Are they using the right technology?
Posted May 23, 2012 15:14 UTC (Wed) by Yorick
In reply to: Are they using the right technology?
Parent article: A Tale of Two Pwnies (Part 1)
You are perfectly right — no, they are clearly not using the right language for a security-critical program (which many of them are nowadays). The problem is that, even assuming that Google are free from the common prejudices and management stupidities that plague many companies (language X is unproven, it is too difficult to find programmers who know X, we are an all-Y shop, and so on), the choice is limited for the kind of application they want to write.
There are languages that would do, at least ones that come close enough for a resource-rich company with the right ideas to build on and improve on in the directions required. It's not that we don't know how to avoid C's faults if we get to design something new, and decades of language implementation have also taught us one or two things.
Of course C is difficult to replace in a world that is built around it — OS interfaces, libraries, third-party middleware, IDEs and tools. A modern web browser is formidably complex, being a hybrid of a large-scale GUI application, an embedded language runtime with a native code compiler, and a low-level system component. C and C++ are inadequate for all aspects of it, but can at least be used for all of it and are readily available.
To take an example, the Rust developers may have the right level of ambition. Their design is conservative, avoiding too much fancy language technology, but enough for something that feels reasonably modern and avoids some well-known "billion-dollar" mistakes.
I don't believe that C or C++ can be "fixed", either by extending the language or by inventing new tools. There are simply too many problems and they are too deeply engrained in the design.
to post comments)