| |
| ▲ | Yoric 5 days ago | parent | next [-] | | Yeah, it's great that the C++ community starts to take safety in consideration, but one has to admit that safety always comes as the last priority, behind compatibility, convenience, performance and expressiveness. | |
| ▲ | StillBored 5 days ago | parent | prev [-] | | Its worse. The day I discovered that std::array is explicitly not range/bounds checked by default I really wanted to write some angry letters to the committee members. Why go through all the trouble to make a better array, and require the user to call a special .at() function to get range checking rather than the other way around? I promptly went into my standard library and reversed that decision because if i'm going to the trouble to use a C++ array class, it better damn well give me a tiny bit of additional protection. The .at() call should have been the version that reverted to C array behavior without the bounds checking. And its these kinds of decisions repeated over and over. I get its a committee. Some of the decisions won't be the best, but by 2011 everyone had already been complaining about memory safety issues for 15+ years and there wasn't enough politics on the comittee to recognize that a big reason for using C++ over C was the ability of the language to protect some of the sharper edges of C? | | |
| ▲ | fluoridation 5 days ago | parent | next [-] | | >Why go through all the trouble to make a better array, and require the user to call a special .at() function to get range checking rather than the other way around? Because the point was not to make an array type that's safe by default, but rather to make an array type that behaves like an object, and can be returned, copied, etc. I mean, I agree with you, I think operator[]() should range-check by default, but you're simply misunderstanding the rationale for the class. | | |
| ▲ | StillBored 4 days ago | parent [-] | | Which goes to the GP's point, which is that security and robustness are not on the radar. And my point in providing a concrete example, where a decision was made to prioritize unsafe behavior in a known problematic area, when they could just as well have made a half dozen other decisions which would have solved a long standing problem rather than just perpetuating it with some new syntactic sugar. | | |
| ▲ | fluoridation 4 days ago | parent [-] | | I didn't dispute that, I was simply addressing the point about std::array. The class is not meant to be "arrays, but as good as they could possibly be". It's "arrays, but as first-class objects instead of weird language constructs". That said, making std::array::operator[]() range-checking would have been worse, because it would have been the only overload that did that. Could they have, in the same version, made all the overloads range-checking? Maybe, I don't know. |
|
| |
| ▲ | TinkersW 5 days ago | parent | prev | next [-] | | std::array [] is checked if you have the appropriate build settings toggled, which of course you should during development. The same applies to many of the other baseless complaints I'm seeing here, learn to use your tools fools. | |
| ▲ | mbac32768 5 days ago | parent | prev [-] | | Good news! Contracts were approved for c++26 so they should be in compilers by like 2031 and then you can configure arrays and vectors to abort on out-of-bounds errors instead of corrupting your program. Let no one accuse the committee of being unresponsive. |
|
|
