www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Chrome: 70% of all security related bugs are memory issues

reply aberba <karabutaworld gmail.com> writes:
Yeah, 
https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
May 23
next sibling parent reply welkam <wwwelkam gmail.com> writes:
On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Thats the reason why mozila invented Rust programming language.
May 23
parent Walter Bright <newshound2 digitalmars.com> writes:
On 5/23/2020 10:41 AM, welkam wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-m
mory-safety-issues/ 
Thats the reason why mozila invented Rust programming language.
Which is why D has invented live functions.
May 24
prev sibling parent reply Adam D. Ruppe <destructionator gmail.com> writes:
On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
May 23
next sibling parent aberba <karabutaworld gmail.com> writes:
On Saturday, 23 May 2020 at 18:33:31 UTC, Adam D. Ruppe wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
D is currently, as I understand it, merging the good parts of rust with everything great about D. Makes it compelling...as long these goodies become well know.
May 24
prev sibling next sibling parent reply "H. S. Teoh" <hsteoh quickfur.ath.cx> writes:
On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via Digitalmars-d wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... T -- No! I'm not in denial!
May 24
next sibling parent dangbinghoo <dangbinghoo gmail.com> writes:
On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:
 On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via 
 Digitalmars-d wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... T
no, C,C++ will exist if general D can not be used for MCU, rust is trying to do these things, but it seems even rust is too heavy(both the syntax and footprint).
May 24
prev sibling parent reply Paulo Pinto <pjmlp progtools.org> writes:
On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:
 On Sat, May 23, 2020 at 06:33:31PM +0000, Adam D. Ruppe via 
 Digitalmars-d wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
Notable from the article is that both Microsoft and Google are seriously looking into alternative programming languages. I think we're looking at the beginning of the end of the long reign of C/C++ in the programming landscape. Maybe in about 20-30 years' time C/C++ will become relics in the dustbin of history... T
It will still take ages, Google and Microsoft are also heavyweights on ISO C++, and collaborating on C++ lifetime analysis and C++ Core Guidelines. Hence Project Verona and Checked C from Microsoft as well.
May 24
parent reply "H. S. Teoh" <hsteoh quickfur.ath.cx> writes:
On Mon, May 25, 2020 at 05:48:59AM +0000, Paulo Pinto via Digitalmars-d wrote:
 On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:
[...]
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah,
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
[...]
 Notable from the article is that both Microsoft and Google are
 seriously looking into alternative programming languages.  I think
 we're looking at the beginning of the end of the long reign of C/C++
 in the programming landscape. Maybe in about 20-30 years' time C/C++
 will become relics in the dustbin of history...
[...]
 It will still take ages, Google and Microsoft are also heavyweights on
 ISO C++, and collaborating on C++ lifetime analysis and C++ Core
 Guidelines.
 
 Hence Project Verona and Checked C from Microsoft as well.
Well OK, maybe 20-30 years is a bit optimistic. But I think this is the start of a general trend to gradually move away from C/C++ towards safer and less painful languages to work with. The other big user of C++ I know of is the game industry, and AFAICT the sentiment there is also that C++ is merely a necessary evil, but they'd jump ship in a heartbeat if a viable competitor comes along. T -- The diminished 7th chord is the most flexible and fear-instilling chord. Use it often, use it unsparingly, to subdue your listeners into submission!
May 25
parent Paulo Pinto <pjmlp progtools.org> writes:
On Monday, 25 May 2020 at 17:38:13 UTC, H. S. Teoh wrote:
 On Mon, May 25, 2020 at 05:48:59AM +0000, Paulo Pinto via 
 Digitalmars-d wrote:
 On Sunday, 24 May 2020 at 14:38:54 UTC, H. S. Teoh wrote:
[...]
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
[...]
 Notable from the article is that both Microsoft and Google 
 are seriously looking into alternative programming 
 languages.  I think we're looking at the beginning of the 
 end of the long reign of C/C++ in the programming landscape. 
 Maybe in about 20-30 years' time C/C++ will become relics in 
 the dustbin of history...
[...]
 It will still take ages, Google and Microsoft are also 
 heavyweights on ISO C++, and collaborating on C++ lifetime 
 analysis and C++ Core Guidelines.
 
 Hence Project Verona and Checked C from Microsoft as well.
Well OK, maybe 20-30 years is a bit optimistic. But I think this is the start of a general trend to gradually move away from C/C++ towards safer and less painful languages to work with. The other big user of C++ I know of is the game industry, and AFAICT the sentiment there is also that C++ is merely a necessary evil, but they'd jump ship in a heartbeat if a viable competitor comes along. T
Sure, for example Rust had four sessions at Build 2020, and has now official support for WinUI/UWP going forward with Project Reunion (reunification of Wi32/UWP worlds). Midori learning and collaboration with Unity, CryEngine and Godot. D got have had this spot, but somehow the opportunity it had was lost. In any case, we are now finally at the beginning of the mentality shift that these kind of unsafe programming doesn't scale, which is why I think it will still take more than our lifetimes. Hopefully others will carry on pushing for safer systems.
May 25
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 5/23/2020 11:33 AM, Adam D. Ruppe wrote:
 On Saturday, 23 May 2020 at 17:34:21 UTC, aberba wrote:
 Yeah, 
 https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-m
mory-safety-issues/ 
Garbage collection and array bounds checks fixes the majority of those with no special effort, so I am sure the numbers are different for most D programs.
It doesn't fix use-after-free. Enter live functions.
May 24
parent Adam D. Ruppe <destructionator gmail.com> writes:
On Monday, 25 May 2020 at 01:35:07 UTC, Walter Bright wrote:
 On 5/23/2020 11:33 AM, Adam D. Ruppe wrote:
 Garbage collection
It doesn't fix use-after-free. Enter live functions.
With garbage collection, references have infinite lifetime, so use after free is impossible. D doesn't GC everything though, since it has pointers to stack objects and C things, but when you DO use the GC, use-after-free is not a worry.
May 24