Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

C# actually has unsafe too. And it's pretty common in both of these languages for there to be C libraries involved somewhere in the stack.


> C# actually has unsafe too.

An optional feature. Very useful for embedded and similar, but for general-purpose stuff like the web you never need anything unsafe.

> it's pretty common in both of these languages for there to be C libraries involved somewhere in the stack.

Negative. The complete stack is open source. You can browse the source code of the standard library at https://source.dot.net/ You only gonna find unsafe/dllimport for IO parts of that library where they integrate with file systems and such. All their core components are 100% managed code.


Filesystems, networking, ... Basically anything a program needs to interact with things outside its address space requires C interop and thus unsafe code. I sure hope your web server is listening on a socket because it's not going to be much of a web server otherwise.

Then there's crypto, for which the corelib defers to the OS (CNG / openssl) because doing crypto in managed code is hard.

But forget all that; even pure C# code isn't safe because it occasionally needs to hook into the CLR for unsafe things. Eg https://source.dot.net/#System.Private.CoreLib/Dictionary.cs... - unsafe code called from Dictionary.Remove


All modern OSes are written in C and/or C++, unsafe code is inevitable there. Some people tried to fix that a few times (hardware java machines, singularity/midori, etc.), wasn't good enough.

> unsafe code called from Dictionary.Remove

For creating, and checking for, empty reference.

Rust standard library uses unsafe way more. That design has consequences, e.g. check this https://medium.com/@shnatsel/how-rusts-standard-library-was-...

It's somewhat harder to screw up when you can rely on VM guarantees, and don't need that level of trust in the libraries you consume.


You misunderstand. I have nothing against the standard libraries of a language using unsafe code. However you are the one that said:

>but for general-purpose stuff like the web you never need anything unsafe.

... and:

>> it's pretty common in both of these languages for there to be C libraries involved somewhere in the stack.

>Negative. [...] All their core components are 100% managed code.

... so I posted a correction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: