Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
pjmlp 5 hours ago

If it helps finally acknowledging basic stuff like bounds checking matters, great, this from a guy that rather use system languages with automatic resource management.

"A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980 language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law."

-- C.A.R Hoare's "The 1980 ACM Turing Award Lecture"

From 1980!

C++26 will finally have hardening on the standard library, something that I could already enjoy in 1990's with Turbo Vision, OWL, MFC, VCL, but was too much to ask for on the standard library apparently, even if compilers kept having each own their approach.

It took governments and companies to start mapping CVEs to money spent fixing them, to finally acknowledge something had to change.

Meanwhile on C land, business as usual regarding Hoare's quote.

msla 2 hours ago | parent [-]

It's interesting how it's Obviously Impossible to write OSes in garbage-collected languages, and this is proven by the fact successful OSes were written in garbage-collected languages back in the Stone Age, or 1980s, whichever. My current laptop has enough RAM to swallow the entire state of a Symbolics workstation (RAM and disk) without noticing, but it's obviously too wimpy to run an OS written in anything other than C.

(Nitpickers' Corner: "Successful" and "the most commercially successful" are, in fact, two different words. Gots all them different letters an' everything. Therefore, Genera not being as profitable as such Sophisticated Top-Of-The-Line Pieces of Professional-Grade Enterprise-Ready software as MS-DOS doesn't mean Genera wasn't successful.)

josephg an hour ago | parent | next [-]

Yeah its funny what we can get away with using different design tradeoffs on modern computers.

I've been reading through the SeL4 source code lately. SeL4 isn't a multithreaded kernel. It supports SMP - so, it can use all the cores on your computer. But the kernel itself uses a big mutex. Complex syscalls can't run concurrently.

And you know what? I think its fine. A tiny microkernel like SeL4 offloads almost everything to separate processes anyway. The only things in the core kernel are the bootloader, scheduler and thread cap tables. Device drivers are multithreaded because they all run in separate processes.

Having the kernel itself effectively single threaded reduces a whole class of bugs and complexity, at a (hopefully) negligible performance cost. Its smart.

pjmlp an hour ago | parent | prev [-]

My android with garbage collected userspace challenging Termux folks, works just fine....