Memory safety is still considered nice-to-have?

Posted Aug 20, 2024 16:22 UTC (Tue) by khim (subscriber, #9252)
In reply to: Memory safety is still considered nice-to-have? by tialaramex
Parent article: FreeBSD considers Rust in the base system

> You could argue they aren't _less_ safe, but even where that's true, they aren't _more_ safe, they're just more modern

No. They are safer and faster. They are combining two unrelated parts and they don't rely on zero-termination. These things already give you more safety then C counterpart.

They are not memory safe, true, but they are safer.

The danger is, of course, in thinking: oh, these are modern facilities, surely they should make everything memory-safe if not abused? And no, they don't give you that kind of safety.

> For string_view in particular we know people took code that was wasteful but correct (copying strings needlessly) and converted it to code that's fragile or outright wrong through use of string_views whose underlying string might vanish while they're in use.

Yes. But if you would try to convert that code into pile of raw pointers chances are that you would screw up everything even more badly.

I would say that problem is not that “Modern C++” is not safer than “old C++” or “C” but that it's sold as if it's improvements in safety are comparable to what Rust offers, where in reality they are marginal at best.