Can C be Memory Safe?

Honestly though a video on how to make C memory safe by using gcc warnings, linters, and static code analysis would be very interesting
As much as I'd like to use rust and zig, I got legacy code, obscure embedded systems, untrained colleagues, and deadlines to deal with. So it'll be C for the foreseeable future

aeedi

I always treat warnings as errors. I hold myself to a very high standard. If resolving a warning requires sketchy shit, I step back and consider that I might be taking the wrong path.

elkvis

I tell people I like Rust because I'm a terrible programmer and I know it. So I need all the help the machine can give me, the more the better.

scheimong

Dude I just added tons of unsafe in my rust code to hit a deadline lol. So what language are you talking about that can solve the human issues

notoriouslycuriouswombat

Bad developers can write bad code in any language. Good developers write good code in whatever language they have. I've heard the idea kicked around that having better tools will somehow make bad developers better. I heard it said about C++, I heard it said about Lisp, Python and even Cobol. The reality is that a tool is just a tool, and every generation re-invents the same tools over and over again because they fundamentally misunderstand the reasons why the original tools became the way they are and mistakenly believe that those that came before them were collectively all stupid. It's hubris of the grandest sort, and ends the same way 99 times out of 100. The simple truth is that no one is born being a good coder, and it takes a lot of practical work to become good at it. That is why senior developers are worth more than junior coders: The junior developer will solve a problem, the senior developer will engineer a solution. If you don't know WTF I'm talking about, at some point in your career you will (if you stay with it long enough), and after that you will be a much better developer.

ericschumann

Good take! I find this issue similar to how people approached testing in the past. If you don’t have automated unit tests, then by design you allow devs to push code without running them. if you dont have tests in the release ci/cd pipeline same thing.

kasparpoland

The human problem is so real. I don't work in these lower languages, but in JavaScript I regularly have people committing code while bypassing the linters, skipping unit tests, and just not even bothering with any of the code quality processes. Then they wonder why I give them hell when they ask me why it isn't working.

C'est la vie. But yeah, having a language that prevents the author from doing stupid shit is immense. Part of the reason I really want to get into Rust and Go is because I can stop being the pedant, and let my compiler do it for me, lol.

penguindrummaster

Apart from memory safety I don't like Rust's syntax, I'd much rather a version of C that implements safety features over a completely different language with different concepts.

_M_

This is the problem that I keep arguing about with C and C++ developers... they pretend like humans don't do mistakes! For the love of whatever's valuable in your life, you never were tired one day and did a stupid mistake?! Are you that perfect????! If this isn't arrogance, I don't know what is.

lostphysicist

Literally! Unless you want to take the time to write a mathematical proof that your entire codebase is memory safe every time you push a change, you can never know for sure that it *is* memory safe.

Prowler

maybe the bad mentality is the deadline rushes?

shibii

Two letters. CI. You don't merge anything until it's tested, covered, sanitized, ... etc. Then there won't be any human factor

StdDev

Great argument for formal languages with strong type systems.

Tomyb

I feel comfort in knowing that my coworkers won’t steel my cookies because there’s a sentry gun guarding the cookie jar. Knowing whether they’d steel cookies in the sentry’s absence is irrelevant because don’t steel my cookies.

jeremybobbin

The problem with imagining that something can fully guarantee safety of any type, memory or otherwise, is that such guarantees involve solving the Halting Problem, often in several different places.

davidfetter

A LOT of processes have the implicit requirement "This only works if humans are perfect"
And they fail. Every time.

Doctors had a LOT of errors when we tried to make them just try harder. When we made processes with checklists and systems that acknowledge that humans are flawed we got the errors down.

mowinckel

But a different language still operates on the same computer. It's all a matter of what those languages allow you to do. If "C" let's you write bad code, but your BUILD ENVIRONMENT does not, then it shouldn't matter how inexperienced your devs are. Make your build environment reject their unsafe code the same way a Rust compiler rejects unsafe code. Rejected is rejected.

almightysapling

You can sort of do that with formal methods. But most teams in industry aren’t using them. Seems to be easier to provide programming languages that have the guard rails built in.

jkennethking

Honestly, I really want to do something in C just so I'll better understanding what can go wrong and stuff. Specifically I want to make an interpreted scripting language, like Lua, in C. The challenge would be to try and not have a ton of vulnerabilities due to lack of memory safety. I feel like it will help the understanding of newer languages like Rust, to have that experience. Unfortunately, most of my work is technical, so on my free time I prefer more creative endeavors. Might not happen for that reason, but it is tempting.

the-answer-is-

Our build process isn't going to let you skate a warning. Once it hits testing, it'll get kicked out, and you aren't in charge, so too bad for you. And Rust has the unsafe keyword, so if you are saying you can't skirt that, then why can't you enforce safer C? As for people making mistakes, are people here saying that Rust eliminates them? Also, Rust is uglier than hell and evil, but I'm not judgy 😅

preciselyvague