Keynote: Safety and Security: The Future of C and C++ - Robert Seacord. - NDC TechTown 2023
Vložit
- čas přidán 28. 11. 2023
- This talk was recorded at NDC Techtown in Kongsberg, Norway. #ndctechtown #ndcconferences #cplusplus #security #softwaredeveloper
Attend the next NDC conference near you:
ndcconferences.com
ndctechtown.com/
Subscribe to our CZcams channel and learn every day:
/@NDC
Safety and security are viewed as an existential threat by the C++ community and "business as usual" by the C community.
This keynote discussed the requirements for developing C and C++ software for safety-critical and security-critical software, approaches to meeting these requirements, and the future of C and C++ in these domains. - Věda a technologie
The community mentality resonated a lot with my experience with coworkers, I don't blame them that's how they were taught. But this talk is surely something I can show them.
A superb talk. I wish I could have attended. It must be hard work if presenting to a lack-lustre, unresponsive audience. Robert made so many excellent points. Thanks!
The audience was good. Lot's of familiar faces there. You can't hear them in the recording because of production choices. But definitely join us next time!
@@RobertSeacordC My mistake, for which I apologise. I'm relieved!
12:10 This might be UB even without overflow. The result of adding an integer to a pointer must point to an element from the same array or at most one element past it. And if it's, let's say, two elements past the end of the array, it's UB already even without overflow.
yes it is UB without overflow, but the overflow part makes it pretty easy for the compiler to detect it.
Why it's UB? I mean, it's just an evaluation of an expression. in that particular example, there is no de-reference or any kind of change of the state. The only UB can occurs is overflow.
@@afnman83 by standard you can have pointer to last array element + 1 only.
So what happened? Back in the 1980s/90s we had the Ada langauge for those that wanted to created robust, reliable software. Then everyone decided to drop it in favour of the extremely error prone C and C++. I think it would be very good to get back to those expectations of quality that we had in the Ada days and the ALGOL days before that. To that end we have the likes of Rust tackling the problem.
I sympathise with the conclusion of this talk. I think C is just fine, it's a small, simple, performant language that has fulfilled its reason for being very well, that being enabling Unix to escape from assembler into a portable language. C can continue to fill such roles. C should stay simple, such that, say, one man can write a C compiler in a reasonable time frame. I'm sure there are some aspects of undefined behaviours that can be tightened up a bit though.
Meanwhile C++ is an out of control, giant monster forever gaining more ugly and unwieldy warts (features). There is no hope of ever making it a "safe" language in which to write robust , reliable, software. As language at a much higher level than C we have many better alternatives today.
C was simple a long time ago. UB handling in modern compilers makes it simply unbearable.
@@doBobro I know what you mean. Although C is still a simple enough language that one man can write a compiler for it in a reasonable time. All those UB's are annoying but my recollection that they always were. Maybe many people did not notice but I often had to move C code from architecture to architecture, compiler to compiler, and all kind of surprises would crop up in the process. All because of this UB's and implementation defined features.
Still, now we have Rust and life is much better. If it compiles it almost certainly runs and quite often correctly first time. There is no going back to C or C++ for me. I regard use of those in safety critical, high reliability and/or secure systems as professional negligence now that far better alternatives, like Rust, exist.
Awesome talk! Thanks for sharing, always enjoy hearing Robert talk. Hope to meet IRL someday.
Come this year! I'll be back.
IMHO conclusion is too optimistic. C could become obscure legacy language quite fast like COBOL because nobody wants to program in it. There are a plenty of more DX friendly options now.
If only C had +% operator