No video :(

Keynote: Safety and Security: The Future of C and C++ - Robert Seacord. - NDC TechTown 2023

Подписаться 196 тыс.

Просмотров 3 тыс.

50% 1

This talk was recorded at NDC Techtown in Kongsberg, Norway. #ndctechtown #ndcconferences #cplusplus #security #softwaredeveloper
Attend the next NDC conference near you:
ndcconferences...
ndctechtown.com/
Subscribe to our RU-vid channel and learn every day:
/‪@NDC‬
Safety and security are viewed as an existential threat by the C++ community and "business as usual" by the C community.
This keynote discussed the requirements for developing C and C++ software for safety-critical and security-critical software, approaches to meeting these requirements, and the future of C and C++ in these domains.

Опубликовано:

27 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 19

@christiangalvan2519 Месяц назад

Great talk Robert!! There’s a lot of wisdom and insight to learn from someone who’s been doing this for 20 years and is looking to solve underlying challenges.

@tiagocerqueira9459 4 месяца назад

The community mentality resonated a lot with my experience with coworkers, I don't blame them that's how they were taught. But this talk is surely something I can show them.

@964tractorboy 9 месяцев назад

A superb talk. I wish I could have attended. It must be hard work if presenting to a lack-lustre, unresponsive audience. Robert made so many excellent points. Thanks!

@RobertSeacordC 9 месяцев назад

The audience was good. Lot's of familiar faces there. You can't hear them in the recording because of production choices. But definitely join us next time!

@964tractorboy 6 месяцев назад

@@RobertSeacordC My mistake, for which I apologise. I'm relieved!

@Heater-v1.0.0 8 месяцев назад

I sympathise with the conclusion of this talk. I think C is just fine, it's a small, simple, performant language that has fulfilled its reason for being very well, that being enabling Unix to escape from assembler into a portable language. C can continue to fill such roles. C should stay simple, such that, say, one man can write a C compiler in a reasonable time frame. I'm sure there are some aspects of undefined behaviours that can be tightened up a bit though. Meanwhile C++ is an out of control, giant monster forever gaining more ugly and unwieldy warts (features). There is no hope of ever making it a "safe" language in which to write robust , reliable, software. As language at a much higher level than C we have many better alternatives today.

@doBobro 8 месяцев назад

C was simple a long time ago. UB handling in modern compilers makes it simply unbearable.

@Heater-v1.0.0 8 месяцев назад

@@doBobro I know what you mean. Although C is still a simple enough language that one man can write a compiler for it in a reasonable time. All those UB's are annoying but my recollection that they always were. Maybe many people did not notice but I often had to move C code from architecture to architecture, compiler to compiler, and all kind of surprises would crop up in the process. All because of this UB's and implementation defined features. Still, now we have Rust and life is much better. If it compiles it almost certainly runs and quite often correctly first time. There is no going back to C or C++ for me. I regard use of those in safety critical, high reliability and/or secure systems as professional negligence now that far better alternatives, like Rust, exist.

@bmazi 9 месяцев назад

12:10 This might be UB even without overflow. The result of adding an integer to a pointer must point to an element from the same array or at most one element past it. And if it's, let's say, two elements past the end of the array, it's UB already even without overflow.

@RobertSeacordC 9 месяцев назад

yes it is UB without overflow, but the overflow part makes it pretty easy for the compiler to detect it.

@afnman83 8 месяцев назад

Why it's UB? I mean, it's just an evaluation of an expression. in that particular example, there is no de-reference or any kind of change of the state. The only UB can occurs is overflow.

@doBobro 8 месяцев назад

@@afnman83 by standard you can have pointer to last array element + 1 only.

@Heater-v1.0.0 8 месяцев назад

So what happened? Back in the 1980s/90s we had the Ada langauge for those that wanted to created robust, reliable software. Then everyone decided to drop it in favour of the extremely error prone C and C++. I think it would be very good to get back to those expectations of quality that we had in the Ada days and the ALGOL days before that. To that end we have the likes of Rust tackling the problem.

@gregthemadmonk День назад

31:40 :)

@deadbeefmonster 9 месяцев назад

Awesome talk! Thanks for sharing, always enjoy hearing Robert talk. Hope to meet IRL someday.

@RobertSeacordC 4 месяца назад

Come this year! I'll be back.

@raymundhofmann7661 Месяц назад

Is this pointer + size integer overflow actually relevant on any OS today with 64 bit esp. when the processor only uses 48 Bit of the address? Was it even relevant on 32 Bit OS's? And then still a overflow into the "good" area could happen giving potentially a logic error. Do buffer overflows still have a relevant impact in current software quality? Isn't the obsession with ultimate "safety" on a isolated aspect leading to the ignorance of the whole picture and other, more pragmatic safety issues?

@doBobro 8 месяцев назад

IMHO conclusion is too optimistic. C could become obscure legacy language quite fast like COBOL because nobody wants to program in it. There are a plenty of more DX friendly options now.