you can ask to the guys promoting the adoption of languages marketed based on memory safety arguments. I mean, even Rust has a fair share of CVEs whose root cause is unsafe memory management.

[–] FizzyOrange@programming.dev 2 points 1 month ago (1 children)

No it doesn't, that's bullshit.

[–] sukhmel@programming.dev 2 points 1 month ago (1 children)

Well, there is cve-rs, just sayin'

[–] robinm@programming.dev 3 points 1 month ago

The fact that rustc has bugs (which is what cve-rs exploit) doesn't invalidate that rust the language is memory safe.

load more comments (2 replies)
load more comments (17 replies)