re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet]

[dcrocker at eschertech.com (David Crocker)]

mikeiscool wrote:

> >
Don't go there, sister. Come up with some reasonable tests before making a
statement like that. "Assembly code can be as much as a million times faster
then the run time of a C++ version of the same algorithm." Bit useless, isn't
it?
<<

I would not have made the statement I did had the tests not been done and
provided very clear results. I am not at liberty to go into details of the tests
I have been involved with, however if you Google for e.g. "C++ C# performance",
you will see that other people are getting similar results.

> >
Lets not forget that writing faster/more optimised code in c++ will be more
complex and hence allow room for more errors then letting the c#/java runtime
optimiser do the dirty work for us.
<<

C++ offers much more room for errors than C# or Java, and not just in memory
management. If you re-read my comment, you will realise that I was not promoting
C++ as being a better language than C#, just pointing out that there are some
situations in which the replacement of C++ by C# is not yet feasible, such as
where a performance reduction of around 30% to 50% cannot be accepted. It is to
be hoped that as JIT compiler technology continues to improve, the performance
gap will be further reduced.

David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com




-----Original Message-----
From: mikeiscool [mailto:michaelslists at gmail.com] 
Sent: 05 November 2006 02:19
To: David Crocker
Cc: Secure Coding
Subject: Re: [SC-L] re-writing college books [was: Re: A banner year for
software bugs | Tech News on ZDNet]


On 10/28/06, David Crocker <dcrocker at eschertech.com> wrote:
> Crispin Cowan wrote:
>
> > >
> For me, the enemy in the room is C++. It gives you the safety of C 
> with the performance of SmallTalk. There is no excuse at all to be 
> writing anything in
> C++ yet vastly too many applications are written in C++ anyway. 
> C++ Instead of
> trying to coax developers to switch from C++ to something "weird" like 
> SML, lets encourage them to switch to Java or C#, which are closer to 
> their experience. <<
>
> Unfortunately, there are at least two situations in which C++ is a 
> more suitable alternative to Java and C#:
>
> - Where performance is critical. Run time of C# code (using the faster 
> .NET 2.0
> runtime) can be as much as double the run time of a C++ version of the same
> algorithm. Try telling a large company that it must double the size of its
> compute farms so you can switch to a "better" programming language!

Don't go there, sister. Come up with some reasonable tests before making a
statement like that. "Assembly code can be as much as a million times faster
then the run time of a C++ version of the same algorithm." Bit useless, isn't
it?

Lets not forget that writing faster/more optimised code in c++ will be more
complex and hence allow room for more errors then letting the c#/java runtime
optimiser do the dirty work for us.


> However, I suspect that most security-critical programs do not fall 
> into either of these categories,

What? Cryptography rings a bell ...


> so C# or Java would indeed be a better choice than C++ for those 
> programs.
>
> David Crocker, Escher Technologies Ltd.
> Consultancy, contracting and tools for dependable software development 
> www.eschertech.com

-- mic