[robertgraham]

It's an absurd point.

ZCash was built upon the Bitcoin codebase. This inherits a lot of bad decisions. Moral purity, demanding they start over again from scratch, just isn't practical.

The bug in question could have been solved had the simply compiled with minimal static analysis -- by which I mean -Wall.

C/C++ is memory safe if you turn on dynamic checking. Sure, it's twice as slow as C/C++, but still tons faster than nonsense languages like Ocaml or Haskell.

[kzrdude]

No, there is no dynamic checking that guards against iterator invalidation in general. You can't make it memory safe with gcc or clang.

[daira]

This bug had nothing to do with Zcash. Please correct your comment to say Zcoin, if that's what you meant.

In any case, Zcash is also derived from Bitcoin and builds with `-Werror` (edit: not `-Wall`, but we're working on that). That kind of minimal static analysis is certainly not sufficient to catch the majority of bugs, though.

C++ is not memory safe in any meaningful sense. There have been efforts to define a memory-safe subset, but typical large codebases, including Bitcoin, do not come close to falling within that subset.

[aij]

> C/C++ is memory safe if you turn on dynamic checking.

What's the option to turn that on? Which compilers is it in?

I know there were several fat-pointer patches to GCC back in the day, but I didn't think anything remotely similar had ever gone mainstream. There's just too much existing code that relies on undefined behavior last I checked.

[im3w1l]

> C/C++ is memory safe if you turn on dynamic checking.

Is anyone here doing this? Would be interesting to hear your experience.

[jhasse]

If valgrind counts, then yes.

[kzrdude]

I'll count valgrind if your program always runs in valgrind. Otherwise it doesn't protect you dynamically.

[jhasse]

That means CI runs unit tests etc. via

    valgrind --quiet --leak-check=full --error-exitcode=1 *binary*