Comment by FpUser
1 year ago
>"I've been seeing C++ fans talk about how they never see memory safety issues in practice in C++ for a decade and a half. I even believed it sometimes. But if there's ever been a common story over those 15 years, it's that these anecdotes mean little, and the actual memory safety property means a lot."
While I use C++ a lot I am not a fan. It is just one of many languages I use. But from my personal experience it is true. I frankly forgot when was the last time I hit memory problem, years for sure. And my code is often a stateful multithreaded backends with high request rate.
Are you properly trying to exploit your own software?
If you're not looking, how would you know?
You could have a blatant SQL injection in your code and you can always pretend that it doesn't matter, since you haven't been attacked so far.
Memory safety issues show up all the time outside of security exploits. Industry began pursuing memory safety long before anyone cared much about security, simply because of the productivity impact of chasing down memory leaks and use-after-free bugs. So if they've used C++ for years without having to do that, its pretty meaningful. It also matches my experience working on a large C++ application that had ubiquitous use of smart pointers. I wouldn't want to do that again, but RAII takes you a long way.
>"You could have a blatant SQL injection in your code"
I my case SQL injection is not possible. I am not constructing any SQL statements from input.
>"you can always pretend"
I think it is you pretending to know problems that do not exist in my code.