C and C++ Safety talks, 2022 and 2023

If you’re in the C++ community, you’re presumably aware of all of the recent attention given to ‘safe’ versus ‘unsafe’ code, ‘safe’ versus ‘unsafe’ programming languages, memory safety in general, type safety in general, etc.

This attention is not actually recent. We’ve had IEC 61508 and all of its descendants for a long time. DO-178B is more than 30 years old. The first MISRA C standard was published in 1998.

What is recent is the attention from a broader audience, to include those who are not practitioners. Some of this attention came from the NSA’s publication of https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF in November 2022 and the subsequent press coverage. To the untrained reader, some of the press simply reads as “C and C++ are unsafe languages, don’t use them.”. What was actually said was “NSA recommends using a memory safe language when possible.”

In January of 2023, we saw “Future of Memory Safety” from Consumer Reports. Followed by the National Cybersecurity Strategy in March of 2023. And before we had the reports in the U.S., we had the Cyber Resilience Act in the E.U. (fall of 2022).

“C and C++ are unsafe languages” is a verifiably true statement. Undefined behavior abounds, and by definition, a language with undefined behavior is an unsafe language.

int  a = 0;
int *b = &a;
*b++ = 1;
*b++ = 2;

OK, so it’s a contrived example. But it makes the point; C and C++ are memory unsafe.

This isn’t a simple topic. I started writing C code sometime in the 1980’s. I started using C++ in the mid 1990’s, and have used it heavily since that time. Which is to say that I’ve written a lot of code in unsafe languages. Not because I’m a masochist or a rebel, but because they’ve been the most effective system programming languages at my disposal. Our general purpose operating system universe has been built on C.

The good news, if you need to brush up: there have been numerous conference talks in the last 2 years about C++ safety. Some I can recommend…

Software is a young field filled with young people. Us old people are still around, but as Robert Martin (‘Uncle Bob’) has noted many times, the percentage of practitioners with 5 or fewer years of experience is very large because the growth has been rapid. Meanwhile there are all the surprising and unintuitive behaviors of our primary system programming languages that take time to internalize. Just go look up the probability of an overflow of the multiplication of two integers in C, and ask your coworker what he or she thinks it is. Then proceed to lose sleep thinking about the lines of code in your projects that might trip integer overflow or other undefined behavior. How good is your static analyzer? How much code was changed between the time you reviewed and approved the suppression of a MISRA violation and today?

Even if you’re a relatively new C or C++ programmer, watch the talks above. And here’s a recent link that might be helpful to those new to C.

Leave a Reply