Code isn't going to be safer in language XYZ if developer isn't proficient with it, no matter how awesome XYZ is.
There are safe languages that are similar enough to C that it is not hard to pick them up for a C programmer. I agree if the replacement is ML or Haskell. But e.g. Rust, Cyclone, or Go (if a GC is acceptable) are not going to be hard for most C programmers.
Also keep in mind that most of the "safe" languages depend on runtime which isn't written in a safe language.
Rust is almost runtime-less. The Go runtime is mostly Go since 1.4.
This is also true for C - there's some stuff in every C standard library that has to be written in asm, once for each supported platform.
I didn't say it's not going to be work :).
So you're just pushing the problem somewhere else. [...] So the bottom line is: there's always something underneath.
That does not mean that, say, Haskell is not tremendously much safer than C. First, because you only have to implement the icky parts once. Second, because a better type system and abolishment of undefined behaviour gives you more safety for a very small cost (if at all, the extra compile time for a better type system is probably negated by the cost of headers).
Rust is a very large language with an equally large set of standard library functions. It also requires changing how you structure your programs to work within the constraints of the borrow checker.
Rust also relies on LLVM, which has a limited set of target architectures when compared to C.
"There are safe languages that are similar enough to C that it is not hard to pick them up for a C programmer."
It's not about similarity, it's about differences. System code is all about subtleties in language, UBs in C for example. Just because Rust syntax is similar doesn't mean it can be easily picked up by a C dev.
"Rust is almost runtime-less."
Almost is the key. Even FAQ mentions that it's not suitable for low level code exactly because of its assumptions about how memory allocator works. You'd have to implement it. And you still assume that compiler output is flawless (which is very unlikely given Rust's age).
"I didn't say it's not going to be work :)"
But that's exactly what you're implying ;P "Oh come on, it can be done, why not?!" I'm giving you reasons why. These aren't superficial, I worked on OS, OS drivers, I'm currently working on hardware simulators. If your aim is safer systems, switching from C to Rust (which I happen to love) isn't the answer yet. And probably not for the next 10+ years.
"That does not mean that, say, Haskell is not tremendously much safer than C."
I'm not saying that there are no languages inherently safer than C. I'm saying that a) people can't switch just like that, b) familiar syntax isn't enough, c) legacy matters, d) there's always something that will still be "unsafe". As a pragmatic I'm claiming that you can spend time better than switching languages.
"First, because you only have to implement the icky parts once."
How is this not true in C?
"Second, because a better type system and abolishment of undefined behaviour gives you more safety for a very small cost (if at all, the extra compile time for a better type system is probably negated by the cost of headers)."
No, again, cost associated with new language is massive, especially if you care about quality.
zamalek got it correct above. Those languages above only cover 2 or 3 architectures that the project works with. There is no Rust or Go compiler for vax, alpha, macppc, sparc64. There are C/C++ compilers though.
Yes, I know, that's what I mentioned in my original post: it requires portability work.
There is no Rust or Go compiler for vax, alpha, macppc, sparc64. There are C/C++ compilers though.
Well, I think compilers for some of these architectures (e.g. VAX and Alpha) still exist in gcc largely because OpenBSD and NetBSD have put so much effort in keeping them alive (yes, I know that OpenBSD is using an older version). So, it's not as if you get C compilers for these platforms for free.
There are safe languages that are similar enough to C that it is not hard to pick them up for a C programmer. I agree if the replacement is ML or Haskell. But e.g. Rust, Cyclone, or Go (if a GC is acceptable) are not going to be hard for most C programmers.
Also keep in mind that most of the "safe" languages depend on runtime which isn't written in a safe language.
Rust is almost runtime-less. The Go runtime is mostly Go since 1.4.
This is also true for C - there's some stuff in every C standard library that has to be written in asm, once for each supported platform.
I didn't say it's not going to be work :).
So you're just pushing the problem somewhere else. [...] So the bottom line is: there's always something underneath.
That does not mean that, say, Haskell is not tremendously much safer than C. First, because you only have to implement the icky parts once. Second, because a better type system and abolishment of undefined behaviour gives you more safety for a very small cost (if at all, the extra compile time for a better type system is probably negated by the cost of headers).