chraebsliStop comparing programming languages
luciole (they/them)- C++ is fine
- Python is fine
- C# is fine
- PHP is fine
- JavaScript is fine
- C is fine
- Java is fine
I could go on
polonius-rexPHP is fine
i will fine you
JavaScript is also not fine.
C++ apparently has a lot of footguns if you use too many parts of it. C and orthodox C++ are fine.
people say this but C is significantly more batshit than javascript
oh you used scanf? one of the basic functions of our language? sorry that's got a buffer overflow vulnerability so now your application is compromised
Yeah, but as far as I understand that’s not a C vulnerability. It wasn’t added. C just exposes how the underlying CPU works.
If you could avoid exposing dangerous memory quirks but still retain the same power… well, you’d have invented Rust. Rust is a better language than C, I agree with that.
Edit: Yep, just double checked. Buffers live in physical memory and have to be finite, so if you advance outside of them you’ll go somewhere else. Scanf’s not special, this is just another inherent pointer issue.
exposing the machinations of the underlying CPU with no regard for safety is like, the definition of a footgun
Okay, but how do you code on a CPU without directly interfacing the CPU at some point? Python and JavaScript both rely on things written in mid-level languages. There’s a difference between a bad tool and one that just has limitations inherent to the technology.
Like, to echo the meme a bit, it’s not a totally straight comparison. They have different roles.
a footgun isn't inherently bad, it just implies a significant amount of risk
yes, if you need the ability to code on a low level, maybe C is necessary, but the times where that is actually necessary is smol
also rust
Yes, also Rust. It wasn’t an option until recently though.
The times when C or C++ is worth it definitely isn’t always, but I’m not sure I’d class much of OS programming and all embedded and high-performance computing as small. If you have actual hard data about how big those applications are relative to others, I’d be interested.
Also, it’s a nitpick, but I’d personally say a footgun has to be unforeseeable, like literal shoe guns being added to a video game where guns were previously always visible. Once you understand pointers C is reasonably consistent, just hard and human-error-prone. The quirks follow from the general concepts the language is built on.
Once you understand pointers
once you understand C++ the pitfalls of C++ are reasonably consistent
I'm not sure I'd class much of OS programming and all embedded and high-performance computing as small
there are like what, 3 operating systems these days?
assume those are all written entirely in c and combine them and compare that to all code ever written
once you understand C++ the pitfalls of C++ are reasonably consistent
All of C++? That’s unreasonable, it’s even in the name that it’s very expansive. Yes, if you already know a thing, you won’t be surprised by it, that’s a tautology.
C is more than just pointers, obviously, but the vast majority of the difficulty there is pointers.
there are like what, 3 operating systems these days? assume those are all written entirely in c and combine them and compare that to all code ever written
Plus all previous operating systems, all supercomputer climate, physics and other science simulations, all the toaster and car and so on chips using bespoke operating systems because Linux won’t fit, every computer solving practical engineering or logistics problems numerically, renderers…
Basically, if your computational resources don’t vastly exceed the task to be done, C, Rust and friends are a good choice. If they do use whatever is easy to not fuck up, so maybe Python or Haskell.
All of C++? That's unreasonable, it's even in the name that it's very expansive.
similarly, "all of pointers" is unreasonable
pointers can have a lot of unexpected results
that's literally why java exists as a language, and is so popular
Plus all previous operating systems, all supercomputer climate, physics and other science simulations, all the toaster and car and so on chips using bespoke operating systems because Linux won't fit, every computer solving practical engineering or logistics problems numerically, renderers...
sure, and the quantity of code where true low-level access is actually required is still absolutely minuscule compared to that where it isn't
similarly, “all of pointers” is unreasonable
“all of pointers” can have a lot of unexpected results
How? They go where they point, or to NULL, and can be moved by arithmetic. If you move them where they shouldn’t go, bad things happen. If you deference NULL, bad things happen. That’s it.
sure, and the quantity of code where true low-level access is actually required is still absolutely minuscule compared to that where it isn’t
If you need to address physical memory or something, that’s a small subset of this for sure. It also just lacks the overhead other languages introduce, though. Climate simulations could be in Java or Haskell, but usually aren’t AFIAK.
How? They go where they point, or to NULL, and can be moved by arithmetic. If you move them where they shouldn't go, bad things happen. If you deference NULL, bad things happen. That's it.
what part of that is explicit to how scanf works?
I suppose if you treat scanf as a blackbox, then yeah, that would be confusing. If you know that it’s copying information into the buffer you gave it, obviously you cant fit more data into it than it’s sized for, and so the pointer must be wandering out of range.
Maybe C would be better without stdlib, in that sense. Like, obviously it would be harder to use, but you couldn’t possibly be surprised by a library function’s lack of safeness if there were none.
yeah i mean if you grok the underlying workings of scanf then there's no problem
i'd just argue that the problem is understanding what you need to understand _is the problem with straight
I’m wondering now how much you could add without introducing any footguns. I’d guess quite a bit, but I can’t really prove it. Smart pointers, at least, seem like the kind of thing that inevitably will have a catch, but you could read in and process text from a file more safely than that, just by implementing some kind of error handling.