There’s a lot to unpack here, almost as if the article is rage bait, but I’ve got some time.
Spelling errors, author claims they aren’t a researcher but does their text editor not have a spellcheck?
Author claims it’s unscientific to dismiss C without evidence, then states they will present no evidence in their article, just feels.
We can’t have a proper discussion about C’s safety over other languages without clearly stating what we’re comparing it to. C++ and Objective-C get a mention, but only because they have more abstraction than C. What about languages like Rust and Ada? When C gets a reputation for being unsafe it’s partly because other languages have tried to address the shortcomings. Do they not deserve analysis?
Article states that ffmpeg, cpython, GNU and some other libraries are safety critical. How about actual safety critical systems? If you’re writing the control software for a plane, which language would you use? Better yet, historically which languages have been used and why?
Aticle states that C is readable. There is literally a competition to make unreadable C code.
Article states that C “fails fast and hard” because the program quits on segfaults. Yeah, but it compiled and ran before that segfault, is that not a little concerning?
Article then states that “Safety doesn’t matter as much as you think it does”. I agree that some of this memory safety stuff gets exaggerated. I’m a game developer, I don’t launch rockets into space. But the paper is specifically discussing safety critical systems. In safety critical systems, safety matters a lot. You could even say it’s critical.
There are some use cases where c is indeed the safest, for the exact evidence in that paper. Example being safety critical systems and real time control systems.
The rate for in production for safety critical devices is so low that it almost can't even be measured. It's lost in statistical noise.
That doesn't mean that C is safe; it just means that the certification process for safety critical devices is usually so robust that the process prevents a lot of bugs hitting the field (memory or otherwise).
Being simple and readable adds some weight to the argument for C over (for example) C++, as visual inspections of idiomatic C code does make it easier to spot problems than (for example) idiomatic C++[1].
[1]. No reference arguments to functions (using & to pass an address for a pointer parameter is a very helpful visual clue!), no operator overloading, no magic functions (constructors) being run on declaration of a variable.
What you want is Rust, but from what I've seen in the industry, you can't have Rust. Instead, all you get is C - and maybe a decade-old C++ implementation, because the microprocessor vendor only provides an old version of the GCC compiler, and you can't use anything else.
You do not want Rust is you are planning on doing anything on a live Linux USB/CD/DVD.
The minimal profile is 500 MB alone.
Even when Rust is installed on an external USB, for whatever reason Rust still created ~/.cargo and fills it with crates until the live Linux USB runs out of disk space.
Maybe Rustaceans can provide the instructions to avoid ~/.cargo being created when the Rust tool chain is installed deliberately on an external USB?
C is widely preferred for safety critical systems due tu limiting to a subset of C that vastly minimizes errors, MISRA-C, and a very robust and mature ecosystem of compilers, analyzers, workforce, etc. Whether empirically it is safer is honestly hard to measure, but those who care (regulatory agencies) do prefer it to other languages. I'd be laughed out of the room if I proposed Rust for an airplane flight control software.
That is not to say other languages cannot reach that point, or do not offer genuine technical advantages in safety over C. They do. But there's a way to go, still.
Thanks for the info! I’m pretty sure it’s all the other qualities of C aside from safety that make it used there, but yes, I can imagine it doable safely with right ecosystem and due process. Very interesting!
No other language has managed to
produce anywhere near the same amount of safety and security critical software
deployed the world over as C. In evolutionary terms, it is clear that security
critical C projects have a much higher survival rate than security critical projects
written in any other language.
Nope.
C has more security critical software than other langauges because C has more software, fullstop - it's just statistics.
C has more software because it is old and because it is compatible (runs on basically any OS or hardware)
In evolutionary terms, the author should look at how companies are actively replacing security-critical C code with Rust, and trend that started a while ago and is only continuing.
GetIntoGameDev@reddit
There’s a lot to unpack here, almost as if the article is rage bait, but I’ve got some time.
Spelling errors, author claims they aren’t a researcher but does their text editor not have a spellcheck?
Author claims it’s unscientific to dismiss C without evidence, then states they will present no evidence in their article, just feels.
We can’t have a proper discussion about C’s safety over other languages without clearly stating what we’re comparing it to. C++ and Objective-C get a mention, but only because they have more abstraction than C. What about languages like Rust and Ada? When C gets a reputation for being unsafe it’s partly because other languages have tried to address the shortcomings. Do they not deserve analysis?
Article states that ffmpeg, cpython, GNU and some other libraries are safety critical. How about actual safety critical systems? If you’re writing the control software for a plane, which language would you use? Better yet, historically which languages have been used and why?
Aticle states that C is readable. There is literally a competition to make unreadable C code.
Article states that C “fails fast and hard” because the program quits on segfaults. Yeah, but it compiled and ran before that segfault, is that not a little concerning?
Article then states that “Safety doesn’t matter as much as you think it does”. I agree that some of this memory safety stuff gets exaggerated. I’m a game developer, I don’t launch rockets into space. But the paper is specifically discussing safety critical systems. In safety critical systems, safety matters a lot. You could even say it’s critical.
masklinn@reddit
And although it is now dead, there was also a competition to make code discreetely malicious.
crusoe@reddit
Quick what is the syntax for a function ptr in C?
UncleGrimm@reddit
It is with a heavy heart that I must report: Embedded engineers name their variables almost as badly as mathematicians
masklinn@reddit
Even before that, you need some fucking gall to look at a C callback typedef and state that it's readable.
Boson_Higgs_Boson@reddit
It’s as safe as a Glock
Lucretia9@reddit
...pointed at your face. Glocks are not the most accurate at range, but close up they're good.
Letiferr@reddit
Accuracy and safety are two wildly different things whether talking about software or talking about firearms
Putrid_Enthusiasm_41@reddit
It’s very high level programming language and has a lot of guardrails make sure everything runs smoothly
Lucretia9@reddit
This is a joke comment right?
Putrid_Enthusiasm_41@reddit
Yes
Unique_acar@reddit
Its a long forgotten language now
YoungestDonkey@reddit
Most of his points can also be made for dynamite.
TwoIsAClue@reddit
With the difference that dynamite was an actual safety innovation at its time, the previous explosives really liked their moniker.
zeropage@reddit
There are some use cases where c is indeed the safest, for the exact evidence in that paper. Example being safety critical systems and real time control systems.
faiface@reddit
C being safest in safety critical systems? If a system is safety critical, I’d assume a language being full of footguns isn’t a positive
lelanthran@reddit
C isn't the safest by far, just "safe enough".
The rate for in production for safety critical devices is so low that it almost can't even be measured. It's lost in statistical noise.
That doesn't mean that C is safe; it just means that the certification process for safety critical devices is usually so robust that the process prevents a lot of bugs hitting the field (memory or otherwise).
Being simple and readable adds some weight to the argument for C over (for example) C++, as visual inspections of idiomatic C code does make it easier to spot problems than (for example) idiomatic C++[1].
[1]. No reference arguments to functions (using
&to pass an address for a pointer parameter is a very helpful visual clue!), no operator overloading, no magic functions (constructors) being run on declaration of a variable.thesituation531@reddit
For something like a heart monitor, you would want C, C++, or Rust.
It needs to be deterministic and reliable. You can't have garbage collections or memory reshuffling going on.
borland@reddit
What you want is Rust, but from what I've seen in the industry, you can't have Rust. Instead, all you get is C - and maybe a decade-old C++ implementation, because the microprocessor vendor only provides an old version of the GCC compiler, and you can't use anything else.
guest271314@reddit
You do not want Rust is you are planning on doing anything on a live Linux USB/CD/DVD.
The minimal profile is 500 MB alone.
Even when Rust is installed on an external USB, for whatever reason Rust still created
~/.cargoand fills it with crates until the live Linux USB runs out of disk space.Maybe Rustaceans can provide the instructions to avoid
~/.cargobeing created when the Rust tool chain is installed deliberately on an external USB?GetIntoGameDev@reddit
Or Ada, which is what most critical realtime systems are actually written in.
faiface@reddit
Oh, so real-time. That makes sense. Although Rust and C are completely different leagues here when it comes to crashing.
Ashamed_Soil_7247@reddit
C is widely preferred for safety critical systems due tu limiting to a subset of C that vastly minimizes errors, MISRA-C, and a very robust and mature ecosystem of compilers, analyzers, workforce, etc. Whether empirically it is safer is honestly hard to measure, but those who care (regulatory agencies) do prefer it to other languages. I'd be laughed out of the room if I proposed Rust for an airplane flight control software.
That is not to say other languages cannot reach that point, or do not offer genuine technical advantages in safety over C. They do. But there's a way to go, still.
If you want a couple talks on the subject:
- https://www.youtube.com/watch?v=gG4BJ23BFBE
- https://www.youtube.com/watch?v=YofBgJ2zpBs
faiface@reddit
Thanks for the info! I’m pretty sure it’s all the other qualities of C aside from safety that make it used there, but yes, I can imagine it doable safely with right ecosystem and due process. Very interesting!
zeropage@reddit
Flight system software is written in c, c++ and ada. Don't get on an airplane if you are scared of footguns.
borland@reddit
Nope.
C has more security critical software than other langauges because C has more software, fullstop - it's just statistics. C has more software because it is old and because it is compatible (runs on basically any OS or hardware)
In evolutionary terms, the author should look at how companies are actively replacing security-critical C code with Rust, and trend that started a while ago and is only continuing.
crusoe@reddit
Making that software "safe" took decades and requires constant surveillance from sanitizers, etc.
guest271314@reddit
Wow. The comments here re C are a trip...
M01120893474R@reddit
C is so unsafe CMU created a C0 to properly teach kids safety in C
Lucretia9@reddit
Not even close to being safe. It is one of, it not, the most unsafe language out there.
faiface@reddit
Read the paper if you wanna have fun picking out what’s wrong with it like by line
BakaGoop@reddit
Yup, the reason Linux is written in C is because the programmers thought it was the most fun language to use
faiface@reddit
But if a language isn’t fun, you’re gonna fall asleep and make lots of safety vulnerabilities with your forehead on the keyboard!
ProgramTheWorld@reddit
- says no one ever
pharmacy_666@reddit
i like how this is formatted like a paper but has the analysis of a web dev tech blog
Letiferr@reddit
It isn't...