Herb Sutter on increasing safety in C++
Herb Sutter on increasing safety in C++
Posted Mar 16, 2024 11:08 UTC (Sat) by mb (subscriber, #50428)In reply to: Herb Sutter on increasing safety in C++ by khim
Parent article: Herb Sutter on increasing safety in C++
And before the removal of the unsafe code it was this much faster? It was on top of the list?
Posted Mar 16, 2024 11:36 UTC (Sat)
by khim (subscriber, #9252)
[Link] (2 responses)
Yes. It was near the top, often #1. And that was, apparently, primary concern of it's author, his goal and achievment. And it's not as if “bullying” started from nothing. Read this article, e.g. Does it look like a bullying? Just read the whole discussion linked from there. Does this “car shouldn't have a seatbelts coz good drivers don't have accidents” or “bike helmets are for sissies, I wouldn't look cool if I would wear them” sound like a something you would want in an important project or library? The problem was always not the number of What you have if you program like that is not Rust, that's C++ in the Rust skin! That was the issue, not number of And when Kim started adding safe functions which exported unsafe behavior to bring down number of AFAICS Rust community dealt with it in the only way that actually works: try to educate, but if that doesn't work then expell. C/C++ community is full of such persons and it doesn't look as if any “safety plan” for C++ even acknowledges their existence.
Posted Mar 16, 2024 11:58 UTC (Sat)
by mb (subscriber, #50428)
[Link] (1 responses)
Ok, that is quite unusual then.
>The problem was always not the number of unsafe in Actix-web but the attitude that removal of unsafe needs a justification
Yes, I agree adding unsafe needs a justification. Not the removal.
Unsafe code is Ok, if it is carefully documented and thought through. The safe API to it must always be sound. Most of the time that means the unsafe code is down somewhere inside of a safe wrapper. But of course, that's not always easy to do and requires some serious engineering.
Posted Mar 16, 2024 12:26 UTC (Sat)
by khim (subscriber, #9252)
[Link]
The issue it that at certain point you reach the state where you have to make a choice. You may achieve, typically, about 50% of theoretical maximum performance while keeping architecture “safe and fast” bit at some point you hit the limit of what can be done that way. Axum is developed independently and it's very close to Actix-web on benchmarks (currently 5% fater, but that changes over time, it was 5% slower year ago). Beyond certain point you have to either do some hard choices or accept significant (though rarely critical) performance loss. Things like the decision of Windows NT 4.0 to move graphics drivers into the “microkernel”.
Herb Sutter on increasing safety in C++
unsafe in Actix-web but the attitude that removal of unsafe needs a justification, while using them when pesky compiler complains is fine.unsafe words per see.unsafe code blocks… how do you deal with that?Herb Sutter on increasing safety in C++
I guess they took the other extreme and also removed all unsafe code that made sense? Or is the architecture so broken and it can't work safely and fast at the same time?
> Or is the architecture so broken and it can't work safely and fast at the same time?
Herb Sutter on increasing safety in C++