74
Feds: Critical Software Must Drop C/C++ by 2026 or Face Risk
(thenewstack.io)
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Follow the wormhole through a path of communities !webdev@programming.dev
I think you could argue the same point with C++
Neither foo(), nor add_missing_values() looks suspicious. Nonetheless, if
v.push_back(3)
requiresv
to grow, thenref
becomes an invalid reference andstd::cout << ref
becomes UB (use after free). In Rust this would not compiles.It is order of magnitudes easier to have lifetime errors in C++ than in Rust (use after free, double free, data races, use before initialisation, …)
This would be caught by ASan and other tools though, which should be part of any review.
I think you have a hard time understanding the différence between "not possible" and "much harder".
In Rust, the code does not compile.
In C++ the code compile, but
... then the bug will be caught.
Yes it is possible, noone says the opposite. But you can't deny it's harder. And because its harder, more bugs get past review, most notably security bugs as demonstrated again and again in many studies. The
That's why I did not said it was impossible, just order of magnitude harder to catch in C++ compared to Rust.
To have asan finding the bug, you need to have a valid unit test, that has a similar enough workload. Otherwise you may not see the bug with asan if the vector doesn't grow (and thus
ref
would still be valid, not triggering UB), leading to a production-only bug.Asan is a wonderfull tool, but you can't deny it's much harder to use and much less reliable than just running your compiler.