Originally posted by Weasel
View Post
What's special about UB is that it attacks your ability to find bugs, like a disease that attacks the immune system. Undefined behavior can have arbitrary, non-local and even non-causal effects that undermine the deterministic nature of programs. That's intolerable, and that's why it's so important that safe Rust rules out undefined behavior even if there are still classes of bugs that it doesn't eliminate.
-- trentj @ https://users.rust-lang.org/t/newbie-learning-how-to-deal-with-the-borrow-checker/40972/11
-- trentj @ https://users.rust-lang.org/t/newbie-learning-how-to-deal-with-the-borrow-checker/40972/11
Honestly, after more than 25 years of C (and C++), I’ve become very frustrated with the average C code I seen in the wild. OpenSSL is fairly typical, in a lot of ways. So much C code has buffer overflows, numeric overflows, memory leaks, double frees, undefined behavior, and an an endless number of bugs. There are exceptions—djb’s code is quite good, dovecot seems reasonable, OpenBSD audits aggressively—but when I dive into most C code, I expect problems… I’m tired. I don’t want to rely on programmers practicing constant, flawless vigilance.
-- emk @ https://www.reddit.com/r/rust/commen...not_a/ds0u68p/
-- emk @ https://www.reddit.com/r/rust/commen...not_a/ds0u68p/
Comment