If C and C++ are such great languages according to this board why are they so much more vulnerable t…

[Anonymous]

If C and C++ are such great languages according to this board why are they so much more vulnerable to buffer overflow? Isn’t Rust far less vulnerable to buffer overflow? Why learn C and C++ when rust is a thing? I personally am as it is useful for my field and understanding assembly, but for everyone else does it make sense? What other reasons justify learning C and C++ over Rust?

[Anonymous]

[Anonymous]

im gonna be honest im a zoomer please elaborate on what’s said there

[Anonymous]

if you code in SPARK, it’s impossible to code a wrong program

[Anonymous]

That’s absolutely not what it means.

SPARK doesn’t have undefined behavior, which means that it’s theoretically possible to conduct a rigorous formal verification, which would let you verify that a given program acts according to a given formal specification.

This has nothing to do with right or wrong. Your program can have dead-wrong logic (e.g. using a wrong formula to calculate a missile’s trajectory) and you’ll only discover it with FV if you write the proper test.

[Anonymous]

Are you saying that a language can’t babysit a programmer 100%? How insightful.

Seriously, the article even uses the term "correctness of code."

if you code in SPARK, it’s impossible to code a wrong program

gave a decent summation.

[Anonymous]

Rust is a hobby project. C/C++ are professional tools.

If you want to do anything serious on Rust, you have to use unsafe, and as the docs say: "you are on your own, it makes Rust as vulnerable as the code you are importing"

[Anonymous]

Even if you stick with safe code, Rust code just isn’t mature enough. I’m getting an endless amount of panics from allegedly production-ready libraries I’m using.

[Anonymous]

lmao

[Anonymous]

>Rust is a hobby project. C/C++ are professional tools
that must be why fortune 500 companies are starting to use Rust now too
>you have to use unsafe
you say this as if it’s supposed to be forbidden, or illegal to use "unsafe". you don’t seem to understand the point of having explicit unsafe blocks and are trying conflate it with the code being "bad", or somehow invalidates the entire language, which is absurd

[Anonymous]

>fortune 500 companies are starting to use Rust
They aren’t. The Rust cult keeps a list whenever a company makes a passing comment of having written 1 line of Rust for one module, and then go on to pretend all the products are powered by Rust.

One good example is Dropbox which Rustaceans love to brag about using rust, yet you check their job offers and there’s nothing for Rust, just Python/Go/C/C++/Java/JavaScript

[Anonymous]

>They aren’t.
except, they are, why are you lying? I personally know someone who was hired at one specifically to use Rust on a new project with a new team of people.
Microsoft is even working on their own new language with similar concepts to Rust, to help create more secure and malware resistant software. you’re just willfully ignorant, this is the future of software

[Anonymous]

>Microsoft is even working on their own new language
so….not rust? what a resounding endorsement of rust.

[Anonymous]

so if MS makes a clone of Rust with all of its core features, everyone’s fine with using that, as long as it’s not called Rust?

[Anonymous]

Only if they also ban all the trannies.

[Anonymous]

>that must be why fortune 500 companies are starting to use Rust now too
They are only using it for web services. Apples listing about Rust was for a webservice

[Anonymous]

Important systems will continue using Ada not Rust. You use Rust when safety is nice to have but not a life-or-death requirement. Such as a browser.

>browser
>web service
so to avoid buffer overflow as it’s safer right?

Important systems will continue using Ada not Rust. You use Rust when safety is nice to have but not a life-or-death requirement. Such as a browser.

what are important systems cause a web service sounds pretty important?

the person who still has a dick

pls sir pls elaborate

[Anonymous]

>that must be why fortune 500 companies are starting to use Rust now too
Lickers, leave.
Get out.

[Anonymous]

Important systems will continue using Ada not Rust. You use Rust when safety is nice to have but not a life-or-death requirement. Such as a browser.

[Anonymous]

im gonna be honest im a zoomer please elaborate on what’s said there

if you code in SPARK, it’s impossible to code a wrong program

The F35 software is written in c++

[Anonymous]

and c
and ada

[Anonymous]

F35 is not exactly a beacon of quality

[Anonymous]

Dude, I’m a crummy programmer, and I read that while 75% drunk and understood what was said. How on Earth did you not understand?

[Anonymous]

>cummy programmer

[Anonymous]

rust defaults to crashing on runtime errors, which is just a complete no go in safety critical software.

[Anonymous]

>defaults to crashing
so does C++
and if you’re writing safety critical software you never do things the default way, I don’t care what language you’re using, so this is a non agrument

[Anonymous]

>if you’re writing safety critical software you never do things the default way
Ada says hi

[Anonymous]

no it doesn’t
pretty much everything returns a Result<> or an Option<>
you can unwrap() it causing panic or handle it properly it’s up to you

[Anonymous]

that has way more to do with government and military specs requiring standards for every freaking tiny thing. it doesn’t mean Rust is bad or unfit for any purpose. there is so much freaking red tape to do anything government related that private industry doesn’t have to deal with

[Anonymous]

The Rust team doesn’t have the capability to work on that level because it’s a hobby project. That’s why it has one lone compiler with over 7000 bugs (and growing), everyone uses the nightly version because anything slightly outdated is inadequate, no standard (let alone a safety standard), package manager has another 1000 bugs, they are swamped in bugs and can’t keep up, and they keep ousting all the key people that made Rust (the lead dev, the Rust book guy)

[Anonymous]

>The Rust team doesn’t have the capability to work on that level because it’s a hobby project.
the bit about not using in military context because of not having secure coding standards has nothing to do with the language itself, or does it suggest it’s somehow insecure, it LITERALLY means no one has sat down and put together a formal standard of recommendations for secure coding practices. the fact that no one has sat down and done this means they can’t use it
it has absolutely nothing to do with Rust, or the people working on Rust. anyone could do this, just no one has bothered to do it.

[Anonymous]

>just no one has bothered to do it.
And why do you think that is? Because the faries haven’t said "Go!"?
>I work on such systems. Maturity matters.

[Anonymous]

>And why do you think that is?
doing standards work like that isn’t free, and it’s time consuming. if no one has a vested interest in doing it then it won’t get done
and who’s to say someone isn’t working on it right now? there may be a team of people interested in using Rust in such projects and is working to get such standards written, it wouldn’t surprise me if it was true
I also wouldn’t be surprised if it wasn’t happening because shit takes eons to change in government and military, and they already have things in place that "just work" and probably won’t see change for 10-20 years

[Anonymous]

>And why do you think that is?
There hasn’t been much motivation to do so. Safety standards exist for C and C++ because if such standards didn’t exist, every program written in them would potentially be a time bomb. For Rust, there’s not much that needs to be said. Just…

1. Don’t use unsafe when a safe alternative exists. If unsafe must be used, have someone else verify.
2. Don’t use panics unless you mean to crash everything (you don’t). Don’t use functions that can panic unless you can verify they can’t.
3. Don’t rely on a crate without verifying its safety, and when you do, specify an exact version number to prevent supply chain attacks.

Honestly there’s not *too* much to be concerned about.

[Anonymous]

every allocation can panic in Rust, such a great language

[Anonymous]

There’s a reason why the try_new and try_reserve family of methods are being implemented on Rust data types that allocate. That said, panicking on allocation only happens when a system is out of memory, at which point, there is very little that an application can do normally.

[Anonymous]

>something that any relevant language would have implemented on first day is being implemented 6 years later in rust

You actually *can* catch panics.
https://doc.rust-lang.org/std/panic/fn.catch_unwind.html

>not recommended to be used as try/catch mechanism
>cannot catch all panics
this isn’t even why it was added to begin with, scrotebrained shills don’t even know a thing about rust, cute

source?

Where are you pulling this 2 weeks number from?

2 more weeks to flatten C++ programmer curve

[Anonymous]

what’s the quivalent of try_new and try_reserve in C++?

[Anonymous]

new(std::nothrow)

[Anonymous]

>not recommended to be used as try/catch mechanism
You should focus on the reason why. Most functions in Rust’s standard library that panic have alternatives that do not panic, and instead return an Option or Result. It is much more preferable to either use that return value or propagate it, than it is to force panics into the role of try/catch as they are used in languages where exceptions are the standard error model. Panics should be treated as a scenario for which no recovery exists.

>cannot catch all panics
Rust panics can take two forms: unwind or abort. This is specified at the level of the crate, in your Cargo.toml file, and the default is to unwind. If a panic can unwind, it will ALWAYS be caught by catch_unwind. If you choose to abort instead in order to minimize binary size, catch_unwind will not catch it, because the program will abort at the site of the panic, with no room for cleanup. Since the programmer can control how they want panics to behave in their program, however, this is not that much of an issue.

[Anonymous]

if only anything in Rust returned option or result instead of randomly panicking…

[Anonymous]

Memory allocation is one of the few things in Rust that can only panic on failure, and there is current work being done to stabilize an API that allows for failable allocations. Nearly every other thing in Rust that can panic also has an alternative that does not.

[Anonymous]

if trannies cared about safety, it would’ve been default

You’re gonna need to show that picture of the C++ conference trans chick.

>exception to the rule is the rule

[Anonymous]

>if trannies cared about safety, it would’ve been default
If every function that allocated memory returned an Option, most programs would have to be more verbose. The reason why panicking is a default is because in nearly all cases, running out of memory is practically impossible, and in the odd event that it does happen, there is nearly nothing that a programmer could do to recover. It is only in certain embedded applications where you both have memory being tight, and also have failure being unacceptable, that this comes up.

>exception to the rule is the rule
Funny thing is… the "rule" in Rust is that nearly all users are straight white guys. Not trans people.

[Anonymous]

>The reason why panicking is a default is because in nearly all cases, running out of memory is practically impossible, and in the odd event that it does happen, there is nearly nothing that a programmer could do to recover
What the fuck are you talking about?
Take Photoshop as an example, try to load xbox huge raw file, i.e try and allocate 1TB ram, oops can’t do it, WHY THE FUCK WOULD THE PROGRAM CRASH WHEN IT CAN DISPLAY "NOT ENOUGH MEMORY FOR THAT FILE" AND KEEP GOING?
This is why no one can take rust seriously.

[Anonymous]

>if only anything in Rust returned option or result instead of randomly panicking…
Now imagine a language where pretty much anything could throw an exception, return a type system ruining magic value not part of the function signature, maybe set a global flag somewhere and silently fail, or return a number you manually have to look up to know what it means.

[Anonymous]

The only thing that panics is alloc, so std. I don’t think that military software is gonna use std at all. Rust doesn’t alloc by default.

https://llvm.org/

>rust compiler is mostly written in sepples
>rust compiler is written in rust
>but muh the back end it uses is written in sepples so it means that it’s written in sepples
kys

[Anonymous]

the backend is part of the compiler anon-kun. you could even argue its the most important part

[Anonymous]

Backend is what actually generates real code than runs on bare metal
>and rust compiler has this part written in c++ because it just does okay, we could rewrite in rust anytime!

Choose from llvm, GCC, or cranelift (which is written in Rust).

[Anonymous]

>cranelift
that toy which got archived because trannies can’t into systems programming?

[Anonymous]

cranelift is not really a toy, it’s meant to be used as a jit compiler, not an aot compiler

[Anonymous]

>jit
so a toy

[Anonymous]

>no true scotsmanning a non sequitur
just for how long do you intend to keep digging?

[Anonymous]

cranelidt is archived repo, but since you don’t actually use it, it makes sense that you’d miss such an unimportant detail, waiting for Rust to be archived soon

[Anonymous]

which one do you choose?

[Anonymous]

Backend is what actually generates real code than runs on bare metal
>and rust compiler has this part written in c++ because it just does okay, we could rewrite in rust anytime!

[Anonymous]

>there is very little that an application can do normally

[Anonymous]

Are you really going to attempt to free up system resources and/or compact memory in some random non-critical application? I understand the need for that ability to exist, but in most applications crashing is the sensible [albeit still undesirable] solution.

[Anonymous]

[Anonymous]

also, rust is like 6 years stable, that’s basically still a new language, I wouldn’t expect strict military coding standards to exist yet, I don’t know why this surprises anyone

[Anonymous]

if it were relevant in the field the standard would already exist and it would already be used
>but it isn’t
>will never be
>just like you will never be a woman

[Anonymous]

how on earth do you expect a secure coding standard to just come into existence out of thin air for a new language?

[Anonymous]

when people actually use the tool, these things just happen to be made
>when will the realization kick in, chud?
oh no no no no

[Anonymous]

>when people actually use the tool, these things just happen to be made
correct, and I’m sure there will be a secure standard at some point
you’ve clearly never worked for the government, 6 years is basically no time at all, it’s not private industry. Rust probably won’t make it into any major projects there for at least another 5-10 years
and again, who cares what the military does? why is this a sticking point for anyone?

[Anonymous]

Who cares at all anyway? Use what you want. They all freaking work at the end of the day and what someone uses doesn’t affect you whatsoever.

[Anonymous]

>what someone uses doesn’t affect you whatsoever
then does Rust specifically, more than seemingly any other language, make some on LULZ seethe so freaking hard that it even exists, or that some people like to use it?

[Anonymous]

*why does

[Anonymous]

Because it’s community is a symptom of a current major social issue, and one that seems to be plaguing the tech industry the most.

LULZ also argues about which web browser to use every single day.

[Anonymous]

>just in 2 more weeks rust will replace C++
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
>just 2 more weeks!1one!!!

you skipped the other part. show me a non-toy project that gracefully catches out of memory exceptions and actually does something with them

>leak code of proprietary software
Anon, just remember, you said non-toy…

[Anonymous]

>just in 2 more weeks rust will replace C++
???

[Anonymous]

2 more weeks guys, in 2 more weeks rust will be viable in aviation!

[Anonymous]

source?

[Anonymous]

Where are you pulling this 2 weeks number from?

[Anonymous]

>code that may cause people to die needing standards is bad because it just is
reminder that even trannies wouldn’t date trannies

[Anonymous]

>code that may cause people
what?

every allocation can panic in Rust, such a great language

how is that a Rust problem? same thing can happen in C or C++, or any language. if you request more memory for an allocation and the OS can’t give it to you, what do you expect to happen?

[Anonymous]

C++ never panics

[Anonymous]

of course not, it throws an exception, which if uncaught will terminate the program, totally different
but please point me to a program that gracefully catches and handles an out of memory exception

[Anonymous]

>can’t into try catch

[Anonymous]

you skipped the other part. show me a non-toy project that gracefully catches out of memory exceptions and actually does something with them

[Anonymous]

You actually *can* catch panics.
https://doc.rust-lang.org/std/panic/fn.catch_unwind.html

[Anonymous]

>same thing can happen in C or C++
wanna know how I know you’ve never written a line of C?

[Anonymous]

>what do you expect to happen?
it returns a NULL pointer and you handle that however you want lmao scrotebrain

[Anonymous]

>over 100 rules to turn a crippled scrotebrain language into something that still doesn’t work
That’s because C is a toy language that sucks.
https://github.com/mortdeus/legacy-cc

[Anonymous]

with great power comes great responsibility.
just have a working brain and learn to avoid bad buffer manipulation.

[Anonymous]

what makes C/C++ more powerful than Rust?

[Anonymous]

write a complex piece of code in c++ (or even better in c) using all of its features and translate that directly to asm with pseudocode. break down everything into the most fundamental of instructions the cpu would understand. you may not like the result but what you will end up with is fake asm code that looks incredibly close to the actual asm code gcc or any other compiler would come up with. some things WILL be different and there may be extra code that can be cut down in either the actual or the fake translation.

now try and do that with rust. you can’t; unless you’re actively working on expanding and changing the language itself.

with rust you get "safe" code. with c you get pure freedom to do anything you want, hack or otherwise. now that’s
> t r u e
> p o w e r

[Anonymous]

>break down everything into the most fundamental of instructions the cpu would understand.
I didn’t know there were compilers that generated instructions the CPU can’t understand

[Anonymous]

>I didn’t know there were compilers that generated instructions the CPU can’t understand
literally freaking what mate?

hint: translate BY HAND and BY COMPILER and then compare. does that maybe help you understand what i mean?

[Anonymous]

I guess you’re good at predicting what asm the compiler will generate from your C code? good for you I guess?

[Anonymous]

ok ill explore this when i have more time IDA Pro can just autocreate the pseudocode youre talking about right? do i have to do it by hand like you told that other guy?

[Anonymous]

listen, you have no reason to do this. why you’d want to do a by hand translation of a piece of c code into, say, x86 asm to compare with the results of gcc is beyond me. it’s just that you can do it, it’s just one reason why c is the best.

as for ida pro, i have no idea what it offers but i’d guess it doesn’t do this, no.

[Anonymous]

>with c you get pure freedom to do anything you want, hack or otherwise

[Anonymous]

[Anonymous]

Yes. Rust is the future. C/C++ stopped innovating so that’s why Rust was created.

[Anonymous]

Rust innovation: find, grep, gpu terminal and SRS

[Anonymous]

C++ stopped innovating? Modules, concepts, coroutines, constexpr… Try doing a for-loop at compile time in Rust.

[Anonymous]

>Try doing a for-loop at compile time in Rust
Although C/C++ and Rust use the same keyword and all use it in loop constructs, that’s where the similarities end. The closest to a C/C++ for-loop you’ll find in Rust is a while-loop; which, coincidentally, are allowed in constant functions.

[Anonymous]

template<typename Type>
class Array
{
…

Type &operator[](int idx)
{
must(("out of bounds", idx < this->size));
return this->arr[idx];
}

[Anonymous]

what happens when idx < 0 dumfuck

[Anonymous]

there’s more to programming than just avoiding buffer overflow. rust can’t handle complex data structures without throwing unsafe {} around the entire program. there’s a reason that the rust compiler is mostly written in C++.

[Anonymous]

>rust can’t handle complex data structures without throwing unsafe {} around the entire program.
you’ve never written a line of rust in your entire life

[Anonymous]

there’s more to programming than just avoiding buffer overflow. rust can’t handle complex data structures without throwing unsafe {} around the entire program. there’s a reason that the rust compiler is mostly written in C++.

explain this please whos right

[Anonymous]

the person who still has a dick

[Anonymous]

>rust compiler is mostly written in c++
kys

[Anonymous]

https://llvm.org/

[Anonymous]

Rust is definitely more popular online and social media than with people actually shipping code. We’ve hired about 20 programmers in the past year and I’ve never heard Rust come up even as a topic. To say "Rust is the future" is quite premature. There’s a lot more to a language than memory safety by default.

[Anonymous]

Rust has a lot more to offer over C++ than memory safety. Cargo is absolutely amazing for having reproducible builds, for instance, because every library on crates.io is effectively locked in place. It is impossible to remove or update a library at version x.y.z, you can only make changes at a new version number. Moreover, since the same tool used for building is also used for package management, leaving instructions for building a program is as simple as "use rustup to install cargo, and then run the command cargo build".

[Anonymous]

>use rustup to install cargo, and then run the command cargo build
only for toy programs. anything more complex will still require other tools/libraries. just look at the setup page for servo lmao

[Anonymous]

>Rust has a lot more to offer over C++ than memory safety.
It’s not that Rust doesn’t offer more it’s that when it comes to replacing C/C++ there is a lot more to consider than memory safety.
>All you have to do is this one command
It’s never quite that simple in the real world.

[Anonymous]

You can do this exact style of package versioning with C++ using cmake and git.

[Anonymous]

you can do the same thing with conan for C++, we use it at work for most of our dependencies. it does the same thing, tracking dependency trees, segregating builds by version and build configuration, and allowing coarse or fine grained control of what versions to use

[Anonymous]

ook guys im not sure rust is that good i just saw this in another thread

[Anonymous]

She’s cute

[Anonymous]

It’s a lot easier to understand how to avoid the memory pitfalls of C/C++ than it is to understand a completely new paradigm like Rust.

[Anonymous]

Current industry is still using C and C++ an order of magnitude more than Rust. Most Rust libraries are in an experimental stage. C and C++ ecosystems are mature, well maintained time tested libraries exist for everything.
Rust is hopefully the future but C and C++ are never going away either.
Writing sepples in and of itdelf is a massive pain but dealing with an experimental Rust library in active development is not much better.

[Anonymous]

all rust libraries are copy paste from C libraries and sometimes just straight up a C library wrapped in ruschud interface

[Anonymous]

Don’t remember asking.

[Anonymous]

Use C and C++

[Anonymous]

>C and C++
not going to use C, chud

[Anonymous]

>C is noww chud
how scrotebrained are you?

[Anonymous]

always was

[Anonymous]

You’re gonna need to show that picture of the C++ conference trans chick.

[Anonymous]

leftychan falseflaggot.

[Anonymous]

LEARN ABOUT DIFFERENT BUGS

[Anonymous]

A language is not vulnerable, a programmer is.
If you write shit code, no programming language will save you, not even Rust.

[Anonymous]

>no programming language will save you
you’ve clearly never written Rust code. you have to go out of your way to create the same vulnerabilities that you can trivially do in C or C++ without being very careful, it will straight up fail to compile if you have common errors in your code
so yes, it can save you by forcing you to write correct code in the first place

[Anonymous]

Do you claim it is impossible to write vulnerable code in Rust?

[Anonymous]

no, it’s just harder to do, and it’s much safer by default. no language is invulnerable, even managed languages

[Anonymous]

[Anonymous]

The popular opinion on LULZ is almost always scrotebrained and wrong.

[Anonymous]

>buffer overflow
if you don’t stop making such mistakes after your first 5 years of programming then kys. scrotebrains always fret over things that aren’t issues to anyone competent and well-organised.
>oh no le memory management is sooo hard I need a free for every alloc this is too much a bloo bloo
lmao

[Anonymous]

Ctards have been making the same mistakes since C came out. They can have 30 or 40 years of experience and they make the same mistakes. It doesn’t matter who is using it, the language is designed to make those bugs easy.
>scrotebrains always fret over things that aren’t issues to anyone competent and well-organised.
That’s because anyone competent and well-organized wouldn’t use C.

[Anonymous]

Rust will come with its own minefield. All languages do.

[Anonymous]

first year guess i have four more to go

[Anonymous]

>oh no le memory management is sooo hard I need a free for every alloc this is too much a bloo bloo
this is much harder to do in non-trivial programs, not every allocation is immediately freed a few lines after it was used, or even within the same scope.
if it was a non-issue we still wouldn’t be having the same memory related bugs recreated over and over again after 50+ years of writing software. if this stuff was easy no one would bother trying to create GC languages or things like Rust in the first place

[Author]

Posts