Thursday, April 13, 2023

C23 Standard Sets the World on Fire

Terence Kelly and Borer Yekai Pan (via Hacker News):

Like the previous major revision, C11, the latest standard introduces several useful features. The most important, if not the most exciting, make it easier to write safe, correct, and secure code. For example, the new <stdckdint.h> header standardizes checked integer arithmetic[…]


In addition to these new correctness and safety aids, C23 provides many new conveniences: Constants true, false, and nullptr are now language keywords; mercifully, they mean what you expect. The new typeof feature makes it easier to harmonize variable declarations. The preprocessor can now #embed arbitrary binary data in source files. Zero-initializing stack-allocated structures and variable-length arrays is a snap with the new standard ={} syntax.


Standard C hides behind a paywall: The official standard currently costs more than $200, so most coders make do with unofficial drafts. The standard routinely confuses its own authors, and crucial parts mystify even experienced and well-educated programmers; baffled silence is not consent.


C23 furthermore gives the compiler license to use an unreachable annotation on one code path to justify removing, without notice or warning, an entirely different code path that is not marked unreachable[…]


Imagine, then, my dismay when I learned that C23 declares realloc(ptr,0) to be undefined behavior, thereby pulling the rug out from under a widespread and exemplary pattern deliberately condoned by C89 through C11.


2 Comments RSS · Twitter · Mastodon

Idk, I program in C a lot but mostly embedded so not much realloc(), nevertheless that article seems rather bombastic about what shouldn't be an issue anyway. Zero-size behaviour has always been implementation defined AFAIK, so I never relied on it. "Condoned" is not standard, so you can't use it, simple as that. Also, their "idiomatic" code is NEVER used in this way because realloc()-ing for every push/pop is insane. They know that, because they ask for a better version is their "drill". But when you add a separate size manager, it doesn't take much more to add a check for zero size. To me, it seems like a non-issue, but they essentially build their whole tirade on it.

I think the crucial point is that C has become stratified as a language and is no longer the "high-level assembler", if it ever was. Sure, the example is particular, but it's a good illustration of the tension between, to be honest, C and C++/Rust programmers. It's simply language complexity, mostly intended to benefit the idiomatic preferences and stratospheric levels of optimisation that make the already difficult positively dangerous, and it's befitting a go-faster industry that overwhelmingly represents professional software engineering. I realise this can be seen just as much as "old man yells at cloud" (I'm 40), but C has always been the choice of those who, apart from not having much alternative choice of language for purely practical reasons, simply needed a pragmatic, portable language to implement their performance-critical code, in a way that gives them relative freedom to exercise the platforms they're targeting. It's not, and has never been, an abstract, high-level language, and the industrial efforts at bringing C and C++ together beyond a few token features has been, in my view, a net negative. Rant rant rant, etc.

Leave a Comment