One of the main problems is that C is treated mostly like a fancy assembler. The kernel developers do this because they want the kernel to be as fast and as small as possible. There are other reasons, too, such as the need to do architecture-specific tasks that lack a C API (e.g. setting up page tables, switching to 64-bit mode).
But there is lots of undefined behavior in C. This „operational baggage” can lead to various problems. In addition, C has a weak standard library with multiple utility functions that have various pitfalls. In C, the content of uninitialized automatic variables is undefined, but in the machine code that it gets translated to, the value is whatever happened to be in that memory location before. In C, a function pointer can be called even if the type of the pointer does not match the type of the function being called—assembly doesn’t care, it just jumps to a location, he said.
The APIs in the standard library are also bad in many cases. He asked: why is there no argument to memcpy() to specify the maximum destination length? He noted a recent blog post from Raph Levien entitled „With Undefined Behavior, Anything is Possible”. That obviously resonated with Cook, as he pointed out his T-shirt—with the title and artwork from the post.
Więcej: https://lwn.net/SubscriberLink/763641/c9a04da2a33af0a3/
