Moving the kernel to modern C
Moving the kernel to modern C
Posted Mar 4, 2022 8:12 UTC (Fri) by wtarreau (subscriber, #51152)In reply to: Moving the kernel to modern C by nybble41
Parent article: Moving the kernel to modern C
No, that's precisely the opposite. If you don't have issue with "add(a, b)", the please by all means use that and leave the operators to their original meaning so that the vast majority of the characters in the code you are reading do what you were always taught they do. Nobody imagines that when you're doign your errands and see "3 + 1 offered", this "+" means "perform a database access and do some special operation to return a different value" nor "concatenate them and say 31". No, you imagine an addition, with all the simplicity that comes with it, but within some technical constraints imposed by computers (e.g. domain limitations causing wrapping, saturation or overflows). When I read "a + b", I hear "a plus b" and nothing else. I'm not hearing "a, the first argument of a function using a symbol looking like the plus I know, and a second argument b, now let's check if such a function exists otherwise I'll assume it's in fact a regular plus".
It is important to be able to read code the most naturally possible. It's a matter of efficiency and reliability. And most exploited security flaws in software are found by careful code review and could be spotted by their developers if the code was not constantly cheating on them doing nasty tricks that do not ressemble what it seems to do. That's the same reason why many developers perfer to use upper case for macros. It's a signal that you should look it up and that it might evaluate your arguments more than once, for example.
Posted Mar 4, 2022 9:38 UTC (Fri)
by mpr22 (subscriber, #60784)
[Link] (1 responses)
When I'm trying to understand the calculations a piece of code is doing on data entities for which arithmetic is a "natural" concept, but which are not Sacred Primitive Types of the implementation language, wading through the resulting vast piles of "x = add_foo(a, multiply_foo(b, c))" etc is the kind of chore that degrades my attention span.
Posted Mar 4, 2022 13:04 UTC (Fri)
by wtarreau (subscriber, #51152)
[Link]
A good example are the mmx/sse/avx* API with all those complicated functions that map 1-to-1 to the underlying instructions. It's particularly hard to read, but it would be even worse if operators were abused to perform some of them. And there are still much less operators than possible functions anyway, so being a bit more explicit doesn't hurt.
Posted Mar 4, 2022 15:59 UTC (Fri)
by dvdeug (guest, #10998)
[Link] (1 responses)
In all the programming languages under discussion, 3 + 1 returns 4. In mathematics, a + b is an arbitrary function, almost always associative and commutative; 3 + 1 can equal 0, in Z mod 4. I've certainly seen + used as a concatenation operator in real life, like in rebuses.
> if the code was not constantly cheating on them doing nasty tricks that do not ressemble what it seems to do. That's the same reason why many developers perfer to use upper case for macros. It's a signal that you should look it up and that it might evaluate your arguments more than once, for example.
Non-hygenic macros are insane. Had you said
> That's exactly why I despise [C's macro system]. You cannot trust anymore what you're reading.
I wouldn't have disagreed. So why the difference? Why can developers be trusted with macros and not operator overloading?
Posted Mar 4, 2022 17:02 UTC (Fri)
by marcH (subscriber, #57642)
[Link]
> Why can developers be trusted with macros and not operator overloading?
They can't with either. No one likes the pre-processor. It's always seen as a necessary evil to work around C's limitations. Macros are subject to especially high review scrutiny and new ones can be introduced only if they solve a very generic problem and only when they are used all across the board (which ensures a lot of test coverage).
Posted Mar 4, 2022 17:06 UTC (Fri)
by marcH (subscriber, #57642)
[Link]
I wonder where you got that from. Sure there's Spectre and alike but most security flaws I ever looked at (admittedly not that many) were all "mundane" out of bounds accesses, uninitialized use, use after free, integer overflows, etc. All the usual and mundate memory corruption features of C which according to Microsoft and Google account for 70% of all security issues in C/C++ projects (I don't know what the other 30% are)
Moving the kernel to modern C
Moving the kernel to modern C
Moving the kernel to modern C
Moving the kernel to modern C
Moving the kernel to modern C