41
Memory Safety is a Red Herring
(steveklabnik.com)
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Credits
It sounds like you've never had to do real work in a language kind C++ where the compiler is always trying to play gotcha with undefined behavior. You can kind of use tools like AddressSanitizer to catch undefined behavior in testing but you certainly cannot just have a compiler catch it for you like you claim.
I use C++ all the time, undefined behavior is not something I encounter ever. I run undefined behavior sanitizer often.
From the looks of some of the posts showing up in this thread, I doubt the bulk of the commenters portraying UB as the root cause of any problem have any experience at all with C or C++. They are clearly resorting to unrealistic strawmen to pretend UB is something that it clearly is not. That just goes to show their technical background and the substance behind their claims. I really don't know how this helps advocating for Rust.
I have over a decade of professional experience working with C++, and it's likely you already used software I worked on.
Throughout those years, the total number of times where undefined behavior posed a problem in any of the projects I worked on was zero.
Please enlighten me about the insurmountable challenges posed by undefined behavior.
Dangling pointers, double frees and the like, mostly. Tell me you haven't run into those and I'll laugh in your face and call you a liar.
Those are bugs you wrote in. UB is not the problem. Your code is the problem.
I ran into bugs. Do you understand that UB is not the problem if you're pushing broken code? It's not the C++ standard that's messing up if you're writing in use-after-free bugs.
The irony of your comment is that some implementations take advantage of UB to prevent programs from crashing and actually continue to work in some scenarios such as use-after-free and even dereferencing null pointers. But that's not caused by UB, is it? Those problems are caused by developers like you and me who didn't knew what they were doing and even failed to either pay attention to the errors flagged by compiler and static code analysis tools, or even failed to onboard one.
I mean, think about it for a second. Let's say we have a magic wand that can update any C and C++ standard version of your choosing, and we specify that each and every single instance where behavior is left undefined is updated to specify that the program should automatically crash. Awesome, no more UB. What does this mean for your code? Is it now bug-free? Is it now working well after crashing all the time due to the code you added? What role did UB played in this mess?
Do you understand this?
I repeat: detractors just parrot undefined behavior as some kind of gotcha in ways I’m not even sure they fully understand.
Could you provide examples of this?