Undefined Behavior in C and C++ (2024)

Original Article ↗ Hacker News Discussion ↗

Rust vs C/C++ in Real-World Use

  • Tooling: Several comments praise Rust’s tooling—especially Cargo and the compiler’s diagnostics—as far superior to typical C/C++ workflows, partly offsetting slower compile times by reducing “edit–compile–debug” cycles.
  • Dependency management: Cargo is seen as a strong advantage over ad‑hoc C/C++ build systems, though some argue package management should live at the project, not language, level.
  • Async and concurrency: Experiences differ. Some find async Rust and multithreading “empowering” and safer than C++, others report serious pain when mixing async with generics/traits or complex ownership, leading to “channel hell.”
  • Game development: Multiple anecdotes and references claim Rust is a poor fit for non‑trivial game engines: refactoring is costly, many common patterns fight the borrow checker, and developers often end up “working around” Rust’s safety and losing its benefits.
  • Embedded / tiny binaries: Some argue C/C++ still dominate where code size, no-heap operation and unsupported CPUs matter. Others counter that Rust can produce very small binaries and treat allocation as a library concern, but acknowledge configuration complexity.
  • Ecosystems: Graphics, drivers, major APIs (Khronos, POSIX, CUDA, DirectX, console SDKs) and mainstream IDE/debugger tooling still assume C/C++. This inertia is seen as a major practical reason to stick with C/C++.

Portability and Language Fit

  • Portability: One side claims C is only “portable” in that compilers exist everywhere; real software requires substantial per‑platform porting and #ifdefs. Others argue C remains the most portable option, especially for obscure architectures, and that fully standard‑conforming code can be widely portable.
  • Style and complexity: Rust’s pattern matching, enums and traits are seen by some as over‑academic and verbose compared to C’s “terse, do‑what-I-say” style; others argue they encode invariants more safely than scattered booleans and null pointers.
  • “Rust forces you to code in the Rust way”: Some like C/C++’s freedom to choose paradigms, others point out that every language constrains you (e.g., missing tagged unions, pattern matching, or methods in C).

Undefined Behavior, Safety, and Standards Work

  • C/C++ UB scope: A standards participant notes that many UB instances in C23 are being removed or clarified; many “UB entries” were effectively documentation bugs (“ghosts”) rather than real traps.
  • Pointer provenance & integer–pointer conversions: Long debate over proposals to formalize provenance, how much pointer forging should be allowed, and whether this blocks writing allocators, arena systems, or low‑level tricks (vector loads, Wasm linear memory, DMA). There’s disagreement over how much this is rooted in hardware reality vs optimization-driven modeling.
  • Optimization vs correctness: One camp insists most UB (signed overflow, strict aliasing, null to strlen, etc.) exists to enable significant optimizations (loop unrolling, vectorization, avoiding extra branches). Another camp argues the performance benefits are overstated, heavily benchmark‑driven (e.g., SPEC), and that UB more often leads to dangerous miscompilations than meaningful speedups.
  • Uninitialized variables: C and upcoming C++ revisions refine semantics (e.g., “erroneous behavior” instead of UB, well‑defined garbage values in some cases) to reduce catastrophic misoptimizations while retaining performance.
  • UB as extension surface: It’s emphasized that “undefined by ISO C” often just means “left to the implementation”: vendor extensions, POSIX APIs, and nonstandard headers live here. But this also means a compiler may legally treat UB as dead code and delete it.
  • Safety tools and variants: Mentions of Fil‑C (memory‑safe, panicking C/C++ implementation) and tools enforcing safe C++ subsets suggest an emerging space of “safer C/C++” that trades performance or flexibility for safety, without switching languages.

Language Culture and Alternatives

  • Some complain about “Rust everywhere” and aggressive advocacy, noting other options (Ada, Zig, Hare, Odin, V) and criticizing Rust community attitudes toward unsafe.
  • Others stress that despite all flaws, C and C++ still underpin virtually all major OSes, runtimes, and infrastructure; many theoretically superior languages never achieved similar adoption.