zlacker

[parent] [thread] 4 comments
1. hegels+(OP)[view] [source] 2022-10-02 16:22:01
Linters can catch panics, linters for C won't catch memory issues which is what rust prevents.
replies(1): >>layer8+22
2. layer8+22[view] [source] 2022-10-02 16:30:55
>>hegels+(OP)
Linters like Splint [0] (predating Rust) can do that for C. I’m not saying that Rust’s built-in approach isn’t better, but please be careful about what exactly you claim.

[0] http://splint.org/

replies(2): >>dcsomm+x5 >>hegels+Gg1
◧◩
3. dcsomm+x5[view] [source] [discussion] 2022-10-02 16:49:18
>>layer8+22
Interesting that despite tools like Splint, 70% of high severity security vulns, including in well staffed projects like Chrome and Windows, are due to memory unsafety. The false negatives of security analysis tools are significant and are the very reason Rust got developed.
replies(1): >>layer8+F6
◧◩◪
4. layer8+F6[view] [source] [discussion] 2022-10-02 16:55:13
>>dcsomm+x5
No, the reason Rust was developed (with regard to that aspect) was that the necessary static analysis is enforced by the compiler if it is built into the language, whereas otherwise (if not built in) it empirically doesn’t get a lot of adoption. There’s nothing Rust’s static analysis is doing that couldn’t be done with the same semantics using an external static analyzer and linter annotations.

The ideas of Rust weren’t new when Rust was developed. The actual integration into a new programming language beyond experimental status was, and the combination with ML-style functional programming.

◧◩
5. hegels+Gg1[view] [source] [discussion] 2022-10-03 01:05:32
>>layer8+22
Splint doesn't make C memory safe. What I meant is that it doesn't prevent the same problems that Rust does. Hence, you can add a linter to rust to prevent panics. You cannot add a linter to C to make it memory safe.
[go to top]