Stroustrup responded to the call of the US White House to switch to memory-safe languages

Stroustrup responded to the call of the US White House to switch to memory-safe languages

February 26, 2024, the White House of the United States

released

a call to switch to memory-safe programming languages. Bjorn Straustrup, the author of the C++ language, in a commentary for the InfoWorld edition

answered

to criticism of his creation.

Part of the software errors are related to the security of access to RAM. Some programming languages ​​make it difficult to introduce memory usage bugs. Because such bugs are often vulnerable, these programming languages ​​are even considered generally safer.

In contrast, assembly language and low-abstraction languages ​​like C and C++ support arbitrary pointer arithmetic with real memory addresses without automatic bounds checking, allowing for an easy “shot in the foot”. Historically, low-level components of computer systems are written in such languages: microcontroller firmware, operating systems, critical and highly loaded applications.

In the software industry in recent years there has been a call to move towards memory-safe languages. The most prominent such project, the Internet Security Research Group’s Prossimo charity, maintains a blog at memorysafety.org and helps initiatives to introduce memory-safe languages ​​into key components of the Internet’s infrastructure. Such languages ​​not only appear in the kernel of Linux and Firefox, they try to rewrite some important utilities from scratch.

A typical example of this kind of effort by Prossimo is as follows: development teams from Ferrous Systems and Tweede Golf, funded by Amazon Web Services, are trying to write sudo-rs, the equivalent of sudo and su in Rust. By the way, the memorysafety.org blog recently shared a story about how sudo-rs gets rid of sudo dependencies.

The industry’s efforts are being applauded at an increasingly high level. In November 2022, the US National Security Agency called for a switch to languages ​​with memory access security. Recently, on February 26, a similar statement was made by the Office of the National Director for Cyber ​​Security of the US White House.


About 70% of the vulnerabilities that Microsoft adds to the CVE catalog are related to memory. Microsoft Security Response Center

C problems are known. An oft-quoted Google statistic from 2020 is that 70% of serious security bugs in Chromium are memory-related. Microsoft gave the same number in 2019.

The language community does not ignore this topic either. If you look at the archive of CppCon speeches, every year at the conference, several talks at once talk about security. For example, in 2023 there were eight different reports with the word “safe” or its derivatives in the title: 1, 2, 3, 4, 5, 6, 7, 8. In the first and last case from the list, the author himself spoke about safety C++ programming language Bjorn Stroustrup.

Delivering Safe C++, Bjorn Stroustrup, CppCon 2023

Stroustrup did not ignore the statements of US government bodies. Following NSA’s 2022 call, Byrne published a two-page article a month later. In it, he complained that C and C++ were lumped together again, completely ignoring over 30 years of development. Stroustrup recalled how he had worked for decades to make the language safer. Finally, he questioned the very understanding of security: critics focus on memory security, leaving out the many other places where it can be punctured.

In the same way, Stroustrup reacted to the recent call of the administration of the President of the United States. This time, his words were reported by InfoWorld. In a March 15 request for comment, Stroustrup told InfoWorld: “I find it surprising that the authors of these government documents seem to be unaware of the strengths of modern C++ and the efforts to provide strong security guarantees. On the other hand, they understand that a programming language is only one part of a toolkit, so it’s important to improve development tools and processes.”

Strastrup’s reasoning is otherwise similar to that used earlier in the response to the NSA’s appeals in 2022:

  • C++ is not C. Byrne reminded us that improving security has been C++’s mission from day one and throughout the evolution of the language: “Just try comparing Z from the Kernighan and Ritchie era to the earliest C++ and early C++ to modern C++.”
  • C++ has come a long way since 1979. “This evolution is summarized in my 2023 talk at CppCon,” Straustrup noted. He reminded that quality code in C++ is written using the concept of RAII (Resource Acquisition Is Initialization), containers and smart pointers, and not, as Bjorn put it, “the traditional mish-mash of C pointers.”
  • The understanding of security is not always correct. As Stroustrup laments, out of the billions of lines of C++ code, only a small fraction fully follow modern security guidelines, and the community has different judgments about which aspects of security are important. Bjorn says he and the C++ standardization committee are trying to combat this.

Stroustrup mentions the framework

Profiles

, which is designed to improve guarantees that will eliminate most scope errors relatively quickly and help introduce guarantees for code-heavy projects through local static analysis and minimal runtime checks. Also, the author of C++ recommends looking at

page WG21

on the website of the committee and familiarize yourself with the documents.

According to Stroustrup, his long-term goal for C++ was to make the language type- and resource-safe where and when it is needed. Perhaps advancing memory access security — a subset of the safeguards Bjorn is promoting — will help his efforts, Stroustrup believes.

Related posts