Heartbleed and static analysis

Sat Apr 12 15:38:55 PDT 2014

On Sat, Apr 12, 2014 at 10:10:55PM +0000, froglegs wrote:
>  Why do they write such important code in C to begin with? C is
> garbage compared to C++.  With C++ they wouldn't need to drop down to
> raw pointers and would never have these problems.
[...]

C++ is better in theory, but not all that much better than C in
practice. The design flaws of the language often makes it worse than C
in terms of maintainability. At my day job, we switched a major project
from C++ back to C, because the C++ codebase was over-engineered and
full of abstractions that nobody understood, patched over multiple times
by people who were reassigned to take the place of the original people
who left, who didn't understand the original design but had unreasonable
deadlines to meet, so as a result they just added hacks and workarounds
to get their job done before they got fired. By the time a few years had
passed, *nobody* understood what the system even does, and every new
code change was a "blindly copy-n-paste from other parts of the code and
pray it won't break something else" deal. It was bloated, slow, and
riddled with bugs nobody dared to fix, because nobody understood what it
does. Certain features were dependent on dtor side-effects, and other
such pathological things, and it was maintenance hell.

We rewrote the entire thing in C and, in spite of all C's flaws, at
least you didn't have dtors performing magic behind your back and class
abstractions that nobody understood what it actually does at runtime. I
have to say that, in spite of C's shortcomings, at least it was a
(relatively) small and self-contained design, and the gotchas were well
understood and well-documented, whereas C++ is a monstrous beast full of
every pitfall imaginable. Just about every other line of code you write
out of habit is almost guaranteed to be wrong in *some* obscure corner
case that only 2% of C++ programmers are even aware of. And in a large
team project, you can guarantee that *someone* one day will write code
that will trigger exactly that one obscure case that will produce a bug
nobody can find. In C, when you mess up, most of the time you get a
straight segfault, and you have no choice but to fix it before you check
in. Well, most of the time, anyway. The same old off-by-1 buffer overrun
bugs just keep recurring and recurring -- I just found another yet a few
days ago, which has been lurking in there for a *long* time. Probably
years. Sigh... But at least it's a well-known and well-understood
problem, whereas in C++ it could be any one of 1000 novel combinations
of several obscure C++ spec corner cases that interact in complex ways
to produce a bug that most mid-level coders don't even understand, let
alone have any idea how to debug.

If you were to ask me 5-10 years ago which language was better, I'd say
C++. Today, I'm not so sure anymore. Both suck. And I'm not sure which
one sucks more -- 5 years ago I'd say C, but now I'm leaning towards
saying C++.

Now if we can only iron out the last 5% of D's wrinkles, it would be a
HUGE relief from C/C++ nastiness.  (Unfortunately, Pareto's principle
dictates that this last 5% is gonna take us 95% of the time. :-P)

T

-- 
"640K ought to be enough" -- Bill G., 1984. "The Internet is not a primary goal for PC usage" -- Bill G., 1995. "Linux has no impact on Microsoft's strategy" -- Bill G., 1999.