Heartbleed and static analysis
Dicebot
public at dicebot.lv
Sun Apr 13 09:26:13 PDT 2014
On Sunday, 13 April 2014 at 15:17:30 UTC, Klaim - Joël Lamotte
wrote:
> I don't understand what is the C++ fault when the management of
> the project
> forces people to
> write shit. The same situation would have happen with any
> language and a
> full rewrite by a fixed team
> would have been better whatever the new language.
> I've heard the same story with Java, C# and Python in the last
> few years.
> Always management fault.
>
> I'm not sure I understand the arguments against C++ in your
> examples, in
> particular if you use D which have destructors and "magic" too.
C++ fault is that it makes very easy even for experienced
programmer to write faulty code and consequences of a mistake can
be rather dire. C has similar issues but C is much smaller and
simpler language which allows to keep all possible danger points
in mind. I have yet to meet a single C++ programmer who can
remember about all corner cases at the same time. I am not sure
even Bjorne himself can.
D makes situation much better by refining base semantics to
adhere "safe by default, fast when explicitly asked" principle
(array bounds checks, default initialization of locals). It is
still not 100% consistent but greatly reduces stress of the
context comparing to C++.
I'd still prefer C++ over C for most projects but only if using
very small well-defined subset of C++ verified by static
analysis tool continuously.
More information about the Digitalmars-d
mailing list