Comment by simonask

Comment by simonask a day ago

14 replies

View on Hacker News

C is entirely as complicated as Rust, if your goal is to write correct software that doesn't crash all the time. It's only a syntactically simple language. Actually making anything interesting with it is _not_ simple.

kstenerud a day ago

Quite right. I have 35 years of C under my belt. I can write it in my sleep.

But even so, I can't for the life of me write C code that's as safe as Rust. There are just too many ways to make subtle little mistakes here and there, incrementing a typed pointer by a sizeof by mistake thinking it's a uintptr_t, losing track of ownership and getting a use-after-free, messing up atomic access, mutex deadlocks oh my...

And that's with ALL warnings enabled in CLANG. It's even worse with the default warnings.

Reply View 0 replies
sothatsit a day ago

It depends on the project. Most of the projects I write in C are very simple, and getting them to work reliably is really not a problem at all.

If you are writing more complicated or "interesting" programs, then I agree, C doesn't give you a good set of tools. But if all you are writing is small libraries or utility programs, C is just fine. In these cases, Rust feels like pulling out a sniper rifle to shoot a target a meter in front of your face (i.e., overkill).

If you are writing complex, large, or very mission-critical programs, then Rust is great to have as a tool as well. But we don't have to take such a black and white view to think that Rust is always the best tool for the job. Or C or Zig or whatever languages for that matter.

Reply View 0 replies
uecker a day ago

Most software I use daily on my Linux system is actually written in C and I can't remember any of it crashing in the last decade or so.

Reply View 3 replies
  • simonask a day ago

    Yeah, a ton of engineering hours went into making that happen.

    Reply View 2 replies
    • uecker a day ago

      I also write C all the time, and it does not crash. There are certainly memory safety concerns with C, but there are also certainly many programmers that can write C code that does not crash all the time.

      Reply View 1 reply
      • antonvs 11 hours ago

        Survivor bias and selection bias. The list of CVEs tells a different story.

        Reply View 0 replies
taminka a day ago

https://github.com/oxidecomputer/omicron/blob/5fd1c35/nexus/...

Reply View 7 replies
  • simonask a day ago

    I don't think a 100-line function signature is representative, but I will point out that the alternative is at least 100 lines of runtime checks instead. In both cases, what a nightmare.

    Reply View 0 replies
  • jeroenhd a day ago

    Typing code from hell for sure, but how would you write an API with the same guarantees in C? Some kind of method specific struct that composes all other kinds of structs/unions to satisfy these requirements?

    Reply View 0 replies
  • kelnos a day ago

    To me that's more an indictment of Diesel than of Rust. I've been using sea-orm for a project I'm working on, and my (generic) pagination function is a hell of a lot simpler and readable than that one.

    Reply View 0 replies
  • viraptor a day ago

    This is an extremely generic interface to some meta magic DSL. It's complex but not really that complicated and yeah, it's going to be a bit long. But that's going to happen in every language where you rely on types for early validation.

    Reply View 0 replies
  • lll-o-lll a day ago

    Yuck. I thought some of the signatures you end up with when building “Modern C++” in the Andrei Alexandrescu style were hairy, but this looks sick. Not in a good way.

    Probably does something cool for all that crazy though?

    Reply View 1 reply
    • jeroenhd a day ago

      Every requirement on the types is commented on why it's necessary.

      This is a generic method in the middle of some database DSL code that does a bunch of SQL operations on a type safe manner. Code like this takes "SELECT ?+* FROM ?+* WHERE ? ORDER BY ?+* LIMIT ? OFFSET ?", specifically the limit and offset part, and returns a type that will always map to the database column. If the query is selecting a count of how many Foo each Baz references, this will map to a paginated Foo to Baz count type.

      The alternative is to manually write this stuff out in SQL, then manually cast the right types into the basic primitives, which is what a language like Zig probably does.

      You'll find similar (though sometimes less type-safe) complex code in just about any ORM/DSL, whether it's written in Java or PHP.

      I don't think you can accomplish this in C without some kind of recursive macro parser generating either structs or maybe function pointers on the fly. It'd be hell to make that stuff not leak or double free memory, though.

      Reply View 0 replies
  • norskeld a day ago

    As a TypeScript developer experienced in type-level acrobatics, this looks just fine...

    Reply View 0 replies