On Sun, Jul 4, 2021 at 8:22 PM Larry McVoy <lm(a)mcvoy.com> wrote:
We both love C, we are both disciplined enough to
write
maintainable/extendable code in C, it works for us. We really clicked
over our love of C.
Are you really sure that all the C code the two of you have written in your
careers carefully avoids all 191 kinds of undefined behavior in C99 (the
number has grown since then)? Give me leave to doubt it.
Consider this example from an earlier version of the Linux kernel:
static void __devexit agnx_pci_remove (struct pci_dev *pdev)
{
struct ieee80211_hw *dev = pci_get_drvdata(pdev);
struct agnx_priv *priv = dev->priv;
if (!dev) return;
... do stuff using dev ...
}
The trouble here is that dev is used before it is checked for being a null
pointer. In Java, you'd have a NullPointerException. In C, "gcc -O2"
will
make this analysis:
Case 1: dev == NULL. This is undefined behavior and the compiler has no
obligations.
Case 2: dev != NULL. Since dev can't be null (the compiler always assumes
the programmer did not intend to use UB), the check can be removed.
The result is that there is no check for NULL in either case, the compiler
is silent, and since this is the kernel, dereferencing NULL probably pwns
your system. So whereas things that were technically UB used to work more
or less as you'd expect them to, nowadays they work as *nobody* expects
them to.
This is the result of the three values of C programmers: (1) fast
execution, (2) fast compilation, (3) I lied; there is no (3). And as
optimizers get better and better, the number of UB-related disasters
increases. (The same is true for C++ compiler developers, except that they
sometimes prioritize (2) over (1) because benchmarks.)
If I had infinite energy and money, I would fund a
dialect of C that
made it more useful.
See <https://blog.regehr.org/archives/1287>, about how an attempt to reduce
the amount of UB int C failed because nobody could agree with anybody else
on what changes to make.
For all its faults, C++ is the closest to a modern
language that sort
of fits with what I want
C++, is it? C++2011 has 203 UBs.