| ▲ | zbentley 2 days ago | |
> Mature C programs written by professional coders (Redis is a good example) basically never crash in the experience of users That is a very difficult assertion to validate. It might well be true! But so many conversations about memory safety and C/C++ devolve to assertions with “get gud” at one extreme and “change platforms to one that avoids certain errors” at the other. Without data, even iffy data, those groups talk past each other. Are memory-error CVE counts on C projects the data we need here? Is there some other quantitative measure of real world failures that occur due to memory unsafety? This is all by way of saying that I’d love to see some numbers there. That’s not on you, or meant to question your claim. As you implied, errors in code don’t always translate to errors in behavior for users. It just always sucks to talk about this because broad-spectrum quantitative data on software error rates and their causes is lacking. | ||
| ▲ | jancsika 2 days ago | parent [-] | |
> That is a very difficult assertion to validate. Keep in mind he's limited his assertion to UX. That narrow point is almost certainly true in the case of his C codebase. But read the rest-- he literally wrote how security researchers find memory safety errors in C codebases! Dollars to donuts he came up with this UX-on-accident vs. security-researcher-on-purpose bug dichotomy in his head as a response to some actual CVE in his own C codebase. In short, he's agreeing with the research that led to programming languages like Rust in the first place. And even though he's found an odd way to agree, there's no assertion to validate here (at least wrt security). Edit: clarifications | ||