Secure Coding mailing list archives
Why Shouldn't I use C++?
From: crispin at novell.com (Crispin Cowan)
Date: Thu, 02 Nov 2006 03:17:31 -0800
Ben Corneau wrote:
From time to time on this list, the recommendation is made to never user C++ when given a choice (most recently by Crispin Cowan in the "re-writing college books" thread). This is a recommendation I do not understand. Now, I'm not an expert C++ programmer or Java or C# programmer and as you may have guessed based on the question, I'm not an expert on secure coding either. I'm also not disagreeing with the recommendation; I would just like a better understanding. I understand that C++ allows unsafe operations, like buffer overflows. However, if you are a halfway decent C++ programmer buffer overflows can easily be avoided, true? If you use the STL containers and follow basic good programming practices of C++ instead of using C-Arrays and pointer arithmetic then the unsafe C features are no longer an issue? C and C++ are very different. Using C++ like C is arguable unsafe, but when it's used as it was intended can't C++ too be considered for secure programming?
No, it cannot. C++ is no more safe than C. C++ still supports many undefined operations, which is what makes a language unsafe. No way can C++ be considered a secure programming language. If you need a lean, small language for doing embedded or kernel stuff, then use C; you cannot afford the bloat of C++, so it is not appropriate. If you need a powerful, abstract language for building complex applications, then use C# or Java (or ML, or Haskell). They provide all of the abstraction and programming convenience of C++, and they also provide type safety. This means that there are no undefined operations, which is what makes them secure programming languages. There is no excuse for *choosing* C++, ever. Always avoid it. The only excuse for *using* C++ is that some doofus before you chose it and you have to live with the legacy code :) So why does C++ exist? Because technology has moved. 25 years ago, when C++ was invented, there was not a great supply of well developed type safe object oriented programming languages. So C++ seemed like an incremental improvement over C when it was introduced in the early 1980s. It did provide an improvement over C for developing large applications, where development costs due to complexity were the big problem, and bloat could be afforded. But that lunch has now been eaten by the type safe OOP languages of Java and C#. They are strictly better than C++ at complex applications, so there really is no excuse for using C++ to write new application code. And there never was an excuse for using C++ to write kernel or embedded code. You cannot afford the bloat of C++ there, and if your kernel is so complex that you need OOP to be able to program it, then your kernel design is broken anyway. I suppose there should be an "IMHO" in here somewhere in a rant like this. Feel free to insert it anywhere you like :) Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hack: adroit engineering solution to an unanticipated problem Hacker: one who is adroit at pounding round pegs into square holes
Current thread:
- Why Shouldn't I use C++? Ben Corneau (Oct 31)
- Why Shouldn't I use C++? Robert C. Seacord (Nov 01)
- Why Shouldn't I use C++? ljknews (Nov 01)
- Why Shouldn't I use C++? Leichter, Jerry (Nov 01)
- Why Shouldn't I use C++? Crispin Cowan (Nov 02)
- <Possible follow-ups>
- Why Shouldn't I use C++? Peter Amey (Nov 01)
- Why Shouldn't I use C++? Gary McGraw (Nov 01)