Zig vs Rust. Which one is going to be future?
I think about pros and cons and what to choose for the second (modern) language in addition to C.
Honestly C is the future. I don’t know why people would move from C to any other language. It does the job well enough that there’s no reason not to use it.
Think about it. Every modern application depends on a piece of code written in C, not Rust or Zig or any other language (except assembly). It can be used to solve any problem, and works in more places than any other language.
These arguments about “security” and “memory safety” are all pointless anyway in the face of modern code scanning tools. Cross-platform dev can be done trivially with preprocessors. If that’s not enough, I don’t know what to say. Get better at writing C obviously.
Lifetimes and UB should all be kept in mind at all times. You can explicitly mark lifetimes in your C code if you want using comments. Any index-out-of-bounds bugs, use-after-free, etc are just signs that your team needs more training and better code scanning utils. Write more tests!
Anything more complex than a simple
typedef
is just a sign that you’re over-engineering your solution.is both simple, and does exactly what you’d expect any reasonable language to do - paste your referenced code inline. It’s genius, and doesn’t require any complicated explanations on namespaces and classes and subclasses and so on.
So which will be the future? C obviously.
/s
The number of people that genuinely believe this ( I saw the /s) … Tells me that they haven’t written any useful C or C++ code
… or worked in a large team with juniors and members coming and going over a long period of time.
Or worked on a similar team where the C & C++ was mostly written over a decade ago by dudes in another country who loved multi threading, and some of the “new” features were half-completed about 5 years ago, and nothing is documented, and oh yeah not a single person who did any of that still works at the company. Team is made of great people but all have been here for 0-3 years.
The idea of Rust being roughly as fast and low level as C++ but with improvements to memory safety and concurrency sounds heavenly. I know it’s in the back of most of our minds to look into it for the next big project.
I’m not going to say that C is unusable by any means (and I’m not saying you are saying that). It’s a perfectly usable language. I do think that more people would benefit from exploring other options though. Programming languages are tools, not sports teams. People should familiarize themselves with many tools so they always have a good tool to use for any job.
I think a lot of people believe this because there is some truth to parts of it. I think we see languages like Rust and Zig (and others) popping up to try and solve specific problems better than others.
As for OP’s post, there is no single “C successor” or anything like that. People will use the best tool they know of for the job whether that’s C, Rust, C++, Zig, Python, C#, etc. Many languages will “replace” C in some projects, and at the same time, C will replace other languages in some projects (likely to a lesser extent though).
(Not /s this time)
Oh completely. C is here to stay, C has surpassed language and become protocol cause of libc being so centric to Unix like languages. But it needs to be done carefully and thoughtfully. The other languages are solving some of the pain points C has which I think a lot of people would be better off using than C.
Down that path C may become somewhat of an intermediate representation language for binary interfaces. No one would write it by hand, and maybe for the better
You got me in the first 3 quarters, not gonna lie!
Rust. It’s a qualitative improvement over the old ways.
The future won’t belong to Rust itself, but one of its descendants. Rust is too clunky to be the ultimate expression of its best ideas.
In what ways do you feel Rust is too clunky and how do you think it could be improved? Not looking to argue or even disagree necessarily; I’m just curious where that perspective comes from.
Async is weird, and the generics salad stuff is clunky.
Just my gut feeling as well.
Here’s some of my personal complaints. I don’t in general know how to fix them.
-
proc_macros need their own crate
-
generics cause problems. Many useful macros can’t handle them. Try using a generic that’s a complex async function, then pass a closure to it.
-
There’s this kind of weird mismatch where sometimes you want an enum wrapping various types, and in others generics. I find my data flows switching back and forth.
-
async in rust is actually really good, but go does it better. I don’t think rust could match go without becoming a different language.
-
Traits are just a big mess. Trait implementations with generics have to be mutually exclusive, but there aren’t any good tools to make them so. The orphaned trait rule is necessary to keep the language sane but is incredibly restricting. Just today I find certain a attribute macros for impls that doesn’t work on trait impls. I guess I have to write wrappers for every trait method.
-
The “new type” pattern. Ugh. Just make something like a type alias that creates a distinct type. This one’s probably easy to fix.
-
Cargo is truly great, but it’s a mystery to me right now how I’m going to get it to work with certain packaging systems.
To me, Rust is a bunch of great pieces that don’t fit together well.
- Cargo is truly great, but it’s a mystery to me right now how I’m going to get it to work with certain packaging systems.
Yeah, Cargo itself doesn’t deal with any of the bundling after the executable is built.
For that stuff, the efforts are certainly still ongoing. There’s no grand unified tool yet.
If you just want e.g. a DEB file, then you probably want this: https://crates.io/crates/cargo-deb
But if you want to do more in CI, then there’s kind of three popular options that I’m aware of.
just
: More or less a shell script runner, and kind of likemake
.cargo-make
: A lot of effort has been put into this, it’s certainly got a good amount of features, but personally not a fan, since it makes you write a custom TOML format and then ideally you should be writing a custom script language, DuckScript. You can also use Rust scripts with it, which we tried, but there was just no way of passing parameters between tasks.cargo-xtask
: This is not a tool, it’s a pattern, basically just build your own build tool. It does have its downfalls, you’re not going to build good caching into your own build tool, for example. But in principle I find this quite workable, as you get to write your CI code in Rust. There’s also more and more community-made libraries to aid with that.
Thanks, I’ve save your comment. I haven’t heard of any of these.
Great suggestions! One nitpick:
But in principle I find this quite workable, as you get to write your CI code in Rust.
Having used xtask in the past, I’d say this is a downside. CI code is tedious enough to debug as it is, and slowing down the cycle by adding Rust compilation into the mix was a horrible experience. To add, CI is a unique environment where Rust’s focus on correctness isn’t very valuable, since it’s an isolated, project-specific environment anyway.
I’d rather use Deno or indeed
just
for that.
Rust is a bunch of great pieces that don’t fit together well.
That might change over time.
-
Have… you met C?
Do tell.
That guy that causes pretty much every major code based security vulnerability?
What does Rust improve over its predecessor? The only really new thing is the borrow checker, which is only useful in very low-level programming.
It also has real type safety and thread safety.
What do you mean by its predecessor? C++? I think rust has a bunch of advantages. For one, designing a new language today gives you the benefit of hindsight meaning that they have a more cohesive set of features and a nicer standard library compared to C++ that has some bloat and cruft as a natural result of it evolving over several decades. It’s also much easier to reason about undefined behavior in rust thanks to
unsafe
. Algebraic data types are really nice and traits are better than classes.The borrow checker isn’t just useful for low level programming. One of the other main selling points is “fearless concurrency” or essentially the fact that the borrow checker can help you reason about thread safe vs non thread safe data.
Does it need more than the borrow checker if it’s a game changer?
Unless Zig starts its own cult, I feel Rust will win in the end.
The thing with rust is that it is awesome. It does exactly what it promises and everyone keeps going on about.
If you want to talk cult talk to c developers. They are so indoctrinated. They say things like “undefined behaviour is fine you just have to code around it” “it’s great there’s almost no surface area to the standard lib as you can now trust your fellow developers to perfectly write all constructs” “yeah it causes uncountable security vulnerabilities (even when written by it’s foremost experts) but that’s unskilled developers and not a language problem”
Zig is a modern C. Rust is a (modern) alternative to C++. So two different languages can exist alongside each other, just like C and C++.
Google has already started to use Rust in their android operating system. Linux started getting Rust stuff. Rust has the speed of C/C++ while having memory safety. Zig does not have the same memory safety as Rust, it’s a mere C/C++ alternative. Does that answer your question?
Is zig memory safe by design? If not, rust will “win”. Large companies aren’t going to hire for an unknown or unpopular memory unsafe language when they already have C or C++ - there’s just no contest.
Last I read, zig didn’t even have a standard string library. Unless that changes, it won’t even be a viable alternative to C/C++.
Edit: I checked and got this
the Zig language, like C, entrusts memory management to humans, placing full trust in human development. Zig then provides some memory safety checks to ensure memory safety. However, it still lacks the strict compile-time guarantees of Rust’s ownership system and borrow checker. Therefore, when writing Zig code, developers need to pay more attention to potential memory safety issues and ensure that errors and exceptional situations are handled correctly.
- Zig uses allocators, which will inform you if you are leaking memory.
- Zig comes with defer/errdefer to simplify the resource cleanup (and for ergonomics).
- Zig comes with Optionals to manage nulls.
- Zig comes with slices (ptr + size) to manage all the bound-checking.
- Zig automatically check for overflow/underflow arithmetic.
- Zig will check for pointer alignments when casting between pointer types.
=> Zig is designed to make you do it right easily, and very hard to do it wrong.
In other words, Zig will let you be, but warn you when you are doing something wrong, where Rust is like Karen who is always screaming at you for every word you are typing.
To summarize, you really need to /want/ to fuck up to fail your memory management… If after all that you still can’t manage your memory, it might be better for you to look for another carer.
Something is sure thou, Zig is very safe - just as it’s safe to cut my veggies with a knife. I might cut a finger and bleed a little bit, but I will not use plastic knife “because it’s safer”.
Moreover; You are talking like if Rust is safe, all the time, which is not true in reality:
52.5% of the popular crates have unsafe code. Therefore, in an average real-world Rust project, you can expect a significant number of the dependent crates to have unsafe code – Source
Basically, you’re comparing a hypothetical world where Rust is always safe to a superficial glance at Zig’s capabilities to claim a “winner” here.
And for the String library… Are you fucking serious? Do you want to compare the Zig’s Std library versus the famously tiny Rust Std library? Really?
A crate having the
unsafe
keyword doesn’t make the crate unsafe. Theunsafe
keyword just tells the compiler: “I know that what I’m trying to do may lead to memory safety issues, but I, as the programmer guarantee you that the codeblock as a whole is safe, so turn off some of your checks”.Using the
unsafe
keyword in rust is no much different than using a C library in rust.It’s when you’re at the point of saying that unsafe is safe, it’s the point where you should just shut it up kid…
I don’t know why you are being so rude. I thought it was the rust community that was known for being toxic?
It’s not my opinion on what the
unsafe
keyword means. That’s its purpose. Nobody ever wants to write unsafe code on purpose. Theunsafe
keyword was created to allow safe programs to be created in rust that wouldn’t be accepted by the strict rust compilers.In a Venn diagram, there are 2 circles: safe programs (1) and programs that are deemed safe by the rust compiler (2).
Circle 2 is smaller than circle 1 and entirely contained inside it. However, there is no reason to not let people write programs from circle 1 that aren’t in circle 2. The
unsafe
keyword exists to enable programmers to write those programs in rust. However, it comes with a warning, now the programmer is the one responsible for making the program inside circle 1.Ok I understand now. You are right. Thank you.
Since you’re asking today the answer is Rust because it is already more mature. In 5-10 years if you asked them the answer might be different if zig sticks around.
This is no shade against zig! It’s just very new. It doesn’t have a 1.0 release yet.
Also, they’re very different languages with very different goals. They aren’t necessarily competing in the same space.
Isn’t exactly this kind of thing what is mostly responsible for the demise of Perl?
As I heard it told, the developers of Perl worked so long & hard on the next version after Perl 5, but then veered off to make a new language (Raku) and despite the reality being otherwise, people feared so much that Perl would die (i.e. that 6 would never materialize) that in the meantime “everyone” had switched to Python (despite it clearly being an inferior language - hehehehe:-P).
So that would be a “con” I suppose, if fights over which language is better ends up diluting efforts to work on or with either.
the demise of Perl
You imply this is a bad thing
I have never quite understood this mode of thinking - I think it must be an imprecise statement. Yes, improper usage of Perl coding can be bad, but then so too can C/C++ with e.g. improper memory management? Yet, I don’t see people knocking down doors to learn the memory-safe Rust (and e.g. thereby be able to contribute to the Lemmy codebase), probably bc despite it being “better”, it also has a steep learning curve (and I don’t even know but I would assume: even for someone who already knows C?). Instead, people seem to want to learn Go, or Java - okay so that’s a rabbit hole b/c they are for entirely different purposes, but anyway I mean that each language has its own balance of trade-offs.
So while on the one hand the worst-case scenario from a poor coder for Perl seems significantly worse than for Python, there are also benefits too: doesn’t Perl run up to 20x faster than Python, which is why many places e.g. booking.com have chosen to use it? In the hands of an experienced person, perl code is quite readable, while in contrast, I just absolutely HATE aspects of Python such as whitespace delimiting and the package management, plus I don’t know if I am imagining things (is is likely) but the code just seems to me to look obtuse, by comparison.
Sometimes I’ll use awk, other times I’ll bump that up to a Perl one-liner or even full script, still other times demand Python or for number-crunching full C/C++, or Java for whatever reason, but… for things that you want fast & easy, I don’t really see Perl as “bad”? Granted, it shouldn’t be someone’s first language these days, compared to C or Python, but what is wrong with it, like awk, continuing to exist these days? Especially if it’s not in a production environment.
I’m listening.
Collaboration is a fact of life in software development.
Therefore we must choose tools based not on a single developer’s preference, but by what their colleagues can use effectively.
- Tools that are easy to write bugs with (C/C++)
- Tools that are hard to learn (Perl)
- Tools that are hard to hire for (Perl, Ruby)
All of these should be fixed or shunned in favor of languages that are easier to hire, easier to learn, and easier to debug.
So *I* who am careful to write readable and safe code, have to use a non-preferred language preference b/c someone else cannot handle using it properly?!
Sadly, that is the realization that I have come to as well. A chain is only as strong as its weakest link and all that… but no, really, that’s true, b/c modifications are likely to be made at some point (kinda biasing towards production there but even so, answers with perl one-liners on e.g. StackOverflow are ubiquitous, but someone would have to know the language to be able to modify them to suit their specific use-case, so also not at the same time).
Fwiw I really did not think that Perl was hard to learn - though that was coming from the likes of assembly, various Basic styles, C/C++, and having already learned regular expressions via Unix e.g. grep and awk and sed. “Regular expressions” are quite a steep learning curve, though that’s not the same thing as Perl, and quite frankly Perl is the undisputed (iirc?) master of them all, so whether someone wanted to write Perl without those, or wanted to do try to do regular expressions without Perl, either way Perl seems good for having included regular expressions, not something to penalize the entire language for. Also, C/C++ (and Rust) has a bit of a known learning curve as well…:-) Though indeed it’s entirely fair to say that if someone were to pick just one language, then I would be hard pressed to find any justification for that being Perl. C/C++, Java, Python - all of these, depending on the situation, are fine choices, whereas Perl is absolutely niche.
But even so, why would it follow that it would necessarily be a good thing if Perl, or let’s say awk, would fully “go away”? I kinda see Perl and awk as being in the same boat these days - both niche and powerful, yet both steadily becoming obsolete? Just b/c something else is “better” doesn’t mean that everything else must die. Except, as you mentioned, for reasons of collaboration and thus code-reuse. Even there though, putting all of our eggs into a single basket scares me: what if tomorrow Microsoft, or Google, decides to purchase the rights to Python and suddenly control that entire industry sector in one fell swoop?
Personal projects vs everything else:
Did you want to collaborate with other people? Use something other people like.
Good advice:)
So I who am careful to write readable and safe code
I just want to point out that it’s hard to be sure your code is readable if you don’t work with a team. More than once I saw people write “readable” code that was not readable. My own code I deemed “readable” was in fact not, as time had shown when I returned to fix something. So, the cited part looks a bit arrogant 😅
Fair - and in fact doubly so bc even code that is readable in a language that someone else does not know (well) isn’t so “readable” by definition. i.e. “readable by someone who knows the language” != “readable by most developers”.
Though having to rediscover how our code works is something shared by all languages. Perl does allow the worst there though.
Isn’t exactly this kind of thing what is mostly responsible for the demise of Perl?
Perl died because better tools became available.
Python is not better in every way, it’s just more general-purpose, so has a wider range of applicability.
Also more people use it, though by that logic we should all be forced to use Windows bc everyone else does as well?
And Perl both still exists and is actively maintained, so it “lost prominence” rather than “died”.
And Perl both still exists and is actively maintained, so it “lost prominence” rather than “died”.
Okay, but you’re the one who called out “the demise of Perl”. Have you changed your mind? I was just responding to your question.
For what it’s worth, I think you were right about that: Perl is dead, in the sense of no longer growing or even maintaining the reach it once had. Other languages are overwhelmingly chosen for new code, while Perl has mostly fallen into disuse outside of people who learned it in its heyday and haven’t moved on, and irrelevance outside of legacy systems. It might not be quite as much a dead language as Latin (which also still exists and sees some use) but it’s well on its way there.
Haha, oh yes, definitely not only not actively growing anymore but fully actively declining instead - those internal politics mattered more than the actual language issues themselves, once again. Every time I see another Python update and how very many things they break, I think that thought again. Tbf newer updates breaking older code happens even with C++ too - backwards compatibility affects just everything - though the whole Python 2 vs. 3 definitely still rankles me.
I guess I’m still having emotional trouble letting it go - but that is an absolutely perfect example of Latin, still spoken yet most definitely also considered “dead” at the same time. I guess this about sums it up:
Who wants oxidised Metal when you can take off every Zig! You know what you doing!? Move Zig. For great justice.
Rust is named after the fungus, not oxidized metal
Python is named after Monty python and not the snake
Brainfuck is named after… uh, something
it’s pronounced “gif”
So, you are telling Rust is named after the pathogenic fungus (cause disease) and the logo is a crab, just like the logo of Cancer?
That fits well with the language and its community. Well done!
What is so wrong with people being excited about a language they like? I have always found the Rust community extremely welcoming and caring.
In my entire life I have never seen anything in programming anywhere near as unimaginably toxic as the Rust community.
They have a hammer and damnit if they aren’t going to prove its the best tool for brain surgery.
Take the joke and go home ffs.
It’s too early to tell.
Rust has a killer feature and a tonne of buzz, but poor ergonomics.
Zig is developing into simple elegance and wonderful interop, but has more work to do before it will be widely usable.
It’s entirely possible that ideas and lessons taken from them will inspire another language that ends up eclipsing them both.
I would say at this point in time it’s clearly decided that Rust will be part of the future. Maybe there’s a meaningful place for Zig too, but that’s the only part that’s too early to tell.
If you think Zig still has a chance at overtaking Rust though, that’s very much wishful thinking. Zig isn’t memory safe, so any areas where security is paramount are out of reach for it. The industry isn’t going back in that direction.
I actually think Zig might still have a chance in game development, and maybe in specialized areas where Rust’s borrow checker cannot really help anyway, such as JIT compilers.
Okay, but…
it’s clearly decided that Rust will be part of the future.
That’s not what OP asked.
If you think Zig still has a chance at overtaking Rust though, that’s very much wishful thinking.
That’s not what I said.
No, OP asked for a black and white winner. I was elaborating because I don’t think it’s that black and white, but if you want a singular answer I think it should be clear: Rust.
I see. You replied to me, though, with commentary that doesn’t fit the question I was answering or the thoughts I was expressing. Don’t you think it would have made more sense as a reply to OP?
Which one’s in the Linux kernel?
Rust in Linux lead retires
“I was expecting [Rust] updates to be faster, but part of the problem is that old-time kernel developers are used to C and don’t know Rust,” Torvalds said. “They’re not exactly excited about having to learn a new language that is, in some respects, very different. So there’s been some pushback on Rust.” Torvalds added, however, that “another reason has been the Rust infrastructure itself has not been super stable.” – Source [24-09-03]
I’m not sure that’s something to be crowing about, mate…
lol
Swing and a Miss. you need to catch up on what paid developers are doing. Go see what Google just announced and come back and tell us all again how right you are
the notoriously conservative Torvalds allowing Rust where C++ has been banned is worth crowing about, because he knows Rust is great, mate. nobody cares about a bunch of non-Rust coders not wanting to use Rust in the beta version of the kernel toochain
I hope that someone in the 40 comments i don’t have time to read right now has pointed out that the premise of OP is flawed for the simple reason that Rust hit v1.0 in 2015, while Zig is still nowhere near that milestone in 2024.
So we are not even talking about the same “future” period from the start.
So, no need to get to the second false premise in OP, which is limiting a “future” period to one successful dominating language only. Nor is there a need to go beyond these premises and discuss actual language details/features.
I also hope that some of the people reading this realize that OP is also the person posting all of the “stop trying to suppress C” posts.
🤣
I don’t know, and I don’t want to get personal. But that’s usually a sign of someone who doesn’t even code (at non-trivial levels at least)*, and thinks programming languages are like sport clubs, developers are like players contracted to play for one and only one club, and every person in the internet gantry need to, for some reason, pick one club (and one club only) to be a fanboy of. Some people even center their whole personality around such fanboyism, and maybe even venture into fanaticism.
So each X vs Y language discussion in the mind of such a person is a pre-game or a pre-season discussion, where the game or season is an imaginary competition such people fully concoct in their minds, a competition that X or Y will eventually and decidedly “win”.
* Maybe that was an exaggeration on my part. Some junior developers probably fall into these traps too, although one might expect, or maybe hope, that their view wouldn’t be that detached from reality.
I’m hoping to finally finish and send out a delayed new release for one of my older and mature CLI tools this weekend. It’s written in C btw 😄
Modev says they’ve been using C for 25 years, and used Rust for several years as well! Their whole schtick baffles me.
What are your goals?
If you want to learn another language just for the fun of it (the best reason) than learn both.
Of you want to improve your tool set to be able to land a job, then there is no good answer. Probably some other high level language like Python, Java, JavaScript, C#. Etc.
Also: Zig bay be easier to get started when coming from C, because it is mostly imperative.
Rust introduces concepts from functional programming. This could be interesting for you, of you don’t have any experience in functional programming to get in touch with other programming styles. Or not, of you explicitly don’t want to learn such things.
I use both languages, and I enjoy both. Shameless plug: I’ve written a blog post ~ 2 years ago what I like about each language: https://zigurust.gitlab.io/blog/posts/three-things/
Duzt.
There, i coined it.
I’d say if you’re happy with #C, there’s no need to choose any second language. 🤷
Before even looking at any alternatives, the question should be “why not C”. Some of the typical complaints are:
- memory safety – or, more generally, the fact that C is only partially defined, leaving a lot to the dangerous area of undefined behavior. There’s no way to reliably detect undefined behavior by static code analysis, and it will often hide well at runtime. Especially errors regarding memory management often directly expose security vulnerabilities. In my experience, the risk can be reduced a lot by some good coding and design practices. Examples are avoiding magic numbers, using
sizeof
everywhere possible, preferably on expressions instead of type names, defining clear ownership of allocated objects (and, where not possible, add manual reference counting), making ownership explicit by usingconst
where appropriate and naming your functions well, and so on. Given also there’s no guarantee alternative languages will safeguard you from all the possible issues and there are also a lot of other ways to create security vulnerabilities, my take on this would be: partially valid. - programming paradigm – you can only program in classic procedural style. Well, that’s simply not true. First of all, you can program whatever you want in any turing-complete language, so what we talk about shouldn’t be what’s directly supported by the constructs of the language, but what’s practically usable. In C, using some simple OOP is commonplace. Well, you can apply OOP to assembler programming without too much hassle, so, it’s not surprising you can do it in C, as it’s a pretty thin abstraction on top of machine code. C helps further with its linkage rules, where everything in a compilation unit is by default inaccessible to other units, and its incomplete types, where only a type name is known, but neither its size nor inner structure, giving you almost perfect information hiding for free. If you want/need polymorphism, it gets a bit more complicated (you have to think about how you identify types and manage virtual tables for them), but still perfectly doable. You’ll hit the practical limits of the language when you want to go functional. The very basics are possible through function pointers, but most concepts of functional programming can’t be applied to C in a somewhat sane way. Unless that’s what you need, my take would be: invalid.
- limited standard lib. Indeed, the C standard library misses lots of things that are often needed, for example generic containers like lists, hashtables, queues, etc. It’s straight-forward to build them yourself, but then, there are many ways to do that (with pros and cons). You’ll find tons of different implementations, many non-trivial libraries bring their own, of course this also increases the risk to run into buggy ones … I wouldn’t consider it a showstopper, but I’d mark this complaint as: valid.
Then, the next question would be: For what purpose are you looking for a second language?
For applications and services, there’s already a wide range of languages used, and I’d say do what everyone does and pick what you’re most comfortable with and/or think best suits the job. IOW, it makes little sense to ask what would be “the future”, there have always been many different languages used, just pick one that’s unlikely to quickly disappear again, so you’d have to restart from scratch.
For systems programming “the future” has been C for many decades 😏 … some people want to change that, actually for good reasons. IMHO, the current push for #Rust (I don’t see anything similar regarding #Zig yet?) into established operating systems is dangerous. An operating system is very different from individual apps and services. It’s required by these as a reliable and stable (in terms of no breaking changes) platform. It’s complex and evolves over an extremely long period of time. It needs to interface with all sorts of hardware using all sorts of machine mechanisms (PIO, DMA, MMIO, etc pp). I conclude it needs a very stable, proven and durable programming language. You’ll find C code from the 30 years ago that just still builds and works. IMHO a key factor is that there’s an international standard for the C language, governed by a standards body that isn’t controlled by any individual group. And correlated to that, there are many different implementations of the language. Before considering any different language in core areas of an established operating system, I’d like to see similar for that new language.
Now, C was developed more or less together with #Unix, so back then, nobody knew it would be such a success, of course there was no standard yet. But then, I think this is the sane way to introduce a new systems programming language: Use it in a new (research?) OS.
Check Redox
For me you really aren’t selling it.
When the answer to major draw backs with a language is use it better that’s a dead end for me.
Some of the greatest programming minds have been using c for a long time and we still have a huge amount of dangerous vulnerabilities all the time.
The language is fundamentally flawed and other languages have demonstrated that you can get the same flexibility, expressiveness and performance without these flaws.
Again with the lack of many standard lib constructs. I now have to trust that every lib i use was written by a serious expert. as they’ll need to implement so much themselves rather than trusting the core language team, who you hope would know it better than most.
And again with OOP. Why hack it into a language rather than use a language that supports it.
It’s beginning to feel like people are just clinging to c because it’s what they are used to. All I seem see are justifications of its flaws and not any reasons to actually use it.
If it came out today you’d have an incredibly hard time convincing anyone to use it over other languages.
When the answer to major draw backs with a language is use it better that’s a dead end for me.
Try browsing the list of somewhat recent #CVE rated critical, as I just did to verify. A majority of them is not related to any memory errors. Will you tell all them “just use a different programming language”?
And again with OOP. Why hack it into a language rather than use a language that supports it.
Have you seen existing C code? For anything non-trivial, most code uses some OOP, and it comes quite natural in C, certainly no “hacking”. You don’t need a
class
keyword to do that.If it came out today you’d have an incredibly hard time convincing anyone to use it over other languages.
It doesn’t come out today, it’s been there for a long time, and it’s standardized, proven and stable. Sounds like you seriously misunderstood my points, which were, in a nutshell: For applications and similar, just use whatever suits you; for operating systems do experiments in lab/research projects (as was done with Unix), because existing and established ones are relied upon by lots of software. Just to make that perfectly clear, that doesn’t mean they should use C forever, it means they should wait for a potential replacement to reach a similar state of stability with independent standards and competing implementations.
Try browsing the list of somewhat recent #CVE rated critical, as I just did to verify. A majority of them is not related to any memory errors. Will you tell all them “just use a different programming language”?
I’m sorry, but this has been repeatedly refuted:
- Google “analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities”. Source: https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html
- “Microsoft: 70 percent of all security bugs are memory safety issues” Source: https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/
And yes, they are telling their engineers to use a different programming language. In fact, even the NSA is saying exactly that: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3215760/nsa-releases-guidance-on-how-to-protect-against-software-memory-safety-issues/
It doesn’t come out today, it’s been there for a long time, and it’s standardized, proven and stable.
This seems like an extremely short-sighted red herring. C has so many gaps in its specification, because it has no problem defining things as “undefined behavior” or “implementation defined”, that the standard is essentially useless for kernel-level programming. The Linux kernel is written in C and used to only build with GCC. Now it builds with GCC and LLVM, and it relies on many non-standard compiler extensions for each. The effort to add support for LLVM took them 10 years. That’s 10 years for a migration from C to C. Ask yourself: how is that possible if the language is so well standardized?
- memory safety – or, more generally, the fact that C is only partially defined, leaving a lot to the dangerous area of undefined behavior. There’s no way to reliably detect undefined behavior by static code analysis, and it will often hide well at runtime. Especially errors regarding memory management often directly expose security vulnerabilities. In my experience, the risk can be reduced a lot by some good coding and design practices. Examples are avoiding magic numbers, using