this post was submitted on 26 Feb 2024
266 points (96.5% liked)
Programming
17326 readers
170 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
C++ can have excellent performance without ever using a single pointer and avoiding unsafe functions like
gets()
- this isn't necessarily a judgment on language - it's a judgement on bad programming habits.Pointers fucking suck, in a modern C++ codebase everything should be pass by value or const/mutable ref. To my preference I'd rather drop mutable refs to force everything to be more functional but whatever.
I mean that's just the problem with C++. There's 17 different ways to do things, 2 are always wrong, 14 are contextual, and 1 is reserved for super special cases
And the one you choose is always the one that's weak to the specific vulnerability you didn't think of!
Pointers suck in C++. In other languages every single variable is a pointer and it works perfectly with no memory bugs and great performance.
Pass by value often uses too much memory. Especially if you have a bunch of simultaneous functions/threads/etc that all need to access the same value at once. You can get away with it when your memory is a few dozen integers, but when you're working with gigabytes of media... you need pointers. Some of the code I work with has values so large they don't even fit in RAM at all, let alone two or three copies of them. Pass by value could mean writing a hundred gigabytes to swap.
That's one reason I mentioned pass by reference "smart" languages will do it automatically depending on the size of the argument, some languages (including my beloved PHP) even have a copy-on-edit functionality where everything is technically passed as a mutable reference but as soon as you mutate it (unless it was explicitly marked as a mutable reference) it will copy the original object and have you edit the copy instead of the original.
Is being explicit about when copies happen almost always a good thing - yea the overhead of that system is undesirable in performance sensitive situations - but for a high level scripting language it's quite nice.
The way PHP does it is oddly smart
Working with habits is just not good enough. C++ has far too many footguns to be considered a safe language and there are frankly objectively better modern alternatives that you should use instead, perhaps except if you have a really large legacy code base you can't replace (but even then, consider calling into it via FFI from a safe language).
Even if you tried to actually enforce these habits, you'd just end up inventing a new language and it would be incompatible with previous C++ too.
C++ is not a viable language for the future.
I get kinda bad vibes from this comment and I'd like to explain why...
If somebody said "We're building a point of sale terminal and to make it secure we're going to be using C++" I'd probably have a dumbfounded expression on my face unless they immediately continued with "because there are libraries we can lean on to minimize the amount of code we need to write."
C++ has an extremely mature ecosystem - Qt is essentially it's own language at this point! There are reasons to still consider building in C++ and saying "C++ is not a language for the future" feels dogmatic and cargo culty to me. Algol, Cobol and Fortran still have programming communities and while I agree that C++ is outsized in presence for the danger it presents there are still good reasons to choose it for some specific domains - high performance graphical programs being one of those in particular.
C++ has a plethora of foot guns and you need to be aware of them but when you are they're easy to avoid in fact your quote:
Is probably the thing I agree most with - well built C++ isn't incompatible with regular ol' C++ but it feels like a different language... but as a not too old old-man-developer different projects often feel like different languages - each company/project has tools and libraries they use and it'll cause code written in the same language to read really differently... I'm a functionally oriented programmer with a pretty particular style, my C++, Python, Java, PHP, Node and Rust all look nearly the same except for language specific peculiarities.
So yea, discipline is needed and nobody's default choice should be C++ but if you follow best practices your C++ can be quite safe.
... that all said... I fucking hate the concept of definition files being sseparate from code files so I'm not going to use C++ anytime soon.
If I was giving a tour of my kitchen and it included phrases such as "avoid using the leftmost cabinet of any set of two", "the freezer doesn't work but the fridge can be set to the same temperature", or "the oven has been deprecated, just use the microwave", you'd rightfully gtfo. Why is this acceptable of a programming language??
Even references aren’t safe in C++ though, since there’s no borrow checker. Unless you copy everything or use reference counting types everywhere, you’ll still hit plenty of memory-violating footguns. But at that point, why use C++ at all?
A big difference between rust and C++ is that in C++ you say "everyone should passing by value or const ref (mutable ref if needed)".
In rust, the default is passing by value. The default refs are consts, you have to explicitly make them mut, and the compiler will warn you if you don't mutate a mut parameter.