[HN Gopher] Show HN: I built a web framework in C
___________________________________________________________________
Show HN: I built a web framework in C
Author : ashtonjamesd
Score : 258 points
Date : 2025-10-09 12:45 UTC (10 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| guerrilla wrote:
| For fun or why?
| hmry wrote:
| Science isn't about why, it's about why not.
| ashtonjamesd wrote:
| For fun! And because I wanted to create a framework that makes
| coding in C feel like a high level language (mainly for fun
| though).
| cozzyd wrote:
| I think it makes lots of sense when adding e.g. a live view to
| some C daemon running on a single board computer. Obviously in
| these cases you're not generally on the public Internet and
| your clients are trusted.
| yodon wrote:
| [flagged]
| johnisgood wrote:
| Use static analysis (Coverity, Coccinelle, sparse), enable
| KASAN/UBSAN, follow the SEI C Coding standard or MISRA C, and
| rely on the review process.
|
| Many popular C projects do really well. Projects that you
| probably use.
|
| Memory-safe languages eliminate vulnerability classes, but
| well-engineered C has proven viable for security-critical
| <insert whatever you want> infrastructure. The real question is
| whether the framework maintains that standard, not whether C is
| inherently unsuitable, thus the security concerns are
| legitimate but not absolute.
|
| I think you are being a bit too dismissive, and your comment
| puts nothing concrete on the table.
| yodon wrote:
| You CAN write good code in any language. The issue is, as you
| say, that memory-safe languages eliminate entire
| vulnerability classes, vulnerability classes that are among
| the most trivially exploitable.
|
| Can write safe code does not mean always writes safe code. A
| web server needs to be safe code, always.
| hu3 wrote:
| This tired, flamewar-prone argument of gatekeeping new code
| in C/C++. Oh the irony coming from someone who wrote this
| some days ago:
|
| > One of the highest priorities for the HN algorithm is to
| promote good interactions and discourage bad interactions.
| The logic is if you have a lot of people bickering with
| each other, regardless of the topic, it normalizes bad
| behavior. HN is trying to sustain itself as a forum with
| great discussions.
| yodon wrote:
| I notice you chose to attack me rather than attacking the
| assertion that memory-safe languages are inherently safer
| than memory-unsafe languages like C. Yes, you CAN write
| memory safe code in C. You DO write memory safe code in
| languages like Java, Python, PHP, and C#. Critically, the
| maintenance programmer also writes memory safe code when
| working in a memory safe language. The maintenance
| programmer is not guaranteed to write memory safe code
| when working in a language like C.
|
| If any of the above is incorrect, I'm interested in
| learning more.
| hu3 wrote:
| There's nothing to dispute in your assertion, because
| you're technically correct.
|
| However it's just not constructive and repetitive. You're
| basically walking into a bar and yelling that alcohol is
| unhealthy.
| dang wrote:
| What was incorrect (to use your word) in your posts in
| this thread was your misalignment with the intended
| spirit of the site. You responded with generic/shallow
| objections to someone's creative work. That's one of the
| failure modes of internet discussion, which is why both
| the HN guidelines
| (https://news.ycombinator.com/newsguidelines.html) and
| the Show HN guidelines
| (https://news.ycombinator.com/showhn.html) ask commenters
| not to do this.
|
| It's true that the repliers crossed into the red as well,
| but fundamentally that's a healthy immune response going
| a little too far.
| yodon wrote:
| dang - thanks for being the incredible mod that you are.
| Genuinely hoping you one day write a book or give a talk
| on effective communication. Your words, even when they
| amount to "dude, you screwed up", are always informative
| and inspiring.
| dang wrote:
| Thanks for the kind reply! I'm always surprised when
| people react so nicely to one of those. It lands, and I
| appreciate it.
| dang wrote:
| This response is right on fundamentals (more at
| https://news.ycombinator.com/item?id=45530668) but
| unhelpful in approach, and ends up breaking the HN
| guidelines in its own right.
|
| Rather than flaming someone for not responding in the
| intended HN spirit, and invoking their recent post as a
| gotcha, it would be better to take that post
| (https://news.ycombinator.com/item?id=45340298) as
| evidence that they want the same things that you (and
| we!) do, and base your response on that.
|
| Nearly everyone here wants great discussions; the problem
| is that we all underestimate the provocations in our own
| comments, or even just don't see them at all. Meanwhile
| the provocations in other people's comments often land
| much harder on us as readers. Say the skew is 10x in each
| direction--that leads to a 100x distortion. This "100x
| problem" is probably at the root of most interpersonal
| glitches here (and not only here). Unfortunately, it
| seems to be a deep and universal bias.
| johnisgood wrote:
| I know I am not supposed to engage here, but... you can
| write "unsafe" code in many languages. Logic bugs are
| extremely common, for one. So are you implying that there
| exists a language where someone "always writes safe code"?
|
| Indeed, a web server needs to be "safe". How do you know
| this project is not safe? Have you even tried it, let alone
| review it, or did you just see "in C" and automatically
| assumed it is not a safe web framework?
|
| I am pretty sure the author of this project is thrilled to
| wait for you to submit issues or even PRs.
| yodon wrote:
| Logic bugs can exist in any language. Buffer overruns,
| unallocated memory uses, use after free, pretty much all
| of the first generation of internet vulns, those are
| signs the code was written in a non-memory managed
| language.
|
| The fact that you CAN write memory safe code in C does
| not mean all maintenance programmers of your project will
| always write memory safe code in all their commits.
|
| Memory managed languages unquestionably reduce the
| surface area of bugs one has to worry about, and in
| particular they eliminate the class of vulnerabilities
| that was most prevalent in web servers prior to the
| widespread adoption of memory safe languages.
| JKCalhoun wrote:
| I'm stupid -- is this to create web apps that run on the server?
| More or less replacing PHP or whatever?
| ashtonjamesd wrote:
| Right now, it's just a framework for building backends. So yes,
| server-side applications. However, I have thought about
| implementing a templating engine for serving HTML files.
| sixtyj wrote:
| Edit: I am considering to delete the following paragraph as
| it seems that my hands were quicker than my brain :)
|
| I'm sorry, but it's like scratching your left ear with your
| right hand. But for fun, yeah, there are worse things people
| do. Good luck and have fun. Now here's where most of us will
| probably be sarcastic, but it's certainly a good way to
| explore whatever others consider bullshit.
|
| Edit: Pls read the following comment. I would hire him/her
| because I consider this as a waste of OP skills and he/she
| would be useful in many more projects.
|
| TLDR; it was not a hate. I am sorry if it sounds so.
| ashtonjamesd wrote:
| True. Also, I love the C language and I don't get joy out
| of writing in many other languages. Additionally, I've
| wanted to make something like this just to learn more about
| how web servers work. I appreciate your thoughts.
| sixtyj wrote:
| It is not about threat. It is about that life is too
| short to do things that are almost nonsense. Ofc everyone
| of us consider "nonsense" in different way.
|
| I wish OP good luck. It was not sarcastic, I really do,
| and would like to hire him/her for the skills. But for
| mankind, this project is almost useless... I apologize if
| this sounds harsh.
| ashtonjamesd wrote:
| That's fair. And I do agree. The use cases for something
| like this are very thin compared to what tools you _can_
| use out there instead, Django, Rails, Express, etc. All
| of which offer a much safer development experience.
| However, I still believe it will have a use case for
| some.
| sixtyj wrote:
| You are right. But I really think if you know C lang (all
| of Python or PHP people could be jealous :) - you can
| easily focus on something a little bit important/useful
| that will have impact on humanity.
|
| You have a great potential if you can "see code" and have
| logical thinking deep inside. Not too many people have
| it.
|
| Elon Musk said once that all those innovations are
| redeemed by the tremendous efforts of all the engineers.
| So I appreciate everyone who can do something.
| seanssel wrote:
| Oh please, get off the weird high horse. I find this
| comment to be "nonsense". What projects are you working
| on now, for mankind?
| sixtyj wrote:
| Why are we alive? To be useful. Not happy all the kind.
| Everyone wants to be useful.
|
| I am not doing anything special but I do inform our
| community ("mankind") for 25 years... And I feel useful
| because I am good at it.
|
| "Mankind" can be a group of other people.
|
| Edit: What people value the most? Compliments. So if you
| are useful and receive compliments, you will eventually
| be happy. But ofc you can be happy without being useful,
| for sure.
| chrsig wrote:
| to be useful to whom, exactly?
| sixtyj wrote:
| To other people, of course.
| jacquesm wrote:
| OP has done more to be useful to other people than you
| did in this particular thread. Ok, so what if it has been
| done many times before, this is his, it may not be
| perfect and it may not be immediately useful to you. But
| it increased his knowledge and he shipped, which is more
| than I can say for 95% of my own projects, so that's
| impressive by itself. He also opened himself up to
| criticism and takes it all in stride, which is another
| fairly scary but powerful thing to do.
|
| Fun fact: I've built something very much like this that
| powered a number of programs that I sold over the years
| and it was written when I wasn't nearly as good of a
| programmer as I am now (take off 30 years of additional
| experience). If I look at OP's code there are a whole
| raft of nitpicks but there isn't anything immediately and
| obviously wrong with it and just speaking for myself,
| that is surprising because most people's C code is - and
| I'm being generous here - absolutely terrible. This has
| potential, but I'd have to really dig in to see how solid
| it is and I don't have time for that right now, but I've
| seen _far_ worse code than this.
| kjs3 wrote:
| _I am not doing anything special_
|
| Least surprising thing you've said so far.
|
| _but I do inform our community_
|
| Inform them what? "You there, this project you've worked
| on, learned from, gotten joy from, been complimented on
| by your peers... _I_ , with my 25 years of peerless
| wisdom, find it useless and you should feel bad for doing
| it"?
|
| Sure...you're a real people person.
| kjs3 wrote:
| It doesn't sound 'harsh'. It sounds 'condescending',
| especially when paired with a completely insincere "I
| apologize...".
|
| _It is about that life is too short to do things that
| are almost nonsense._
|
| Jeez you must be a real joy to be around for the folks
| unfortunate enough to have to. /s
| sim7c00 wrote:
| love this sentiment. i cant really write in other
| languages. i try but always C ends up the choice :').
| slow going but happy going
| password54321 wrote:
| Why do web developers feel threatened that someone just
| built a web framework for fun?
| jermaustin1 wrote:
| As a web developer who's first paid web site was in 1998
| when I was 10-years-old, my favorite thing to do in my
| spare time is build web frameworks that I will never use.
|
| - I've done CSS frameworks that replicate most of
| bootstrap that I use.
|
| - I've made client-side reactive web-components (kind of)
| that almost replaced the parts of react that I like.
|
| - I've built bespoke HTTP servers countless times since
| the VB6 days.
|
| - And I've written my own MVC engines probably a half
| dozen times, just to learn a new language or library.
|
| All of that to say, it isn't web devs who are threatened,
| it is developers who don't want to learn the underlying
| technologies that power the libraries and frameworks they
| use.
|
| I actually see no fault in being that way. I've know tons
| of decent-to-good developers that have no desire to
| understand HTTP or Vanilla JavaScript, and they still do
| great work tying systems together. It's all about the
| kind of learner you are. Do you want depth, breadth, or a
| mixture of both (but always lacking in both - aka me).
| sixtyj wrote:
| That is what I wanted to say too... but I did it wrong
| way in previous comment.. oops
| jermaustin1 wrote:
| We all trip up on our words sometimes. To err is human.
| jermaustin1 wrote:
| An old boss of mine was an early developer for match.com,
| their entire web app was a monolithic C application, and,
| if I'm not mistaken, an ISCSI shared file-system based
| "database".
| sixtyj wrote:
| All big projects eventually have a specific background. I
| totally agree. Sometimes it works. Other times it doesn't
| work in long term and the cursed technology debt catches
| up with the company.
| Hackbraten wrote:
| This can be super useful for IoT or embedded devices with web
| interfaces but restricted resources.
| EGreg wrote:
| Take a look at
| https://www.reddit.com/r/programming/comments/225ovy/okws_ok...
|
| This was years ago (20 years ago?)
| gwbas1c wrote:
| I don't understand the example. Does it even compile?
|
| It's been a long time since I've used C, so maybe it's using some
| syntax that I'm unaware of?
|
| IE: What defines "home" that is referenced as an argument to the
| "appRoute" function, and then passed to the "get" function to set
| up the "/home" route? Is "home" defined in lavandula.h, or is
| this really pseudocode?
| diath wrote:
| It's a macro: #define appRoute(name)
| HttpResponse name(AppContext ctx)
| ashtonjamesd wrote:
| Hi, sorry maybe I should've added a comment for that.
|
| The 'appRoute' is a macro that expands to a function signature.
|
| The macro is: '#define appRoute(name) HttpResponse
| name(AppContext ctx)' and the parameter I passed as 'home' is
| expanded into the function name. The reason is because all
| controller function signatures are the same, so just writing
| 'appRoute' allows the developer to save time writing endpoints!
|
| It is a tradeoff between readability and development speed. And
| one of the ideas behind the framework is succint and minimal
| code.
| gwbas1c wrote:
| So it creates a function called "home", and that is what you
| pass to get?
|
| Makes sense, thanks!
| nodesocket wrote:
| Thanks for explaining. I was also a bit confused at a first
| where the home variable being passed into get() was coming
| from.
| hofrogs wrote:
| "appRoute(home)" is a macro that expands to a function called
| "home": #define appRoute(name) HttpResponse
| name(AppContext ctx)
| rnhmjoj wrote:
| If I can guess, I would say `appRoute` is a macro that defines
| a struct called `home` with that handler being assigned to some
| field as a function pointer.
| lubesGordi wrote:
| Well I don't know about others here, but I think its cool. If you
| can make the setup super readable and get the performance of C
| then why not? Especially now when you can get claude to write a
| bunch of the framework for you. Add in whatever you need whenever
| you need it and you automatically have a platform independent web
| framework that's no bigger than what you need and likely decently
| performant.
| maybewhenthesun wrote:
| Maintainer nightmare checklist:
|
| - Web framework : inherently hard to maintain due to
| communication over evolving standards. Check.
|
| - AI written code where nobody knows howwhatwhenwhy!? Check.
|
| - Written in C. Check.
|
| bwahahahaha!
|
| edit: semi-joking. As I actually _like_ the simplicity of pure
| C. But the combination of AI written,network-facing and C makes
| me shudder.
| ashtonjamesd wrote:
| Haha, I have used AI in some parts of it - mainly the JSON
| part because I could not wrap my head around it for the life
| of me. But I am proud that 90% is self written!
| jvanderbot wrote:
| That is excellent. Well done.
| jvanderbot wrote:
| I think the old HN ethos that I loved, on full display here,
| won't survive intact in the AI era. It'll have to change from
| "It is cool to try making <neat tool> in <non obvious
| language>". Such a project is now a prompt away, and there's
| light-years of distance between a carefully hand crafted
| version and something that is posted aspirationally by an AI.
|
| Every agent I know of or use will always say they built
| "Production ready, secure, fast package for X" if you ask
| them to build that, but they rarely actually will. It takes
| enormous time and effort to actually do that, and any first
| iteration of "production ready" is _definitely_ aspirational
| until it actually hits the real world and survives. I 'm
| speaking from experience, fwiw.
| p0w3n3d wrote:
| Great work! Thank you! That's what I've been looking for for a
| long time.
|
| Still probably I'm going to continue learning golang in most
| situations, because that's where the money is (i.e. job offers),
| but I will create a hobby project based on your framework.
|
| --- EDIT ---
|
| > 5 hours ago
|
| Ohh it's fresh. I almost smell the freshly baked buns with my
| mind
| ashtonjamesd wrote:
| That's amazing to hear and motivates me to solidify the
| framework further. I appreciate you showing interest! :)
|
| I'd love to hear about your project when you get round to it.
| fallingmeat wrote:
| wow that's a lot of HATE for a really well organized project with
| some great ideas. Killer job Ashton, you just built some skills
| they can't take away from you.
| ashtonjamesd wrote:
| Thank you, that means a lot! :)
| freetonik wrote:
| I hope you don't feel discouraged by some comments questioning
| the meaningfulness of this. It's a cool project, and you
| obviously put some thought into it. Congrats!
| freetonik wrote:
| In addition, OP clearly describes themselves as a "Fanatical C
| Developer", so that's enough justification in my book! :)
| Teknomadix wrote:
| Doing what you love is fully justified in 2025.
| ashtonjamesd wrote:
| No of course not, I understand where they are coming from in
| all honesty. Thank you that means a lot!
| dang wrote:
| Offtopic (sorry) but this thread is such a good example of the
| contrarian dynamic that I can't resist!
|
| The "contrarian dynamic" (https://hn.algolia.com/?dateRange=all
| &page=0&prefix=true&que...) is the tendency for reflexively
| negative comments to show up early with shallow/generic
| objections to a submission, followed by a later wave of
| comments objecting to the objections and defending the
| submission.
|
| The latter tend to get upvoted--rightly so, since they are more
| positive and usually more substantive. This puts the thread in
| the paradoxical-but-common state where the top comments are
| objecting to how prominent the bottom comments are! (Or,
| rather, were.) That's odd, but at least it's better than having
| the negative ones at the top.
|
| In this case, these 5 comments all appear higher in the thread:
|
| https://news.ycombinator.com/item?id=45528218
|
| https://news.ycombinator.com/item?id=45527967
|
| https://news.ycombinator.com/item?id=45527886
|
| https://news.ycombinator.com/item?id=45527879
|
| https://news.ycombinator.com/item?id=45527728
|
| ... than the negative(ish) ones that were posted earlier:
|
| https://news.ycombinator.com/item?id=45527887
|
| https://news.ycombinator.com/item?id=45527480
|
| https://news.ycombinator.com/item?id=45527387
|
| https://news.ycombinator.com/item?id=45527278
|
| https://news.ycombinator.com/item?id=45527259
|
| Some of those were only slightly negative and probably not
| meant that way, but yeah, the early impact of running into a
| bunch of these leads to a WTF feeling.
|
| Ultimately I think this has to do with the reflexive/reflective
| distinction: https://hn.algolia.com/?dateRange=all&page=0&prefi
| x=true&sor.... That's probably the clearest way of describing
| the difference between the kind of comments we want on this
| site vs. the kind we don't want.
| levkk wrote:
| That's awesome. With macros, you can go far and most modern web
| frameworks use whatever complex tools their language allows (like
| metaprogramming in Rails).
|
| Mad props for building this. It's hard and it's fun!
|
| As to other comments in the thread about the "why": why not. For
| the love of the craft.
| ashtonjamesd wrote:
| Thank you so much! I appreciate it :) And yes, totally agree.
| sroerick wrote:
| Hi, I think this is great. I've really enjoyed working with
| Jetzig, which is sort of similar.
|
| I also love the BSD C CGI Postgres stack. I'm just a CRUDmonkey
| with mostly python skills, so getting to explore low language and
| memory concepts is a lot of fun for me.
|
| People will whine and moan about how this is not practical, but
| as embedded devices become more ubiquitous I think a clear value
| add may actually emerge.
|
| I've been playing with the pico calc, and if I was building
| something as a "mobile app" for that I would much rather reach
| for C for my framework code.
|
| Cheers, great work
| faxmeyourcode wrote:
| This is some of the cleanest, modern looking, beautiful C code
| I've seen in a while. I know it's not the kernel, and there's
| probably good reasons for lots of #ifdef conditionals, random
| underscored types, etc in bigger projects, but this is actually a
| great learning piece to teach folks the beauty of C.
|
| I've also never seen tests written this way in C. Great work.
|
| C was the first programming language I learned when I was still
| in middle/high school, raising the family PC out of the grave by
| installing free software - which I learned was mostly built in C.
| I never had many options for coursework in compsci until I was in
| college, where we did data structures and algorithms in C++, so I
| had a leg up as I'd already understood pointers. :-)
|
| Happy to see C appreciated for what it is, a very clean and
| nice/simple language if you stay away from some of the nuts and
| bolts. Of course, the accessibility of the underlying nuts and
| bolts is one of the reasons for using C, so there's a balance.
| ashtonjamesd wrote:
| Wow! That really means a lot because I always make a lot of
| effort to make sure my code is just that :)
|
| Appreciate you saying that!
| jacquesm wrote:
| You've done a couple of things right: very few dependencies,
| simple, easy to understand code. C gets hairy when you try to
| be clever.
|
| I'm busy writing some of the most optimized-but-still-
| portable code that I've ever written and it is very
| interesting to see how even a slight difference in how you
| express something can cause a massive difference in execution
| speed (especially, obviously, in inner loops). Your code is
| clearly written from what your comfort zone with C is and I'm
| really impressed by the restraint on display. At the same
| time, some of the code feels a bit repetitive and would
| benefit from more universal mechanisms. But that would
| require more effort and I'm not even sure if that is
| productive. One part where I see this is in the argument
| parsing code as well as in the way you handle strings, it is
| all coded very explicitly, which substantially increases the
| chance of making a mistake.
|
| Another limitation is that using AI to help you write the
| code means you don't actually understand what it does, and
| this in turn may expose you to side effects that you are not
| able to eliminate because you did not consider them while
| writing, it is as if someone else gave you that code and
| asked you to trust them they did not make any mistakes.
| citizenpaul wrote:
| > I'd already understood pointers.
|
| Ok I hear this all the time. Are pointers really that hard for
| so many people to understand? I'm not trying to brag it took me
| I think like 15 minutes to grok them from learning about them
| the first time. I'm sure it took me longer to be proficient but
| I don't get this legendary difficulty aura that seems to
| surround their existance.
|
| Also yes nice project.
|
| Job app complete projected archived and abandoned in
| 3...2..1... :). I hope not.
| copperx wrote:
| The concept is straightforward. The syntax isn't. That's why
| cdecl.org exists.
| citizenpaul wrote:
| C gibberish to English gave me a chuckle thanks.
| assimpleaspossi wrote:
| Same here about pointers. Perhaps it's cause I started life
| as an electronic engineer and understood memory addressing
| from the chip level but I, too, don't understand the struggle
| others seem to have.
| citizenpaul wrote:
| I started in networking so there were a lot of memory/bit-
| logic/binary concepts piled on early maybe that is the
| case.
| noufalibrahim wrote:
| It's a rabbithole. Pointer to array of structures that have
| pointer fields. Array of pointers to structures etc. You pass
| them around and trip over the passing semantics,
| uninitialised pointers etc etc.
| citizenpaul wrote:
| Hmm. Perhaps I've just never encountered a hairy enough
| situation with them? That's what the eternal thought
| tracker notepad on my desk is for though. Maybe people are
| trying to do it all in their head? Pen and paper are too
| old school for the cool new 1000x devs?
|
| I still feel like this argument could be transferred to
| nearly any concept in CS though. Abstract enough anywhere
| and you will always start exceeding the brains working
| memory.
| jcelerier wrote:
| I don't think I would be comfortable saying I understand
| something if I'm not able to get it 100% clearly just
| from my thoughts and re-explain it to someone
| 6510 wrote:
| Everything is just numbers, then we pretend they are
| arrays, pointers, objects, classes, floats, websites,
| applications, certificates etc.. The imaginary array can
| really only contain numbers but we can pretend the
| numbers are other things, unicorns, rainbows, laser
| unicorns etc
|
| We are just pretending, there is nothing to understand?
| wkjagt wrote:
| I understood them on a superficial level when first learning
| about them, but it only really clicked after having done
| assembly.
| leptons wrote:
| I learned assembly language long before I learned C, so
| pointers took me about 2 seconds to understand. I suppose it
| may depend on previous experience.
| DanielHB wrote:
| > Are pointers really that hard for so many people to
| understand?
|
| Yes, anyone who has taken algorithms and data structures
| class in C knows that some people just don't get it.
|
| Also the way people teach it tends to be bad, before teaching
| pointers you need to teach Stack and Heap at a conceptual
| level.
| lelanthran wrote:
| > Are pointers really that hard for so many people to
| understand?
|
| Apparently they are; I believe it's the indirection that gets
| people.
|
| Most learners aren't really taught basics properly - they
| learn that a variable "contains" a value, when instead they
| should learn that all values have a type, and some variables
| hold values.
|
| > I'm not trying to brag it took me I think like 15 minutes
| to grok them from learning about them the first time.
|
| I can't remember not knowing pointers, so I can't really tell
| you how long it took for it to click, but I _do_ know that I
| had done a non-trivial amount of assembly before I used C, so
| maybe that helped /.
| ranger_danger wrote:
| I think it would help a lot if pointers were taught to
| people from the perspective of how they actually occupy
| memory, and what the value it stores in memory represents,
| and then how that value is an address that is followed when
| a pointer is "dereferenced", etc.
|
| It seems a lot of people assume that pointers don't
| actually consume any memory and then get confused trying to
| understand it that way.
| EvanAnderson wrote:
| Strong agreement.
|
| I came at C after doing 6502 and 8086 assembler. Pointers
| just made sense because working with indirect addressing
| and understanding how things were stored in memory
| already made sense.
| bionsystem wrote:
| The way a lot of teachers teach it is plain trash. I was
| raking terrible grades in OCaml and C before a student
| showed me what I needed to know in 15 minutes, and then I
| would kill it in the remaining exams. Same thing happened
| to my 68000 course. It didn't happen with every teacher
| but still, some people really need to get some better
| pedagogy.
| supportengineer wrote:
| Pointers make perfect sense.
|
| Now dependency injection, that's some magical bullshit
| right there.
| dingdingdang wrote:
| The legendary status is also enhanced by the absolute
| nightmare that pointers enable if used with indiscretion or
| high level proficiency - a triple pointer is a good example
| for me but there's many many more, and arguably worse,
| examples out there.
| faxmeyourcode wrote:
| Pointers in and of themselves are not difficult to learn on
| their own, but when you're learning them alongside your first
| programming language, it's just adds to the difficulty I
| think.
|
| I think a lot of noobs learning C struggle with pointers
| especially because there are no good error messages besides
| "segmentation fault" :D
| codegeek wrote:
| "Are pointers really that hard for so many people to
| understand?"
|
| The * vs & always gets me and not to mention if I ever have
| to deal with Pointer Math.
| TZubiri wrote:
| *pointer = what pointer points to &thing = address of thing
| bionsystem wrote:
| Think of it as types. All of the following are the same
| thing (declare p as an int* type). It's important for the
| end : int * p; int *p; int* p;
|
| Now remember that the type is a memory address. I'm sure it
| is semantically wrong for whatever reason somebody will
| explain but it helps to think about it. So you can do :
| int my_number = 6; int* p = &my_number;
|
| Both sides of the "=" are the same type (int* is an
| address, and &my_number is also an address, the one of
| my_number).
|
| Now p is a pointer (or an int* or an address), and *p is...
| an int ! So this is totally valid :
| printf("%d\n", *p)
|
| and for anything else than int you need to malloc that so
| you will see a lot of : my_struct* s =
| malloc(sizeof(my_struct);
|
| which makes sense because malloc returns an address (the
| beginning address of the content of s ; yet again somebody
| will tell me I'm wrong to call it "the content of s" so
| sorry for that). my_struct* // is the type
| of s, it is an address my_struct // is the type of *s
| (some custom type of size sizeof(my_struct))
| 1718627440 wrote:
| > int* p
|
| I don't like that syntax, because it confuses people. It
| might be sensible to think of the type as (int *), but C
| just doesn't work this way. You might never declare more
| that a single variable in a statement, but it still gives
| people the wrong intuition.
| jug wrote:
| The worst thing with C pointers was for me that the asterisk
| is inexplicably used both to declare a pointer and a
| COMPLETELY different operation of dereferencing a pointer.
|
| I still don't understand this decision. I think it should've
| been like int^ p = &i; ... or ... int i = *p;
|
| Everything clicked ironically when I went even deeper and
| studied assembly language. Then following pointers to data vs
| just reading pointers becomes very clear and explicit.
| capestart wrote:
| This looks cool
| jacquesm wrote:
| If you're going to use local allocation of short lived buffers
| then don't use malloc but use alloca. That's much cleaner.
|
| http.c around line 398, that looks wrong.
| gpm wrote:
| I've been told that modern compilers really don't like alloca,
| is that wrong?
| jacquesm wrote:
| I don't know who told you. But it's a lot slower than malloc,
| and requires you to do a bunch of bookkeeping, which is easy
| to mess up if you have multiple exits from your function.
| globalnode wrote:
| I like this, thanks for sharing. I recently did some work with a
| python web server using the basehttpserver and it was amazingly
| easy. Pythons even got built in tls support, would that be doable
| in your server? Its not that necessary with reverse proxies but
| its still nice for hobby projects.
| ashtonjamesd wrote:
| Yes, I'm sure that is something I can add to it.
|
| I will add it to the backlog of things to do :)
| coreyp_1 wrote:
| I'm wanting to do the same thing. I've also already written a
| language (in C) to generate HTML (a template language), so these
| two go hand-in-hand!
| kahlonel wrote:
| That's a great example of how to write C in 2025. Congrats and
| well done.
| codegeek wrote:
| People, stop trying to be so serious and nitpick this project.
| This is a great example of an actual HN worthy share. Someone
| built a cool project and explored the possibilities with C. This
| is not something we need to analyze with "oh can it replace PHP"
| etc.
|
| Good job OP. Now if you can add HTML templating, this may become
| a complete framework :)
| ashtonjamesd wrote:
| Thank you, I really appreciate you saying that!
|
| Yes it's on the backlog and will be fun to implement :)
| whatamidoingyo wrote:
| As someone learning C for fun, I agree. This project is
| awesome!
| hgs3 wrote:
| The code is very readable and well organized. My only _major_
| critique is that there 's very little error checking, e.g. there
| are many calls to snprintf and malloc without checking the
| result. There is also an unused loop here [1].
|
| As an aside, I don't see any support for parallelization. That's
| fine for an initial implementation, but web servers do benefit
| from threading off requests. If you go that route (pun intended)
| you might consider using something like libuv [2].
|
| [1]
| https://github.com/ashtonjamesd/lavandula/blob/51d86a284dc7d...
|
| [2] https://github.com/libuv/libuv
| ashtonjamesd wrote:
| Thank you for the feedback, it is appreciated!
|
| I did intend to implement parallelization as a later feature so
| it's good to bring it up.
| OutputRiff wrote:
| The repo looks fantastic! I'd love to see a demo and didn't seen
| one readily available in the readme.
|
| I had such a bad experience with GWT back in the Java days of my
| life that I've steered clear of any "server" language for web
| frameworks since. I'd love for that to change though. I
| definitely will be trying this out.
| defraudbah wrote:
| github is giving me 503, the project is too good for mS
|
| Thanks for sharing, this looks amazing
| dboon wrote:
| C is really, really ripe for tooling and modern libraries. There
| are a lot of great ones already that don't resemble what I'll
| call university C in the slightest (i.e. the C most of us
| remember writing; awful, bug filled, segfaulting)
|
| I've been building out my C standard library replacement in
| earnest for a little while. If you like this framework, check it
| out.
|
| https://github.com/tspader/sp
| elevation wrote:
| Nice work! I like the little test framework you built. Have you
| considered making runTest a macro so that you can print the name
| of the test along with the test result?
| ashtonjamesd wrote:
| That's a very good idea actually and I had wanted to do that
| but it didn't click that you could do that with a macro!
|
| Thank you, I'll will implement that :)
| elevation wrote:
| For the ultimate in readable test reports, you can prettify
| the test name by:
|
| * dropping the prefix "test_" * substituting the "_"
| characters in the function for whitespace * uppercasing the
| first letter of each word.
|
| So `test_tokenize_simple_model` becomes "Tokenize Simple
| Model".
| jcmontx wrote:
| I often forget how similar to Golang C looks and feels
| elevation wrote:
| I have considered porting a couple production apps from python to
| C; at this stage in their lifecycle they would benefit more from
| C's execution speed than from python's development speed.
|
| Your work is a nice reference, it is neat to see someone else
| working in this space!
| jimbokun wrote:
| Would Go be a happy middle ground?
|
| The translation should be much faster while giving a lot of the
| efficiency benefits of C (but by no means all).
| dariosalvi78 wrote:
| How compatible is this with embedded devices? How much does this
| depend on OS APIs?
| sim7c00 wrote:
| really nicely written. inrespect this is maybe known / unneeded
| comment, but why bother with basic auth at all, especially when
| there is no TLS?
|
| i understand other auth schemes are more complicated, and maybe
| theres no desire to pull in big libraries. just that if theres no
| TLS or proper auth, you can also just skip basic auth. its only
| use would be to trick someone who's not familiar (unlikely with
| such a repo but not impossible) into a false sense of security.
|
| ofc, not really an issue with the code, and its an excellent base
| to look into how this stuff works and if you want since its
| pretty clean and easy to ready, expand upon it. well done! love
| ppl churning out good ol C projects. respect!
| severino wrote:
| > why bother with basic auth at all, especially when there is
| no TLS?
|
| Maybe to have some "basic" auth for an embedded device web
| interface or something like that? I suppose it's better than
| nothing. I've devices which prompt for username and password
| with no TLS either.
| sweetjuly wrote:
| It's fairly common to use something like nginx as a forward
| proxy and do TLS there. IPv4 and NAT makes this essentially
| mandatory if you want to host multiple services due to eSNI.
| You wouldn't necessarily have protection inside the server
| network (which isn't great) but you at least get protection
| everywhere else.
| kjs3 wrote:
| Basic auth can keep the crawlers out, for one thing.
| orochimaaru wrote:
| This is very cool. I may take the same concepts you have and do
| this in rust and zig for fun and learning.
|
| Yeah, I know those languages have a the frameworks but nothing
| really beats understanding something like doing it ground up on
| your own.
| leptons wrote:
| Does it do HTTPS? I'd be interested to try it on ESP32 but it has
| to support HTTPS.
| krowek wrote:
| Curious, why did you decide to go with your own test helpers
| rather than using something like check?
| cyberax wrote:
| Uhh... This is an example why C is so bad for network-facing
| stuff:
|
| https://github.com/ashtonjamesd/lavandula/blob/2dbefe6da16bf... -
| is it intended?
|
| https://github.com/ashtonjamesd/lavandula/blob/2dbefe6da16bf... -
| pain....
| badsectoracula wrote:
| I get the first one but what is the issue with the second one?
| It looks like a fairly standard dynamic array with separate
| size and capacity.
| SvenL wrote:
| I like it. I was looking for something like this and I will take
| a look into it.
| ranger_danger wrote:
| which version of C does this conform to?
| Maksadbek wrote:
| Couldn't believe my eyes, this is the cleanest C code I've ever
| seen!!
| mistivia wrote:
| It's very dangerous to write a http parser from scratch in C.
| This can be very vulnerable without rigorous testing. To get a
| useful web framework for production in C, I think it's a better
| idea to start from libmicrohttpd, libevent_http, or even fastcgi,
| which are battle-tested.
| koito17 wrote:
| The README gets straight to the point and I really like that.
|
| Additionally, the .env file parser is quite clean.
|
| https://github.com/ashtonjamesd/lavandula/blob/main/src/dote...
|
| However, it doesn't seem that the parser supports comments. I
| guess a "good first issue" for anyone interested in contributing
| would be extending the `skipWhitespace` function to detect `#`
| tokens and skip the rest of the line when present.
|
| Would also need to handle edge cases like env vars having values
| containing `#` tokens inside (but these will be quoted, so it's
| probably not too tricky to handle.)
___________________________________________________________________
(page generated 2025-10-09 23:00 UTC)