Hacker News new | ask | show | jobs
by torrent 1314 days ago
> I mean, the almost-simplest abstraction possible the std::vector has potential UB right in its [] operator.

It's your responsibility to pass the allowed range of value to a function. It a function description tells you to e.g. pass only non-null pointers or only even integers then it's your fault if you don't do it. Inside the function there may me asserts but there is no need to such checks in general.

> There's just sooooo much that you have to get 100% right as a programmer

It's simply the job of the programmer to get it 100% right. No language can do this job for you.
1 comments
Quekid5 1314 days ago
I'm not sure what to say. You're replying in the context of a post about why people literally do not and cannot get it right 100% of the time. Thinking so is pure hubris. (And demonstrably so.)

EDIT: The fundamental problem with the "attitude" of C++ I see is that fast-and-potentially-UB by default is a bad default (as almost all defaults in C++ are). It would be far saner to have slow-but-guaranteed-behavior by default[0]... but the C++ committee has repeatedly demonstrated that they're not willing to do that. Well, it's either that or require the compiler to prove that the fast behavior is safe (an example of which is Rust), but that's likely not feasible in C++... unless you turn it into Rust with even more obscure and verbose annotation.

[0] At least you can stay safe and then optimize as needed from there.

link
torrent 1314 days ago
> why people literally do not and cannot get it right 100% of the time. Thinking so is pure hubris.

Sure we all don't get it right 100% on the first write. For this reason we test and iterate. Equally you could say that it is pure hubris that a language will enable you to make your code right 100% of the time.

You mean the vector::operator[] is an example of fast-and-potentially-UB ? I don't see any UB if the constraints are met (keeping the index within valid range).

If they are not willing in a specific case they for sure had specific reasons not to be.

link
Quekid5 1314 days ago
The evidence in the form of CVEs suggests that we don't get it right.

> You mean the vector::operator[] is an example of fast-and-potentially-UB ? I don't see any UB if the constraints are met (keeping the index within valid range).

I don't understand this line of reasoning when it's plain that the contraints are not met. Routinely. It happens all the time. Again, see the CVEs.

link