template <typename T>
struct Slice {
T* data = nullptr;
size_t size = nullptr;
T& operator[](size_t index) {
if (index >= size) crash_the_program();
return data[index];
}
};
Your comment started out with "just."
As if there are never any compelling reasons to want to make existing C code better.
But instead of taking that as an opportunity to reflect on when various tools might be appropriate,
> as I'm advocating to use the more advanced feature-rich tool over the compiler-specific-hacks one.
You've simply doubled down.
However, you still need something like -fbounds-safety in C++, due to the copy-paste compatibility with C, and too many people writing Orthodox C++, C with Classes, Better C, kind of code, that we cannot get rid of.
I find it a bit hard to justify using the STL when a single <unordered_map> include costs 250ms compile time per compile unit.
The fact that I don't have to step through this in the debugger is also a bonus:
template <size_t _Offset, size_t _Count = dynamic_extent>
[[nodiscard]] _LIBCPP_HIDE_FROM_ABI constexpr auto subspan() const noexcept
-> span<element_type, _Count != dynamic_extent ? _Count : _Extent - _Offset> {
static_assert(_Offset <= _Extent, "span<T, N>::subspan<Offset, Count>(): Offset out of range");
static_assert(_Count == dynamic_extent || _Count <= _Extent - _Offset,
"span<T, N>::subspan<Offset, Count>(): Offset + Count out of range");
using _ReturnType = span<element_type, _Count != dynamic_extent ? _Count : _Extent - _Offset>;
return _ReturnType{data() + _Offset, _Count == dynamic_extent ? size() - _Offset : _Count};
}As someone that enjoys C++ since 1993, alongside other ecosystems, many pain points on using C++ complaints are self inflicted, by avoiding using modern tools.
Heck, C++ had nice .NET and Java alike frameworks, with bounds checking even, before those two systems came to exist, and nowadays all those frameworks are mostly gone with exception of Qt and C++ Builder ones, due to bias.
#define span(T) struct span_##T { size_t len; T *data; }
#define span_access(T, x, i) (*({ \
span(T) *_v = (x); \
auto _i = (i); \
if (((size_t)_i) >= _v->len) abort(); \
&_v->data[_i]; \
}))
Boundary checking for array indexing is table stakes.
musicale•1d ago
OpenBSD maybe? or a fork of CheriBSD?
macOS clang has supported -fbounds-safety for a while, but I"m not sure how extensively it is used.
1over137•1h ago
You first have to modify "all C code". It's not just a set and forget compiler flag.
wyldfire•1h ago
Note that corresponding checks for C++ library containers can be enabled without modifying the source. Google measured some very small overhead (< 0.5% IIRC) so they turned it on in production. But I'd expect an OS distro to be mostly C.
[1] https://libcxx.llvm.org/Hardening.html
bombcar•1h ago
pezgrande•1h ago
zmodem•45m ago
And Android uses Clang for its Linux kernel.
-fbounds-safety is not yet available in upstream Clang though:
> NOTE: This is a design document and the feature is not available for users yet.
honktime•1m ago
https://chimera-linux.org/
pjmlp•1h ago
https://docs.oracle.com/en/operating-systems/solaris/oracle-...
prussian•1h ago
dezgeg•40m ago
groundzeros2015•26m ago
irishcoffee•21m ago
One of these days the witch hunt against C will go away.
random_mutex•8m ago