|
|
|
|
|
|
by IshKebab
1438 days ago
|
|
|
Nice find. That article is highly unconvincing though and mostly argues against straw men. > Although using strings subverts C’s already weak type checking, that’s probably not a major concern. One can screw up bit masks by using || in place of |. Or, as above, one can incorrectly pack the magic array. It’s usually much easier to visually audit a string than the C code used to plaster a dozen option together. It's pretty easy to design an interface that is way way less error-prone than strings (especially ones full of single-letter differences!) and the visual auditing argument falls apart as soon as you have to `snprintf()` some string together from parts. This code is way more readable, way less error prone, more discoverable, faster and more easily extendable than strings: auto config = make_pledge_config();
config.read_path = true;
config.stdio = true;
pledge(&config);
You'd think security focused people would care about static type checking. |
|
|