Rust in the Linux kernel (Google security blog)
Rust in the Linux kernel (Google security blog)
Posted Apr 22, 2021 11:36 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)In reply to: Rust in the Linux kernel (Google security blog) by ncm
Parent article: Rust in the Linux kernel (Google security blog)
That's false. Plenty of algorithms in <algorithm> rely on exceptions. E.g. std::copy_n with a back_inserter will throw on out-of-memory.
Posted Apr 23, 2021 17:06 UTC (Fri)
by ncm (guest, #165)
[Link] (4 responses)
If you choose to specialize std::copy_n on it—as for any callback—exceptions are your responsibility. Normally, if one does not want exceptions from std::back_inserter, one calls reserve() on the container, first, to establish enough storage, which is anyway more efficient; or, for nodal containers, construct it with an allocator and make sure the allocator had enough in reserve.
Taking responsibility for what your code does is something we call programming.
Falsehoods do not improve the discourse here.
Posted Apr 23, 2021 18:55 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
C++ absolutely relies on exceptions and working around them results in a lot of ugly code.
> Taking responsibility for what your code does is something we call programming.
Posted Apr 23, 2021 19:40 UTC (Fri)
by mss (subscriber, #138799)
[Link] (2 responses)
It's STL that you are talking about, not the core C++ language.
This distinction is important when considering C++ for kernel usage - we would probably only use parts of STL,
> If everybody actually took responsibility for what they write, C/C++ programmers would be in prison, serving lifetime sentences for the reckless endangerment.
That kind of opinion doesn't help keeping the discussion technical and civil.
Posted Apr 23, 2021 19:45 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
It's fair to say that it's possible to work around that issue, but then you'll lose most of the STL (including std::string). And you code will quite often not be idiomatic C++.
> That kind of opinion doesn't help keeping the discussion technical and civil.
I believe that writing in C++ is absolutely irresponsible at this point, and the whole safety culture needs to change.
Posted Apr 23, 2021 19:59 UTC (Fri)
by mss (subscriber, #138799)
[Link]
Many C++ projects manage to use this language without resorting to exceptions.
It depends on a class, but it it often possible to initialize object to a dummy state in case of an unexpected error in a constructor
Rust in the Linux kernel (Google security blog)
Rust in the Linux kernel (Google security blog)
"reserve" requires an upfront knowledge of the resulting size. But even knowing the resulting size is not enough, because copy constructor itself might throw (e.g. copying a string and getting an OOM).
If everybody actually took responsibility for what they write, C/C++ programmers would be in prison, serving lifetime sentences for the reckless endangerment.
Rust in the Linux kernel (Google security blog)
after adapting it for this environment.
Rust in the Linux kernel (Google security blog)
I disagree. Core C++ also relies on exceptions. It's the only way to return errors from constructors, for example. With copy constructors being the worst offenders.
Yet it's true. And I say that as a C++ developer.
Rust in the Linux kernel (Google security blog)
(like a NULL pointer in case of a smart pointer template, empty string for a string template, etc.).