To try everything Brilliant has to offer—free—for a full 30 days, visit https://brilliant.org/Travis...
Video Transcript:
in this video we're going to look at how C and C++ Advocates are coping with all this memory safe discussion and what these developers are doing to actually make C and C++ memory safe so we've covered this before on this channel but there's a big Push by the US government the cisa and the FBI in particular to move away from C and C++ to more memory save languages like rust in fact there's actually now a deadline in place not a strictly enforced deadline but a plan to have certain priorities in place by a certain time as we see here here on the cisa. gov website for existing products that are written in memory unsafe languages not having a published memory safety roadmap by January 1st 2026 is dangerous and significantly elevates risk to National Security National Economic Security and national public health and safety and their recommended action is here software manufacturers should build products in a manner that systematically prevents the introduction of memory safety vulnerabilities such as by using a memory safe language or Hardware capabilities that prevent memory safet vulnerabilities additionally software manufacturers should publish a memory safety road map by January 1st 2026 so this has caused a huge debate and lots of criticism from the c community and whenever I've mentioned this in the past I've gotten killed by the hardcore C and C++ crowds is if I'm saying you're bad programmers the language is bad or something silly like that I'm just stating the news here C and C+ plus are great languages at the same time rust is a great language also that offers great safety guarantee via its borrow Checker both can be true C is good rust is good and yes many underlying packages in memory save languages are written in C gotcha what's also true though is that Microsoft reported that around 70% of all vulnerabilities in their products addressed through security updates each year are memory safety issues Google found that approximately 70% of serious security bugs in the chromium project are memory safety problems Mozilla reported that out of 34 critical slh High bugs they analyzed 32 or 94% were memory related Google's Project zero team found that 67% of zero day vulnerabilities used in the wild were memory corruption vulnerabilities and we could go on and on so there is an issue with memory safety vulnerabilities that needs to be addressed buffer overflows use after free vulnerability stack and Heap exhaustion memory leaks no pointer D references dangling pointers things like this but many C and C++ developers do not want to have to learn rust and many think that rust sucks it's point L it's not completely safe and it's not without its flaws it's difficult and to redo code bases in Rust is a pain they love C and they want to continue using it not have to learn a new language and I get it rust is different and really aside from the memory safety doesn't offer A major advantage over what they're used to and familiar with therefore some are beginning to discuss or even Implement how to bring memory safety into these C languages instead of having to leave them they want to add memory safety to them and today I want to look at three solutions that are either out now or are in the works to bring memory safety to C or C++ let's take a look so the first of these is called the safe C++ project while many C++ developers can acknowledge the memory safety issues they also argue that trying to move everything away from C++ is a Monumental task it's unrealistic so instead of trying to do that why not try and extend C++ for safety to create a super set of C++ that exhibits the same strong safety guarantee as code written in Rust in fact much of what is being proposed seems to be taken from rust Concepts key features of the safe C++ proposal includes a new safe context where only a rigorously safe subset of C++ is allowed borrow checking to prevent use after free bugs initialization analysis for type safety pattern matching Choice types and borrowing thread safety features similar to rust's send and sync type traits explicit mutation for references in a model for object relocation and the goal is to do all this while maintaining performance and zero cost abstractions and it's more than just best practices is actually a new technology for ensuring memory safety including compile time intelligence this is a work in progress and nowhere near being implemented or even having a clear design yet but you can read the detailed proposal in a day I'll put a link to that below now the second solution is actually already out and ready to use but before we look at that let's hear really quickly from today's sponsor brilliant an app that can help you master the underlying fundamentals of software development and even has Hands-On exercises to refresh you on what we're talking about today how computer memory Works overall brilliant. org is a great way to learn Math logic and computer science interactively brilliant's fun practical and has thousands of lessons from computer science and programming algorithms python data logic and other tools to help you level up your skills and it's built for busy people like me and you like I said you can Master big Concepts in as little as 15 minutes a day and it's a much better use of your time than mindless scrolling maybe you want to dive deeper into large language models neural networks big data or just learning the basics of python building programs on day one with their built-in drag and drop editor today I did a section on how computer memory works from how signals are stored and carried Along by wires I learned about switches capacitors and how these are used to create memory cells brilliant helps you build your critical thinking skills through problem solving not memorizing so while you're building real knowledge on spefic specific topics you'll also in the process become a better thinker overall to try everything brilliant has to offer for free for a full 30 days visit brilliant.
org Travis Media or click the link in the description you'll also get 20% off an annual premium subscription now back to the video okay like I said air second solution is already out and ready to use and it's called Phil C Phil C this was created by a Philip pizlo senior director of language engineering at epic games he's created his own memory safe flavor of C he says it aims for 100% compatibility with c and C++ just compile your stuff with my compiler and you'll get memory safety the C and C++ programming languages are wonderful there's a ton of amazing code written in both of them but C and C++ are unsafe languages simple logic errors may result in an attacker controlling where a pointer points and what is written into it which leads to an easy path to exploitation lots of other languages rust Java even JavaScript don't have this problem but I love C and I love C++ almost as much I grew up on them it's such a joy for me to use both of them therefore in my spare time I decided to make my own memory safe C and C++ this is a personal project and an expression of my love for C he goes on to say there's no escape hatch like you get with rust in being able to use unsafe whenever you want you can't even link to unsafe libraries most programs will run and compile with zero changes needed now some caveats it only works on Linux currently and it's about 1. 5 to 5 times slower than Legacy C but the speed is being further addressed as we speak and the aim is to get it to 1.