Safer C++
Alex Gaynor advocates transitioning from C/C++ to memory-safe languages in security-critical contexts, proposing improvements in C++ safety while acknowledging challenges and recommending a dual strategy for enhancement and migration.
Read original article
Alex Gaynor advocates for transitioning from memory-unsafe languages like C and C++ to memory-safe alternatives in security-critical contexts. He acknowledges the challenges of migrating extensive C++ codebases but emphasizes the importance of improving C++ safety in the interim. Gaynor outlines potential enhancements, focusing on spatial safety, which could be significantly improved by implementing bounds checking on standard template library (STL) containers and adopting features like Apple's proposed -fbounds-safety for raw pointers. He also discusses addressing vulnerabilities related to uninitialized memory and temporal safety, particularly use-after-free issues, through better ownership models and smart pointers. However, he notes that while some improvements are feasible, achieving the same level of safety as languages like Rust or Swift remains elusive. Additionally, he highlights the lack of proposals for addressing data races in C++. Gaynor concludes that while substantial safety improvements are possible, a balance must be struck between the effort required to adopt new proposals and the safety benefits they provide. He suggests that engineering and security teams should consider a dual approach: investing in making C++ safer while also planning for migration to safer languages.
- Advocates for migrating from C/C++ to memory-safe languages in security contexts.
- Proposes improvements in C++ safety, particularly through bounds checking and ownership models.
- Highlights challenges in achieving safety levels comparable to Rust or Swift.
- Notes the absence of proposals addressing data races in C++.
- Recommends a dual strategy of enhancing C++ safety and planning for migration to safer languages.
Related
Malloc() and free() are a bad API (2022)
The post delves into malloc() and free() limitations in C, proposing a new interface with allocate(), deallocate(), and try_expand(). It discusses C++ improvements and emphasizes the significance of a robust API.
New Features in C++26
The ISO released new C++ standards on a three-year cycle, with C++26 proposals open until January 2025. Updates include hazard pointers, user-space RCU support, debugging headers, and template enhancements for improved functionality.
Investing in Rust
Investing in Rust programming language can enhance cybersecurity by preventing memory-related vulnerabilities. Challenges in adoption include integration issues and skill set mismatches, suggesting U.S. policy interventions for promotion.
Safer code in C++ with lifetime bounds
Daniel Lemire's blog emphasizes using lifetime bounds in C++ to improve code safety and performance, highlighting the role of std::string_view in avoiding unnecessary copies and preventing dangling references.
Safer C++
Alex Gaynor advocates transitioning from C/C++ to memory-safe languages in security-critical contexts, proposing improvements in C++ safety through bounds checking, smart pointers, and a dual strategy for teams.
1 commentsRelated
Malloc() and free() are a bad API (2022)
The post delves into malloc() and free() limitations in C, proposing a new interface with allocate(), deallocate(), and try_expand(). It discusses C++ improvements and emphasizes the significance of a robust API.
New Features in C++26
The ISO released new C++ standards on a three-year cycle, with C++26 proposals open until January 2025. Updates include hazard pointers, user-space RCU support, debugging headers, and template enhancements for improved functionality.
Investing in Rust
Investing in Rust programming language can enhance cybersecurity by preventing memory-related vulnerabilities. Challenges in adoption include integration issues and skill set mismatches, suggesting U.S. policy interventions for promotion.
Safer code in C++ with lifetime bounds
Daniel Lemire's blog emphasizes using lifetime bounds in C++ to improve code safety and performance, highlighting the role of std::string_view in avoiding unnecessary copies and preventing dangling references.
Safer C++
Alex Gaynor advocates transitioning from C/C++ to memory-safe languages in security-critical contexts, proposing improvements in C++ safety through bounds checking, smart pointers, and a dual strategy for teams.