Something something history is a flat circle
-
Has Carbon been used anywhere noticeable? Last time I heard of it was when Google announced it few years ago, haven't seen anything getting written or ported to it, though I haven't read much into it so I might have missed many news.
It looks like a nice mix of some of the worst design choices of C++ with some of the most dubious choices of Rust.
-
How can you not have memory-safety while also having a garbage collector?
Garbage collection means that all objects live as long as you have a reference to it. Which means that you can only dereference a pointer to invalid memory if you willingly create an invalid pointer, or reinterpret the type of one pointer into another. Going out of bounds of an array counts as the first case.
If a language has garbage collection but no compiler/interpreter supports it, then the language doesn't have garbage collection.
For a start, having a garbage collector doesn't mean its use is mandatory, but even in a language where the garbage collector is mandatory, keeping an array alive as long as any references to it exist doesn't stop you doing things like getting muddled about its length and reading/writing past the end. Mandatory garbage collection only prevents temporal memory bugs like use-after-free, not spatial memory safety bugs like buffer overruns, which need to be prevented by other mechanisms like bounds checks.
-
For a start, having a garbage collector doesn't mean its use is mandatory, but even in a language where the garbage collector is mandatory, keeping an array alive as long as any references to it exist doesn't stop you doing things like getting muddled about its length and reading/writing past the end. Mandatory garbage collection only prevents temporal memory bugs like use-after-free, not spatial memory safety bugs like buffer overruns, which need to be prevented by other mechanisms like bounds checks.
As I said, I don't consider going out of bounds of a buffer a memory safety issue. Forcing the programmer to handle an out-of-bounds case every time there is an array access can be incredibly tedious. So much that not even rust forces you to do so. And if that language has iterators, it's even less of an issue.
I consider out-of-bounds array access to same as casting a pointer to another type. Just because a language lets you do it, it doesn't mean that it is not memory safe. It is a performance feature, since checking the bounds every time is always possible (and incredibly easy to implement), but also with too big of an impact when you could just check the length once per loop instead of per loop iteration.
-
I kinda disagree. The reason rust caught on is because it is much safer than C++ while having the same or even better performance. And in some contexts, being garbage collected means bad performance.
Before rust you could either have a fast language (C/C++) or a memory safe language (any other language. That is, languages with garbage collector). But if you required memory safety and peak performance, there wasn't any option.
Yes, the reason that rust is both memory safe and fast is because it has a borrow checker. But the borrow checker is the means, not the end.
The "better" performance is due to the built-in multi-threading support, and that functional programming makes it relatively safer to pull off. Otherwise single-threaded Rust is very hard to optimize.
-
As I said, I don't consider going out of bounds of a buffer a memory safety issue. Forcing the programmer to handle an out-of-bounds case every time there is an array access can be incredibly tedious. So much that not even rust forces you to do so. And if that language has iterators, it's even less of an issue.
I consider out-of-bounds array access to same as casting a pointer to another type. Just because a language lets you do it, it doesn't mean that it is not memory safe. It is a performance feature, since checking the bounds every time is always possible (and incredibly easy to implement), but also with too big of an impact when you could just check the length once per loop instead of per loop iteration.
wrote on last edited by [email protected]buffer overflows are critical for memory safety since they can cause silent data corruption (bad) and remote code execution (very bad). Compared to those a "clean" unhandled runtime error is far preferable in most cases.
-
I tried programming in D a little. Wasn't bad. Just up against industry giants.
I was looking for a "C with strings" and D seems to be about it.
-
This post did not contain any content.
K&R started with BCPL as their base of inspiration. They then made B, and then C. The followup should be called P.
-
K&R started with BCPL as their base of inspiration. They then made B, and then C. The followup should be called P.
-
As I said, I don't consider going out of bounds of a buffer a memory safety issue. Forcing the programmer to handle an out-of-bounds case every time there is an array access can be incredibly tedious. So much that not even rust forces you to do so. And if that language has iterators, it's even less of an issue.
I consider out-of-bounds array access to same as casting a pointer to another type. Just because a language lets you do it, it doesn't mean that it is not memory safe. It is a performance feature, since checking the bounds every time is always possible (and incredibly easy to implement), but also with too big of an impact when you could just check the length once per loop instead of per loop iteration.
If you're going to change the definition of words, it's pretty easy to show that garbage collection on its own is sufficient, but it's not possible to have a useful conversation if someone's using their own personal definition of the terms being discussed. The generally accepted definition of memory safety includes deeming out-of-bounds accesses and other spatial memory safety issues unsafe.
-
Does Ada have a capability as powerful as the borrow checker?
I’ve never used Rust but from my very cursory knowledge of what the borrow checker entails, it wouldn’t add so much to Ada.
Use of pointers is already strongly discouraged by the simple fact that the language is designed to rarely truly need them. Besides, the compiler itself chooses automatically whether to pass data by value or by reference depending on the required results and what is most efficient. You can also specify parameters passed to a function as read-only. Finally, another thing that Ada does to prevent yourself shooting in your foot is to enforce strong encapsulation of functions and data.
Overall, one way to put it in simple terms is that Ada requires the programmer to give enough information to the compiler so as to ensure that it actually outputs what you want it to, which as far as I understand, is sort of what the borrow checker is there for. The downside to the Ada approach is that it is very verbose, but with the kind of code editing capabilities we have nowadays it’s certainly not as much a hassle as it was when Ada came out.
Anyways, I suspect that both languages are different enough in overall paradigm that trying to solve problems in Ada the way you would in Rust would probably be quite frustrating and give rather poor result.
-
If you're going to change the definition of words, it's pretty easy to show that garbage collection on its own is sufficient, but it's not possible to have a useful conversation if someone's using their own personal definition of the terms being discussed. The generally accepted definition of memory safety includes deeming out-of-bounds accesses and other spatial memory safety issues unsafe.
With your definition this conversation doesn't make sense though. Since rust's direct array access doesn't perform bounds checks when building in release mode. And it doesn't require using unsafe.
-
With your definition this conversation doesn't make sense though. Since rust's direct array access doesn't perform bounds checks when building in release mode. And it doesn't require using unsafe.
That's not what Rust's documentation says. It does a compile-time bounds check if it can prove what the index might be during compilation, and a runtime bounds check if it can't. In release mode, it tries harder to prove the maximum index is below the minimum length, but it still falls back to a runtime bounds check if it can't unless you use
get_unchecked, which isunsafe. -
How can you not have memory-safety while also having a garbage collector?
Garbage collection means that all objects live as long as you have a reference to it. Which means that you can only dereference a pointer to invalid memory if you willingly create an invalid pointer, or reinterpret the type of one pointer into another. Going out of bounds of an array counts as the first case.
If a language has garbage collection but no compiler/interpreter supports it, then the language doesn't have garbage collection.
wrote on last edited by [email protected]I've gotten segfaults in python with only the standard library
-
K&R started with BCPL as their base of inspiration. They then made B, and then C. The followup should be called P.
Some people really suck at coming up with names for their programming languages. There are so many single letter languages (B, C, D, E, F, J, K, V...) that it really makes one wonder what the fuck is wrong with them
-
It looks like a nice mix of some of the worst design choices of C++ with some of the most dubious choices of Rust.
Oh, so it's a contender against Brainfuck
-
This post did not contain any content.
Zig or V could've been shown instead of Carbon (the lone C)
-
Some people really suck at coming up with names for their programming languages. There are so many single letter languages (B, C, D, E, F, J, K, V...) that it really makes one wonder what the fuck is wrong with them
These days, search engine optimization tends to force new single letter languages into obscurity. Even Go would have issues there if Google hadn't been behind it.
-
These days, search engine optimization tends to force new single letter languages into obscurity. Even Go would have issues there if Google hadn't been behind it.
Even in the early 2000s, those single letters would be awful as lone search terms
-
I’ve never used Rust but from my very cursory knowledge of what the borrow checker entails, it wouldn’t add so much to Ada.
Use of pointers is already strongly discouraged by the simple fact that the language is designed to rarely truly need them. Besides, the compiler itself chooses automatically whether to pass data by value or by reference depending on the required results and what is most efficient. You can also specify parameters passed to a function as read-only. Finally, another thing that Ada does to prevent yourself shooting in your foot is to enforce strong encapsulation of functions and data.
Overall, one way to put it in simple terms is that Ada requires the programmer to give enough information to the compiler so as to ensure that it actually outputs what you want it to, which as far as I understand, is sort of what the borrow checker is there for. The downside to the Ada approach is that it is very verbose, but with the kind of code editing capabilities we have nowadays it’s certainly not as much a hassle as it was when Ada came out.
Anyways, I suspect that both languages are different enough in overall paradigm that trying to solve problems in Ada the way you would in Rust would probably be quite frustrating and give rather poor result.
The borrow checker is a lot deeper than merely making pointer use a bit safer; it provides a model for data ownership based on affine types.
Also, to the extent that "Ada requires the programmer to give enough information to the compiler so as to ensure that it actually outputs what you want it to," if I understand you correctly, that is basically true of every language with a static type system. At the extreme end, we have dependently typed languages which essentially let you express arbitrary mathematical propositions in your types and, if the program compiles, then you know that they will always be satisfied without having to do any checks at runtime.
-
These days, search engine optimization tends to force new single letter languages into obscurity. Even Go would have issues there if Google hadn't been behind it.
That's why you put the "-lang" postfix if you have issues with searching for documentation of functions, etc.
