if only the linux kernel would switch to C++, in the long term you could switch to STL strings and even use the new performant STL type safe formatting. rust is not neccesary at all.
Announcement
Collapse
No announcement yet.
Linux 6.8 Now Enables -Wstringop-overflow To Warn About Buffer Overflows
Collapse
X
-
Originally posted by archkde View Post
My point is that Rust does not improve the static analysis story over C/C++ here, which the comment I replied to can be interpreted as. C and C++ compilers will optimize manually written bounds checks away just as well as rustc does for the automatic one.
- Likes 1
Comment
-
Originally posted by NobodyXu View Post
Well lifetime and borrow checker is indeed an improvement to static analysis, rustc is able to apply no_alias attribute which is a feature rarely used by llvm C/C++ compiler that rustc discovers several bug in LLVM relating to no_alias
Comment
-
Originally posted by cj.wijtmans View Post
C++ with metaprogramming can determine string literals length at compile time very easily. Thats one big reason for the kernel to switch to C++. C++ has better type safety and performance with metaprogramming.Code:b"foo"
Code:&'static [u8; 3]
- Likes 3
Comment
-
Originally posted by archkde View Post
Exclusive references are basically the same as restrict in C. It is however true that C programmers don't generally use it because they prefer making a tangled mess of shared mutability.
Rust does check your work, it doesn't let you compile the program unless it can prove that you used references correctly (sure, you can trick the compiler in unsafe blocks, the point of them is telling the compiler "I *did* check my work, but I can't make the compiler understand this construct", they are the exception not the norm in rust code outside foundational libraries and FFI).
C and C++ is as if you are in an unsafe block all the time, with no way to turn it off.
(I have coded C++ for over a decade professionally, and rust for a couple of years as well at this point, though professionally only the last few months. Plain C I thankfully haven't written in many years at this point, though I used to.)
- Likes 2
Comment
-
Originally posted by archkde View Post
Same for Rust, a byte-string literal includes the length too (for exampleCode:b"foo"
Code:&'static [u8; 3]
- Likes 1
Comment
Comment