|
|
Subscribe / Log in / New account

Rust for safety

Rust for safety

Posted Jul 13, 2016 11:59 UTC (Wed) by ianmcc (subscriber, #88379)
In reply to: Rust for safety by zlynx
Parent article: Herman: Shipping Rust in Firefox

Bjarne Stroustrup and Herb Sutter are working on a set of guidelines that, eventually, they hope will get compiler support that would give errors when doing things like saving a pointer where you are not the owner.

http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines

to post comments

Rust for safety

Posted Jul 13, 2016 19:28 UTC (Wed) by mjthayer (guest, #39183) [Link]

> Bjarne Stroustrup and Herb Sutter are working on a set of guidelines that, eventually, they hope will get compiler support that would give errors when doing things like saving a pointer where you are not the owner.

I imported that into LibreOffice as a very dirty way of estimating the length - to about 400 pages, and still a work in progress. That does give me a bit of a bad feeling.

Rust for safety

Posted Jul 13, 2016 20:29 UTC (Wed) by roc (subscriber, #30627) [Link] (1 responses)

That work is, at best, speculative. It is currently unknown whether that approach can really work or what the resulting subset of C++ will look like. For example, we already know it rules out practically all use of global variables, a limitation that is not made obvious in the description. There are good reasons to be skeptical of this entire approach.

An appropriate term for "speculative product promise" is "vapourware", and I wrote a whole blog post about this situation: http://robert.ocallahan.org/2016/06/safe-c-subset-is-vapo...

Rust for safety

Posted Jul 21, 2016 9:43 UTC (Thu) by HelloWorld (guest, #56129) [Link]

> For example, we already know it rules out practically all use of global variables
Banning shared mutable state seems entirely reasonable to me.

Rust for safety

Posted Jul 14, 2016 4:55 UTC (Thu) by torquay (guest, #92428) [Link] (9 responses)

    ... and Herb Sutter are working on a set of guidelines ...

Anything proposed by Herb Sutter should be taken with a (large) grain of salt. He is pretty much the embodiment of the Ivory Tower establishment.

Firstly, his entire GoTW series perversely serves as clear examples of how C++ is overcomplicated and full of traps. Secondly, he is employed at Microsoft, a company that has a shockingly bad C++ "compiler" (MSVC), notorious for being full of bugs and severely lacking in standards compliance. To this date it doesn't properly support C++11, and its C++98 compliance still isn't complete. A company with this track record should be nowhere near a ISO C++ standards process. (Let's also not forget the manipulation of the Office Open XML "standard").

Rust for safety

Posted Jul 14, 2016 20:23 UTC (Thu) by epa (subscriber, #39769) [Link]

On the contrary, someone who has spent the last twenty years collecting the various traps and gotchas in C++ is ideally placed to suggest ways they could be eliminated. This is also a reason why Rust, to an interested observer, looks like such a good thing: it is written by programmers who have experience using C++ in a large, mature codebase, and have been well exposed to its strengths and weaknesses. (The same is true of Mono, which was also originally a "there must be something better than C++" project following the experience of writing Gnumeric.)

I don't think the failings of Microsoft's C++ compiler are particularly relevant to Stroustrup and Sutter's safe-subset proposal.

Rust for safety

Posted Jul 16, 2016 13:33 UTC (Sat) by mathstuf (subscriber, #69389) [Link] (3 responses)

> a shockingly bad C++ "compiler" (MSVC)

While it has its quirks, it does catch warnings that are not caught by GCC or Clang. Most of its standards shortfalls are documented as such and are, generally, not fixable due to it being a 35 year old codebase (e.g., there are some edge cases where the parser just says "no" to valid constructs that will never be fixed due to the structure of the codebase; two-phase lookup (enable_if-area stuff) is also not implemented). There is now a Clang backend which has a cl-compatible command line interface which ships with the most recent versions of Visual Studio.

> severely lacking in standards compliance

They also don't claim to be compliant. For contrast, see Apple's Clang release where they *ripped out* TLS support (supposedly it is also a runtime failure; it compiles just fine). And they still claim to be compliant.

> A company with this track record should be nowhere near a ISO C++ standards process

Have you been to a ISO C++ meeting? No one company runs the show. Not by any stretch.

Rust for safety

Posted Jul 16, 2016 16:37 UTC (Sat) by pizza (subscriber, #46) [Link]

> They also don't claim to be compliant.

Be that as it may, MSVC's "quirks" have historically made it quite challenging to maintain a cross-platform codebase.

Rust for safety

Posted Jul 17, 2016 10:17 UTC (Sun) by micka (subscriber, #38720) [Link] (1 responses)

> not fixable due to it being a 35 year old codebase

So it's roughly the same age as gcc. It's a shame those two old compilers can't be fixed!

Rust for safety

Posted Jul 17, 2016 12:09 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

I think it's that the compiler phases don't pass all of the required information between them and fixing it is too invasive a change for the cases it fixes. If it were FOSS, there might be an enterprising contributor to tackle it, but I suspect there is higher ROI for things like getting the clang stuff released.

Rust for safety

Posted Jul 21, 2016 10:10 UTC (Thu) by HelloWorld (guest, #56129) [Link] (3 responses)

> Secondly, he is employed at Microsoft, a company that has a shockingly bad C++ "compiler" (MSVC), notorious for being full of bugs and severely lacking in standards compliance.
It's one of the better implementations according to Bjarne Stroustrup.
https://www.simple-talk.com/opinion/geek-of-the-week/bjar...

Rust for safety

Posted Jul 21, 2016 11:45 UTC (Thu) by pizza (subscriber, #46) [Link] (2 responses)

FWIW, that interview was from 2008 -- And when he says "It's getting very good actually both in terms of standard conformance and in code quality," the implication is that it had a reputation for not being either.

MS's C++ compiler _was_ by far the worst when it came to standards compliance and bugs -- not necessarily in the compiler itself, but also the standard [template] libraries that everyone's supposed to be able to rely on. It's quite a lot better now.

Meanwhile.

"...and deep in GNU C++ you find quite a few non-standard features. Whenever I can, I prefer to deal with ISO standard C++ and to access system-specific features through libraries with system-independent interfaces."

One of the nice things about the GNU toolchain is that you can disable all of those non-standard extensions by using compiler flags to force strict compliance (--std=c++03 --pedantic-errors) and still have a useful compiler. (And GCC doesn't provide any access to "system-specific features", beyond the mandated contents of the standard C/C++ libraries...)

Rust for safety

Posted Jul 21, 2016 17:54 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Back in 2003, MSVC was _better_ than C++ standard. For me the major advantage was that it didn't require template code to be littered with "typename" statements.

Rust for safety

Posted Jul 21, 2016 18:11 UTC (Thu) by pizza (subscriber, #46) [Link]

Most of my experience with MSVC was with C, not C++, and it wasn't until VS2015 that it finally supported C99 *syntax* sufficiently well to be able to use C99 at all on a cross-platform codebase.

Anyway. Back to Rust.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds