Why a C++ framework is inappropriate

Posted:
in Mac Software edited January 2014
This is an example of why I think a C++ framework is inappropriate for general business applications:



From article: http://story.news.yahoo.com/news?tmp...4&sid=95609558



Quote:

The first advisory, "Long argv[] Buffer Overflow," warns that an attacker could possibly crash Mac OS X and execute commands as root.



Business apps don't usually need the horsepower that C++ provides. Instead, it should be done using a managed language such as Java or C#. In places where performance tuning is necessary, C++ is acceptable... (Edit: sorry, replace C++ with Objective-C)



Next question that comes to mind is the reliability of the study, since I think I recognize the company that did the study... Is @stake the company that fired that guy for blasting Microsoft security?

Comments

  • Reply 1 of 11
    jlljll Posts: 2,713member
    What on earth does that have to do woth C++?



    It's about issuing long command line arguments.
  • Reply 2 of 11
    amorphamorph Posts: 7,112member
    argv[] is as old as UNIX and C.



    This is an implementation bug, plain and simple and easy to fix.



    It's also not relevant to frameworks for business applications, because this is a systems programming issue. The sort of high-level abstraction and transparent resource management that are welcome in applications programming are inefficient bloat in systems programming: The whole point of writing an operating system is precisely to manage resources. You can't write the entirety of C#'s garbage collection routines in C#.



    Given that, the bulk of OS X is written in C (not C++), as is Right and Proper(TM) for a UNIX. Buffer over- and under-runs have always been a problem, but the solution is to find them and fix them, not to try building an OS in C# or Java.



    On the other hand, in this day and age, anyone who sits down and writes a business application in vanilla C (as opposed to C++ or Objective-C) is completely insane. Different tools for different jobs.



    I'd suggest you familiarize yourself with Objective-C and the Cocoa frameworks before you go judging it or comparing it to C++, or straight C, or C#. Not because it's TEH BESTEST LANGWAGE EVAR!!!1!!!, but because it's very much its own thing, and although it can be mingled with C++ and C, it's not used like either one in practice.
  • Reply 3 of 11
    how would you define a business app ?
  • Reply 4 of 11
    There is absolutely no argument that the core OS code has an appropriate claim to C or C++ code.



    My argument is that very few business apps require direct memory management. The inappropriateness of this level of system access is evident in the above example because it put the system security at risk because a textbox is vulnerable to a buffer overrun.





    Quote:

    how would you define a business app ?



    A business app is a general-purpose application which assists a company in tasks related to their business process. Perhaps the confusion is that you are being more inclusive with your definition than I am. I am thinking solely of applications which store, manipulate, and propogate business related data. These types of applications generally have no specialized requirements that would necessitate subjecting its users to the high-risk occupation of direct memory access. When you bring specialized hardware into the equation, I have no disagreement that C is necessary. But a screensaver really has no need to interact directly with the memory.
  • Reply 5 of 11
    Quote:

    Originally posted by Amorph

    argv[] is as old as UNIX and C.



    This is an implementation bug, plain and simple and easy to fix.




    Agreed. But this bug is not possible in Java.
  • Reply 6 of 11
    so java is your flavour of the month ?
  • Reply 7 of 11
    wjmoorewjmoore Posts: 210member
    Quote:

    Originally posted by Jukebox Hero

    Agreed. But this bug is not possible in Java.



    It may well be not possible in Java but for that you pay the performance price of 6 to 15 times slower than C++: Source. Benchmarks are never 100% reliable but it is well known that Java is no speed demon.
  • Reply 8 of 11
    amorphamorph Posts: 7,112member
    Quote:

    Originally posted by Jukebox Hero

    Agreed. But this bug is not possible in Java.



    Of course it's possible in Java. What language is the runtime written in?
  • Reply 9 of 11
    grin~!~ now we wait for juke to jump in & argue this to death
  • Reply 10 of 11
    paispais Posts: 34member
    Quote:

    Originally posted by Amorph

    Of course it's possible in Java. What language is the runtime written in?



    Theoretically, you're right. Practically speaking, though, a buffer overflow is pretty much impossible to exploit in something like the JVM.
  • Reply 11 of 11
    Quote:

    Originally posted by WJMoore

    It may well be not possible in Java but for that you pay the performance price of 6 to 15 times slower than C++



    That statement is not only wrong, it's close to meaningless, and doubly so for the type of apps that are being discussed in this thread.



    Like it or not Java is now the standard tool in many areas of software development and its spread is only increasing. This argument raged several years ago, and history has shown that Java won. (Note that it's only serious competitor is C# which basically *is* Java, and the main reason for slow adoption on the desktop is Microsoft's dislike of cross-platform apps.)



    Time to move on.
Sign In or Register to comment.