filmov
tv
CppCon 2017: John Regehr “Undefined Behavior in 2017 (part 2 of 2)”
Показать описание
—
—
Undefined behavior is a clear and present danger for all application code written in C++. The most pressing relevance is to security, but really the issue is one of general software correctness. The fundamental problem lies in the refusal of C++ implementations (in general) to trap or otherwise detect undefined behaviors. Since undefined behaviors are silent errors, many developers have historically misunderstood the issues in play.
Since the late 1990s undefined behavior has emerged as a major source of exploitable vulnerabilities in C++ code. This talk will focus on trends in the last few years including (1) increased willingness of compilers to exploit undefined behaviors to break programs in hard-to-understand ways and (2) vastly more sophisticated tooling that we have developed to detect and mitigate undefined behaviors. The current situation is still tenuous: only through rigorous testing and hardening and patching can C++ code be exposed to untrusted inputs, even when this code is created by strong development teams. This talk will focus on what developers can and should do to prevent and mitigate undefined behaviors in code they create or maintain.
—
John Regehr: University of Utah, Professor
John Regehr is a professor of computer science at the University of Utah, USA. His research group creates tools for making software more efficient and correct. For example, one of his projects, Csmith, generates random C programs that have been used to find more than 500 previously unknown bugs in production-quality C compilers.
Outside of work John likes to explore the mountains and deserts of Utah with his family.
—
*-----*
—
Undefined behavior is a clear and present danger for all application code written in C++. The most pressing relevance is to security, but really the issue is one of general software correctness. The fundamental problem lies in the refusal of C++ implementations (in general) to trap or otherwise detect undefined behaviors. Since undefined behaviors are silent errors, many developers have historically misunderstood the issues in play.
Since the late 1990s undefined behavior has emerged as a major source of exploitable vulnerabilities in C++ code. This talk will focus on trends in the last few years including (1) increased willingness of compilers to exploit undefined behaviors to break programs in hard-to-understand ways and (2) vastly more sophisticated tooling that we have developed to detect and mitigate undefined behaviors. The current situation is still tenuous: only through rigorous testing and hardening and patching can C++ code be exposed to untrusted inputs, even when this code is created by strong development teams. This talk will focus on what developers can and should do to prevent and mitigate undefined behaviors in code they create or maintain.
—
John Regehr: University of Utah, Professor
John Regehr is a professor of computer science at the University of Utah, USA. His research group creates tools for making software more efficient and correct. For example, one of his projects, Csmith, generates random C programs that have been used to find more than 500 previously unknown bugs in production-quality C compilers.
Outside of work John likes to explore the mountains and deserts of Utah with his family.
—
*-----*
0:49:23
CppCon 2017: John Regehr “Undefined Behavior in 2017 (part 1 of 2)”
0:26:01
CppCon 2017: John Regehr “Undefined Behavior in 2017 (part 2 of 2)”
0:54:23
CppCast Episode 187: Analyzing Undefined Behavior with John Regehr
0:53:59
CppCon 2017: Piotr Padlewski “Undefined Behaviour is awesome!”
0:53:59
CppCon 2017 Undefined Behaviour is awesome!
0:57:20
CppCon 2018: Barbara Geller & Ansel Sermersheim “Undefined Behavior is Not an Error”
1:25:27
C++Now 2018: John Regehr “Closing Keynote: Undefined Behavior and Compiler Optimizations”
0:03:05
C++Now 2019: Oded Shimon “Undefined Behavior - Not what you expected”
1:05:08
CppCon 2017: Scott Schurr “Type Punning in C++17: Avoiding Pun-defined Behavior”
0:04:24
The amazing disappearing, reappearing trigraphs... - Paul 'TBBle' Hampson [ CppCon 2017 ]
1:07:03
Undefined Behavior is Not an Error - Barbara Geller, Ansel Sermersheim - code::dive 2019
1:14:50
009. Undefined behavior - what is it, and why should I care - Marshall Clow
1:03:41
Undefined Behavior in the STL - Sandor Dargo - CppCon 2022
1:02:35
Purging Undefined Behavior & Intel Assumptions in a Legacy C++ Codebase - Roth Michaels CppCon ...
0:03:56
Calling code w/o headers... - Jorg Brown [ CppCon 2017 ]
0:00:23
1030
1:00:26
CppCon 2017: John McFarlane “CNL: A Compositional Numeric Library”
0:49:17
CppCon 2017: Patrice Roy “Which Machine Am I Coding To?”
0:03:05
John Regehr video
1:14:22
CppCon 2017 C++ atomics, from basic to advanced What do they really do?
0:49:55
emBO++ 2019 - Barbara Geller & Ansel Sermersheim: Undefined Behavior is Not an Error
1:08:02
CppCon 2017: Fedor Pikus “Read, Copy, Update, then what? RCU for non-kernel programmers”
0:14:49
C++ Undefined Behavior
0:46:28
CppCon 2016: Michael Spencer “My Little Optimizer: Undefined Behavior is Magic'
Комментарии