2

I am making windows application which purpouse is to inform me on my connection downtimes and log them for later use/reporting. For now i use batch script to achieve the same goal and thought about incorporating it into the project but as i was investigating the subject i came across multiple advices that i should not ever use system within any of my C++ programs. Most of the time the reason is that 'it is os specific' and 'resource demanding' i got the idea, but i am wondering: why is it bad that i use system if my intent is to make app solely for Windows OS, especially if it will be lightweight program that will work in the background?

EDIT: I guess it needs clarification, so more sources:

  • system() in C/C++:

    1. It’s a very expensive and resource heavy function call
    2. It’s not portable: Using system() makes the program very non-portable i.e. this works only on systems that have the pause command at the system level, like DOS or Windows. But not Linux, MAC OSX and most others.

  • I strongly disagree with using the system function (too long to quote here)

  • Are system() calls evil?

    1. system() is less flexible. (Fine with me)
      1. It offers no control of the command being executed. (Fine with me, I just need a return value from the script)
      2. It is not quite platform independent. (Now, this would be a concern. I would really love to see an example where it behaves differently on different platforms)
      3. It is a security concern. (Again, this would be an issue. Can someone provide an example of a potential security problem with system()? )

Some of those arguments are irrelevant for my project for now so i do not mind them in this particular case, but combining all of those concerns i've read seem to indicate that one should avoid using system() calls at all costs. So i figured out i should use another method (which i found a bunch of) but all of them seem a bit too complicated for me for now at least (i.e.: this instead of just attaching my already funcioning whole script which is about half of that length(25 lines))

Melebius
  • 6,183
  • 4
  • 39
  • 52
Marcin
  • 99
  • 1
  • 1
  • 7
  • 1
    Never trust advice telling you to "never do something" – el.pescado - нет войне Jun 20 '17 at 09:40
  • 'Multiple advices' such as what? From where? Source? Citation? What are we being invited to comment on here. – user207421 Jun 20 '17 at 09:46
  • The link in your question seems to answer your question. – nefas Jun 20 '17 at 09:56
  • 1
    The link in question *totally* misses the point, IMHO. – el.pescado - нет войне Jun 20 '17 at 09:58
  • 2
    The link in your question is just arbitrary Internet junk, not a normative reference. It has no more status than anything else on the Internet. *Of course* `system()` is OS-specific, and *arguably* executing a command shell to execute the command is 'resource demanding', but if your 'intent is to make app solely for Windows OS, especially if it will be lightweight program that will work in the background', you have already answered your own question. – user207421 Jun 20 '17 at 10:02
  • 5
    If it only has to work on Windows you probably can use `CreateProcess` (or `ShellExecuteEx`) and have more control over the executed process than with `system` (visible or not, use cmd.exe or not, how much resources are spent, ...) – Uli Gerhardt Jun 20 '17 at 10:06
  • 1
    Programs need to fail gracefully. They need to stop running when something that was supposed to happen did not happen, with a decent error message so that the user knows what to do to fix the problem. That is in general pretty hard to do with system(). If the user can't see the output or you can't do anything but display a "it did not work" message then you shouldn't use it. – Hans Passant Jun 20 '17 at 10:08
  • 1
    Regarding controlling how cmd.exe gets spawned, one problem for a GUI app is that `system` flashes console windows that distract or annoy the user. A workaround is to first attach to a console without a window or with a hidden window. You can do this via `AllocConsole` (hidden window only) or `AttachConsole` (no window or hidden window). The latter is more difficult (e.g. create a console process, attach to its console, kill the process), but it guarantees that no console window ever flashes on screen. – Eryk Sun Jun 20 '17 at 14:06
  • Yes system(); is a security concern, check this website out, they have a simple experiment to see how insecure system(); is: http://www.cplusplus.com/articles/j3wTURfi/ –  Dec 30 '19 at 07:26

1 Answers1

2

Why is system considered a bad practice:

  • You don't have control over the command (is it started in a shell, ...)
  • There are security issue (aliasing issue mostly)
  • it's not portable
  • system do not allow you to do advanced error management and output/input management (for example you can't save the output of the command in a variable)

But if you don't care about those issues, you can use system. There is little to no absolute rules(*) in computer science. Sometime things considered as bad practice (like system) can be good enough, as long as you know why the practice is bad and take time to think about why you use the bad practice (instead of using the good practice).

So if you don't care about the argument to why system is bad, use it but remember why it's a bad practice.

EDIT:

(*) rule like you don't use system, or don't use raw pointer... Those rule should be followed unless you have a good reason not to.

nefas
  • 1,120
  • 7
  • 16