Heartbleed and static analysis

Sat Apr 12 16:36:42 PDT 2014

On Sat, Apr 12, 2014 at 11:12:37PM +0000, froglegs wrote:
[...]
>  Design flaws of C++? It may have a few, but compared to C? I think
> C++ is far better designed, and far safer.

Few?? Wow. How long have you been writing C++ code? Maybe you might find
this enlightening:

	http://bartoszmilewski.com/2013/09/19/edward-chands/

:-)

[...]
> Because C++ is more complex it requires more informed programmers to
> operate than C.
> 
> If you have a team of informed C++ programmers I feel that it is very
> possible to produce very quickly, high quality reliable code. That all
> members can understand(I'd be inclined to say fire anyone that can't
> grok it, they will just be a liability).

Very quickly? Maybe. High quality? I doubt it. Maybe you're among the
lucky few who can fire incompetent C++ programmers (or, shall we say,
less-than-expert) at will. But in a large project with 50+ coders
simultaneously working on the codebase, you're not going to have that
luxury. And this is where C++'s flaws really become a pain in the neck.
Even "informed" C++ programmers are not aware of all of the subtleties
of the C++ standard -- and let's not fool ourselves, the C++ standard is
huge, complex, and I doubt even Stroustroup himself can remember all of
its details off the top of his head. In a 50+ member team, *somebody* is
bound trip up on some detail that percolates through the code and causes
very hard-to-find bugs. Compound this with upper management transferring
people around at whim, and you've got a disaster in the making.

At least with C, only competent people will even *get* the job in the
first place, which solves about 50% of the problem. :P

>  But anyway I do not understand why important software is still
> written in C. It makes me sad:(
[...]

You mean, like the Linux kernel? :-P  Maybe you should take it up with
Linus. I recommend buying reinforced fireproof armour first. :-P

T

-- 
Time flies like an arrow. Fruit flies like a banana.