Categories
Announcement C++ Secure Coding

CppCast Episode

Episode 339 of CppCast is live! Hear me talk with Rob Irving @robwirving and Jason Turner @lefticus about secure coding and integers! Listen Now! https://cppcast.com/secure-coding-integers/…

Categories
C WG14

Identifier Syntax Fixes

WG14 N 2836 Identifier Syntax using Unicode Standard Annex 31 was recently adopted into C23 by the C Standards Committee.

The adoption of this this paper solved some problems with C identifiers and helped maintain compatibility with C++ and other languages that had already adopted UAX 31. Unfortunately, we also introduced some new problems which are now addressed by the draft paper attached below. Please have a look and let me know what you think.

Categories
C Secure Coding WG14

Clarifying integer terms

I was recently horrified to learn that there is no real consensus about what the terms “overflow” and “wraparound” mean in the C Standard, in particular, if unsigned integers were capable of overflow. I wrote the attached paper to clarify the use of these terms. Please let me know if you have any comments, as I need to submit this paper soon.

Categories
C Secure Coding WG14

Volatile C++ Compatibility

I’m looking for feedback for the following proposal to the C Standards committee to maintain compatibility with C++ with respect to the deprecation of certain uses of volatile. Leave your comments/questions in the comments or email me. Thanks!

Categories
Uncategorized

Defer Mechanism for C: The Movie

I’ve recorded a video presentation for a short talk on the Defer Mechanism for C that I’m giving at The 36th ACM/SIGAPP Symposium On Applied Computing https://www.sigapp.org/sac/sac2021/ this week.
The video can be viewed here:

Defer Mechanism for C

Here is the PDF for the slides:

Categories
Announcement C Effective C Book

Effective C is Now Available

The Print Book and Ebook are now available from:

And other fine establishments.

Categories
Announcement C Secure Coding WG14

Adding a Defer Mechanism to C

I’ve been collaborating with several members of the C Standards Committee and other experts to propose a defer mechanism for C2x. Our initial proposal (which can be downloaded below) presents five design questions that will influence the final proposal. Let me know if you have any opinions below or on Twitter (follow me @RCS).

Categories
Optimization Secure Coding Video

Video Killed the Radio Star

I’ve made a few videos over the years. Here are the ones where I kept my clothes on:

REcon 2016 – Dangerous Optimizations and the Loss of Causality
The Secure Developer – Ep. #35, Secure Coding in C/C++
Professional C Programming: Integer Types

And here is what I looked like back in the 1980s talking about the Serpent User Interface Management System (UIMS) developed at Carnegie Mellon University’s Software Engineering Institute and programmed in K&R C.

An Introduction to Serpent: A User Interface Management System (1989)
Categories
Announcement

Effective C

I’ve set up this website to publish updates and additional material for the Effective C: An Introduction to Professional C Programming. I started writing this book in March 2019 while working at NCC Group as a Technical Director and serving as an expert in the C Standards Committee (ISO/IEC   JTC1/SC22/WG14).

My goal in writing this book was to develop an introductory text for developers who want to learn C programming. This book was written to be as accessible as possible to anyone who wants to learn C programming, but it was also written to be accurate. I didn’t want to provide over simplified explanations and examples that would result in your code being substandard. So this book teaches you how to write clean, correct, maintainable code.

I also wanted the book to be a reasonable length, so that you could bring it with you on an airplane without having to check a bag. The hardest thing in writing this book was in determining what to leave out. That’s the main reason for this website–to publish blog posts on topics that couldn’t fit or links to NCC Group research or blog such as this recent blog on Improving Software Security through C Language Standards. I’ll also try to draw your attention to interesting proposals submitted to the C Standards Committee for possible standardization including some recent proposals I submitted:

  • N 2465 2020/02/10 intmax_t, a way forward
  • N 2464 2019/12/01 Seacord, Zero-size Reallocations are Undefined Behavior

As well as some other interesting proposals written by others:

  • N 2466 2020/02/09 Svoboda, Towards Integer Safety
  • N 2477 2020/02/04 Alepins, Const functions

Hopefully you’ll enjoy the book and check back here for updates and additional resources as you continue to grow your understanding of C Language Programming.