All those safe functions should return the same value as their unsafe counterparts, and return values should be checked. Unless completely unuseful like for strcpy. Don't teach ignoring return values.
Engineer/Developer haircuts are functional: Maximum hat compatibility, covers the basics while limiting vulnerabilities and potential exploits. Video suggestions: - Projects you worked on which impressed you with elegant or clever code solutions - Worst production code you ever saw (bonus if you had to fix it) - Coding "pet peeves" (bonus if they are pedantic or inconsequential!) Enjoy your videos!
Eh, in 10 years he'll be saying "40 years of C and C++, finally getting good" In 20 years, he'll be saying "50 years of C and C++, finally getting good". It never ends.
I think what I like most about this channel is its all about the code I wrote when I started professionally.. and the code I maintain today. Most Programmer videos on youtube want to focus on much newer topics, and those that do touch on C++ dont really go in deep.. or if they do, not in an entertaining way.
How many programmers does it take to write a line of code? _Ten..._ one to write the line, and nine to tell how they could have done it better! Edit: I'm always happy when others pronounce the name of a function phonetically.
Dave, you are the most charming, eloquent, knowledgeable, kind and endearing, genuinely funny programming savant. I admire you sincerely. God bless you
Mister Plummer, this is an amazing series and even though this is only the second episode, you are giving out invaluable information for practical programmers. Please keep it up!
I love you, just for the fact that you stick with GPL2 licence for your code snippets! You don't wanna know how many people just blindly apply GPL3 to their projects and shoot their future selfs in the foot, especially when they want to use their own projects in proprietary use cases.
I once inherited a project that compiled and had about 25000 warnings on compile. I took the time to make it compile at /w4 as well, but never turned on errors. If anyone ever checked in code that made warnings in the future, I took that as a teachable moment, because half the warnings I fixed were actual bugs or potential outright terminate process errors provided the right conditions. Who knows how many security issues, that wasn't my end goal but a benefit.
Here's a good C++ topic: Template meta-programming Lots to cover there, could do a whole series on it, there's a lot of useful stuff it can do but most C++ programmers (including myself) aren't too familiar with how to use it effectively, and less experienced C++ programmers basically see it as black magic.
but it's just like typesafe macro expansion with some syntactic sugar on top of it tho. And it gets even more typesafe with concepts and the 'requires' keyword
Rule one about temple meta programming is that if you think you need it, you are probably wrong. However, there are a handful of really compelling reasons to use it. Still even on teams with exceptionally smart programmers I have found that few are capable of maintaining templates...
@@dougpark1025 I work in games, anything that can be done at compile time is a huge win over something that is done at runtime. Usually we need to have big blocks of comments explaining what the magic values we use are, and checklists for modifying anything they were based off so the magic values don't get outdated. Template meta-programming can solve a lot of those cases at compile time and are generally more powerful than macros which often can't do what we need. Though it definitely isn't something that is needed frequently.
I'm so glad I found your channel. Every video has something in it I didn't know, and I've been writing c for a long time (though not near as long as you) Thank you!
Hi, Dave! I am an IT student. This is my first comment on TH-cam. YOU ROCK! The stories you tell are facinating. And the technical informations are brilliant! And you do not even charge any peny. Thanks a lot for your effort!
I love when you share mistakes, bad habits, etc. When people with more experience than yourself show how and when they make errors or mistakes, it gives the less experienced person so much valuable context, by which hers/his own body of knowledge can be judged. When the expert never fails at anything, and needs zero time to accomplish comparatively outlandish results, it is detrimental to the experience. But showing the, not always straight to target, path there inspires. Great work!!
Looking forward to more of these! C++ is the first language I learned (aside from some messing around in BASIC) back in 2000, but I haven't kept up to date. You bet my code was full of insecure string functions. These videos are great for helping me modernize my knowledge!
Excellent Dave! Thank you for the wonderful content. After 30 years, you are finally getting good at C and C++ 😁 Gold 👍 I moved to C# instead. Loved the sudden style change of no braces after 30 years. Code style changes are fascinating! I know it just feels right, but why didn't it before? What is your opinion of single line "if" statements? Mine seems to vary. Were you ever subjected to stupid coding standards about such things? My C++ topic suggestion is Templates.
warnings as errors, not just silently truncating... yes, yes, yes... nice to see someone else who thinks a bit like me on such things. Great video! Thanks!
Given how many security vulnerabilities there are today... Not enough people read Writing Secure Code... Either way, thanks for telling your story. Its amazing to hear all of this wisdom.
Cool stuff. I managed to write my own printf with a variable argument list back in the late '80's when I had no access to a real C compiler. I was playing with a shareware 16bit C compiler which had no libraries at all and which ran from 1.44MB diskettes as I was using a work laptop with a 20MB hard disk. I was (am) an accountant who just loved computers. I set out to write my own C stdlib to go with it and learned a lot by doing that.
I program from the 1980's started with a 1802 in assembler. Then C and even fortran. But I still learn from video's like this. My daugter is now programming in C++ so I have to catch up my skills. It is good to take some time to upgrade your coding skills. Thanks
I favour asprintf() for that job as is standard enough, needs little thought and fails in a simple way. More generally just don’t use functions which are still easy to get wrong. That’s what C++ and other languages’ string classes are for
Came here to say this. Given the choice between safe non-standard and safe standard functions, choose the latter. C++'s string class is better at handling strings anyway.
I programmed for IBM S/370 computers running variants of OS. My main languages for Assembler F (for systems code), COBOL, PL/1. In Assembler, I might have had the odd problem with pointers and timing, and I had a couple of spectacular paper eaters. One generated "Intervention required" on a virtual printer. Had the operators confused. I filled VM's printer spool. And there was the paper cutter. The printers used continuous paper, and it was customary to print a line of asterisks on the fold between jobs to make it easy to find them. Print enough lines of asterisks on the same fold line and the paper gets cut. Operators don't like that. Since I did interesting new magic things, the operators were generally pretty forgiving. It helped that I was running in a test environment. IBM types got to use PL/S and later PL/X similar to PL/1.
40+ years ago I learnt C by writing a C compiler in Pascal for the CDC mainframes. Non ASCII, 60 bit words, flat filesystem. Added a cross compiler for 8086 ( segmented memory space ). Started by outputting Forth style stack operations. Sold three or four copies.
For anyone wanting to know what makes a C function hazardous just look up "gets". "It stops when either the newline character is read or when the end-of-file is reached, whichever comes first". That ought to be ammened to add "or when something critical gets overwritten".
👍 @Dave'sGarage your content is fantastic these use cases are more advanced than my current skill set. Primarily due to me still being in the introductory phase of my C++/programming journey. Today I was test my knowledge of how to use Composition In C×+ without my textbook. Additionally, I have not used a debugger yet with any my textbook lessons. However, your content is Gold to me. Your content provides value. Thanks.
Hey Dave! Love the content. Just wanted to let you know that you can add timestamps to TH-cam videos in the description and it will put them in the video timeline in the player. Super useful for content like this!
Dave, you mentioned in your previous episodes that some code you build for Microsoft OS, was non-debuggable. Could you share some ideas on how to make some of our critical code non-debuggable as well? The only idea I get in my mind is to measure code execution time and if it is more than expected, then change code execute flow to mislead the person who is trying to debug.
Look up "The Ultimate Anti-Debugging Reference" by Peter Ferrie. It's a bit old now and nothing is completely undefeatable, but it may give you some good ideas. For example, one of my favourite techniques is to have the program run itself as a debugger, and have the debugger parent process change the control flow of the child process in a way that is necessary for it to work (have the child throw an exception, parent catch it and set a new thread context, or write to the process memory, etc.) This means you can't attach to the child process (which is the bulk of your program) with a debugger since, there's already a "debugger" attached (which your child process is dependent on to function correctly)
he's probably talking about code not being debuggable by Visual Studio, so simple checks such as IsDebuggerPresent would work for that. it completely falls apart when you use a third-party open source debugger such as x64dbg which can hide itself
@@TheAndreArtus Yeah, I've seen the timing idea used in the wild, but it's not a good anti-debug IMO. Of course, like I said, none of them are undefeatable. They only create a temporary hindrance. The reason I don't like the timing idea is that any freeze up or temporary lag spike could trigger the check - and, it's usually not difficult to work around, either. It's a high risk, low reward technique. Unless you know how to remove such a protection, you're not really in a position to create one. Modern protections like Denuvo hire hackers to break them on purpose, then continue to revise until they can't be broken (easily) anymore.
Take a look how cpus cache code ahead. You can write code “assembly” that modifies the next statements executed to distract the person analyzing/debugging the code. If debugged, the flow gets misdirected from the actual cached code execution. If undebugged, the original code executes in the “fast” undebugged and original code execution. Smart debuggers will catch that and just skip those lines to remain on the original path, they might nop out those lines trying to fool those unaware of cpu code caching.
@@robertsentgerath1008 Unless I am mistaken, that wouldn't work on x86 at least. Calling FlushInstructionCache, while good practice, is not strictly necessary there. I assume since the OP asked here they're asking about Windows/x86, but I don't doubt it would work on other CPU architectures
I've been playing with C/C++ for nearly 30 years, the first thing in compiling code, is to make sure it compiles clean, no errors, no warnings.... I sometimes see other peoples code, such as some libraries and there are hundreds of warnings in the code..... Warnings are problems in the code, you can spend weeks trying to track down logic bugs, that the compiler actually warned you about. For strings on modern computers in C, I like to define them this way: char *buff . . . buff = (char *)malloc(512); memset(buff,0,512); I now know that, the data space is zero filled. I've sometimes, memset the buffer multiple times, because I am using is as a string, before freeing at the end.
Can you tell me what you mean? I do have some stories of how the shell was originally pure C but worked with C++ and COM by manually calling through vtables and such!
@@DavesGarage I have still never tried to ha e C call through a C++ virtual method table. Seems I need to set up a weekend project on how to abuse a computer language. 😀
I am just now exploring ImportDLL and the concept of having a static library that is used to load in the dynamic libraries. My code doesn't work quite yet, but getting there.
Using C++ CLI for .NET interop. is a great topic. It's still often way cleaner, easier and less bugprone to author interop. libraries in C++ CLI than any other .NET language when wrapping C and C++ libraries. There are lots of interop. layers still out there built this way that can be a challenge to maintain for devs. unfamiliar with this technology. Many great potential pitfall topics to talk about like CPU target architecture dependence for memory alignment and handling callback functions from native code without crashes on app. shutdown in .NET applications as well.
The way that C++ manages exceptions is pretty different from other programming languages. Windows approaches exceptions slightly different from other operating systems too.
woah! if you haven't read snow crash you should, it's a modern classic. The main character is a katana wielding pizza delivery man who delivers pizzas for the mafia in an armored sports car. That alone should be enough to make you read it
How about a comparison of how to write a window/GUI-based "Hello, world" in C# vs C++, and which language is more popular for modern development. For those new to Windows development, a quick segment on Visual Studio Community vs Professional vs Code would be nice too -- a "how to get started guide", if you will.
Dave, thanks for the lessons. I use these functions all over from firmware to software. I will keep this video next time I need these functions on software. Taking me to school by Dave.
It's more than 15 years since I coded in C/C++... OMG I lost it all sadly :( which video proved to me. I remember really disliking (almost hate) C# in the beginning because I felt I lost control, I wanted to manage memory allocation/management my self.
@@iDontProgramInCpp in 16 bit x86, a 16 bit segment:16 bit offset address in memory. This is generally rearranged into a 20 bit number representing the flat real address in the 1mb address space. Regular pointers are within the 64k block relative to the segment value set by the os (com) or specified/assigned after relocation (exe). 16 bit code in real mode was generally only able to address 64k without far pointers.
The problem with learning new things in C++ is you don't know you should learn something, untill you know about it, but then you have probably already learned it.
Great video as always, thank you, Dave. But for any programmers reading this: please, PLEASE do not EVER throw exceptions of any types not inherited from std::exception! Use std::runtime_error, or std::logic_error, or any other exception type from . Or write your own struct / class, but inherit it from std::exception.
Exceptions are a billion dollar mistake in general. They make reasoning about the state of a processes data extremely hard and are unnecessary for flow of program control. Functions that return error codes can be used to achieve the same effect without complex stack unwinding
I appreciate the input and you're technically correct, but the problem is that you can't really do that in a TH-cam video. Now you've lost at least 15,000 people at "WTF if std::exception and std::runtime_error and std::logic_error and why do I need stdexcept? What's a namespace? Why is Dave skipping over all this stuff and not explaining ANY of it????? Why did he write his own struct/class an inherit from std::exception without explaining why he did it? I'm going to watch Amanda McCants programming instead." Or, the alternative would be a 45 minute video that no one would finish. Note that I didn't even bite at the apple of "parameter validation with exceptions is a bad idea because malformed input is not truly an exceptional case" and so on. There just isn't time. In other words, you can only introduce so many topics at a time and you can't leave loose ends like that. So it's better in a video like this to throw the absolute simplest thing (I would have thrown void, if you could). And then, when I do introduce exceptions, I'll discuss the proper way. But for now, the only point I wanted to cover is "You can use an exception from the handler". The minimal amount of syntactically code to do that is best, at least for the video. Now I regret the negative since, it's longer! Is throwing a negative int a good way to build an exception heirarchy? No. Is it correct? Yup. Now you don't want to introduce bad style (which this is), and but you never want to be incorrect (which it isn't). So given the choice of poor style brevity and verbose completeness, in a venue like this you have to go with "shortest correct". Which is why magazines and so on often omit error checking... not to teach that you shouldn't check for errors, but because the space provided doesn't allow for it. But as I said, you're right. Exceptions are very hard to get right. Witness how bad it was in MFC and early attempts. I'm not even sure the CRT has it solved. But I know that to this day, I have never been involved in a significant project that was exception based. Everything I've ever worked on that was successful was standard if-else failure code logic. Heck, I even pass std::nothrow and check memory allocs myself! You just can't "dabble" in exceptions.
@@DavesGarage Yeah. errno was a terrible idea as well and where error codes are returned by functions in the c standard library there's no consistancy. The toolkit library in mac os classic actually did this fairly well.
@@AbAb-th5qe The problem with exceptions/longjmp is that they are slow because of how memory is handle, on the other hand a jump table using if statements are faster and causes less overhead. But that being said deepening on what you are programming exceptions/longjmp can be a good alternative.
I very much enjoyed the history lesson at the start. It was around the XP SP2 release that I jumped ship to Mac. XP had just been too troublesome for me to keep going with it, and it also felt like Apple were bringing new features into the OS at a time XP wasn't really changing from a user point of view - now I know the developers were all working on security at that point. It's impressive how far Microsoft have come. I use Win 10 on my gaming rig, and really like it. If I was just a Windows user now, there's absolutely no reason to move to Mac OS that I can see anyway.
+1 for Neil Stephenson. Reading Termination Shock now . . . An electrical engineer who has been C and C++ programing since the early 80s - first on Mark William's Coherent Unix running on an early IBM PC. Remember well when the _s functions were implemented and required updating my code. Annoying at the time, but appreciated the reasoning behind them.
I have a 100TB NAS too (Synology)! Glad I am not the only one, lol. I also have a 36TB NAS (also Synology), a 3TB SSD TrueNAS Core for testing and a 32TB TrueNAS Scale, lol
No touching upon the Unicode counterparts for these functions? (wcslen, wcscpy...) Given, I can't be bothered to use them in my own projects and they're near identical, but they have the same _s implementations so could've been at least briefly mentioned
Microsoft's _s functions are not always available on other C runtimes and recomending them as replacements for unsafe functions like strcpy or strcat is damaging in its own right as the concepts behind them are what's dangerous. Fixed size buffers in general are a poor choice for string handling.
Fixed size buffers are often the only correct route. But a good choice is: strcpy -> res = snprintf(dst,sizeof dst,"%s",src); strcat -> res = snprintf(dst,sizeof dst,"%s%s",s1,s2); snprintf() is generally available unless in very, very old embedded environments. Only bad thing is some old implementations gives wrong return for too small buffer. They return -1 instead of actual size needed.
@@perwestermark8920 yeah snprintf is a more reasonable choice if you have to use fixed length buffers, however most of the time you don't need to. Also, to get the length needed you can call FILE temp = fopen("NUL", "wb"); then size_t len =fprintf(temp, ... that should always return the number of bytes needed (but you'll also need to add 1 to this value for the null string terminator). asprintf if available does all this together with malloc internally
@@AbAb-th5qe Many times for embedded, you need to be very, very, very careful about dynamically allocated RAM because the total RAM is so low and fragmentation is no fun in a device that expects uptimes in months or years.
@@perwestermark8920 true, but in those kinds of scenarios its better to avoid string handling altogether right? The concept of the heap in C doesn't help matters. You could build a "sliding heap" to prevent heap fragmentation I guess, but that's unnatural to use from C
@@AbAb-th5qe Embedded devices normally still need to process communications protocols etc. Just that they often need to focus on static allocations so if they get through the startup code, then they have all memory they will ever need.
I'd like to see something on rvalue rederences, designing classes for move semantics, implementing constructors, operator=, etc, automatic memory management and exception safety
I do remember the C string functions being a pain as I always got the impression that when you try to make something idiot proof and someone will make a better idiot. I say this after I had some coder who did not use exceptions they used 'shudder' goto
Why use C-strings inside C++? Just enforce a hard boundary between where you interact with some C API and your C++ program. Ingest C-strings by feeding them into std::string constructors and then bring them back out from string.c_str() if you need to take them back out for the API.
I'm sure you find yourself creating std::strings from C strings all the time, and not just constants. So you have to know how to deal with them, but I'd argue the best thing is to get it encapsulated in a string object as soon as you can trust it. That's sort of my boundary - raw strings untrusted, but string object have been parsed.
@@DavesGarage In what manner does handling "untrusted" C-strings with functions lifted from C, differ from handing the char* straight to your std::string constructor? If you want to cap the size, for instance, you can just pass it as a second parameter to the constructor. If the C-string could be missing a null terminator you're more or less powerless to do anything else regardless. What I'm saying is there's no need to "trust" things you would feed into the std::string constructor, such that you'd need some additional sanitization steps before then.
In this day and age, thinking about such things as buffer overflow in the smallest pieces of code - that must've been a terror of programmers. Being a C++ programmer - you don't think about the working of the program as a whole - because you need to focus on making your smallest function working properly, like simple string concatenation :P. But the biggest flaw of C and C++ is in my opinion lack of standardized, enforced type of exceptions that save whole stack. Nowadays in any modern language - when you have an exception, you get the whole stack of it - in some languages you not only get the names of functions, but also all their parameters. Looking back at C and C++ - it seems like we currently have heaven on earth.
Very good initiative of Microsoft to introduce those _s variants. What I don't like is that in case of invalid argument they may end the program in case you use the default handler. Not sure if that's a good thing when most string functions are GUI related. Windows XP sp2 was a great service pack btw (contrary to NT 4.0 sp2)
I get their point, but in fact, if you're not mixing code and data, then you're not using a stored-program digital computer. That's just von Neumann way of things. Anyway, it's always entertaining to me that people spent so much time fixing the flaws in the C string library, instead of fixing the fundamental flaw in K&R's approach to strings. Imo, zero-terminated strings have been a bad idea since the Z-80 was designed.
I am the same when it comes to maximum warning level and treating warnings as errors. At least before I commit anything to our source code repository. During development, you may juggle around with code and have variables that aren't used yet and I don't want to be that too much of a bother. But nothing moves off of my computer if it throws a warning during the compile. My colleagues hate me for this attitude. 😆 However, I tried to introduce the _s string functions in the project I am working on, and apparently they don't seem to exist all across the C world. The compiler we use (some almost 20 year old embedded C compiler for ARM) doesn't know them at all. Unfortunately nobody is willing to spend the money on a new tool chain...😩
Dave you ask for suggestions for content , OK I have one. I too am now retired and have taken up trying to learn C and C++ as a hobby and would like to understand C 3d arrays and C++ vectors better. So If you have the time and the inculcation I would like to know the best uses and best implementations of each one. Plus anything else you think could be important. Like anything at all...... Thanks love your Channel !
I can get the nullptr assertion, but why fire an "exception" when you ran out of buffer space? Like just put a null terminator at the end and return -1 or whatever. It's not that critical to halt the whole program
I still use strcpy to initialize strings with smalls imm strings e.g. strcpy(s, "hi"); I may use strcat earlier on, again in initializing data, but never in a loop.
10: 50 I figure a lot of you may never have seen this done before Excuse you, Majority developers for windows sooner or later used MFC, and every freaking MFC .cpp file generated from template contains redefinition of new operator via preprocess macro in _DEBUG build. What make you thing we never guessed to apply the same trick for warning?
I bet those downvotes are for the haircut!
If you recommend anything. Someone else will have an alternate "better" recommendation. "Internet" hey ho . Dang this coffee tastes good
Haters gotta hate. I love when there is a new "Dave's Garage" episode...
All those safe functions should return the same value as their unsafe counterparts, and return values should be checked. Unless completely unuseful like for strcpy. Don't teach ignoring return values.
Engineer/Developer haircuts are functional: Maximum hat compatibility, covers the basics while limiting vulnerabilities and potential exploits.
Video suggestions:
- Projects you worked on which impressed you with elegant or clever code solutions
- Worst production code you ever saw (bonus if you had to fix it)
- Coding "pet peeves" (bonus if they are pedantic or inconsequential!)
Enjoy your videos!
The haters preferred C-- over C++
> 30 years of experience in C/C++
> Finally getting good
Lol
I done an IRL lol at that.
30 Years is a good pratice time :)
Eh, in 10 years he'll be saying "40 years of C and C++, finally getting good"
In 20 years, he'll be saying "50 years of C and C++, finally getting good".
It never ends.
u can never bcm great in C/C++ ... good is the limit
I think what I like most about this channel is its all about the code I wrote when I started professionally.. and the code I maintain today. Most Programmer videos on youtube want to focus on much newer topics, and those that do touch on C++ dont really go in deep.. or if they do, not in an entertaining way.
You have quickly become the best programming channel on TH-cam
Very kind word, thanks!
@@DavesGarage Not only kind... truthful.
"I've been coding C++ for 30 years.....now I'm finally getting good at it" -- Do you know how intimidating this is?!?!
Having these lessons available is incredible, thank you so much Dave, please keep up the good work.
Glad you like them!
How many programmers does it take to write a line of code? _Ten..._ one to write the line, and nine to tell how they could have done it better!
Edit: I'm always happy when others pronounce the name of a function phonetically.
Hey that's what code reviews are all about right?
One programmer is enough
You wasted too many bytes in that comment!
@@sophiacristina too bad 😶
I would rate this joke as SegFault Error.
That's how bad it is.
Dave, you are the most charming, eloquent, knowledgeable, kind and endearing, genuinely funny programming savant. I admire you sincerely. God bless you
Mister Plummer, this is an amazing series and even though this is only the second episode, you are giving out invaluable information for practical programmers. Please keep it up!
I love you, just for the fact that you stick with GPL2 licence for your code snippets! You don't wanna know how many people just blindly apply GPL3 to their projects and shoot their future selfs in the foot, especially when they want to use their own projects in proprietary use cases.
I once inherited a project that compiled and had about 25000 warnings on compile. I took the time to make it compile at /w4 as well, but never turned on errors. If anyone ever checked in code that made warnings in the future, I took that as a teachable moment, because half the warnings I fixed were actual bugs or potential outright terminate process errors provided the right conditions. Who knows how many security issues, that wasn't my end goal but a benefit.
I use these all the time and have converted a lot of code to use these as well. Worth the effort for more secure code.
Here's a good C++ topic: Template meta-programming
Lots to cover there, could do a whole series on it, there's a lot of useful stuff it can do but most C++ programmers (including myself) aren't too familiar with how to use it effectively, and less experienced C++ programmers basically see it as black magic.
but it's just like typesafe macro expansion with some syntactic sugar on top of it tho. And it gets even more typesafe with concepts and the 'requires' keyword
Rule one about temple meta programming is that if you think you need it, you are probably wrong. However, there are a handful of really compelling reasons to use it. Still even on teams with exceptionally smart programmers I have found that few are capable of maintaining templates...
@@dougpark1025 I work in games, anything that can be done at compile time is a huge win over something that is done at runtime. Usually we need to have big blocks of comments explaining what the magic values we use are, and checklists for modifying anything they were based off so the magic values don't get outdated. Template meta-programming can solve a lot of those cases at compile time and are generally more powerful than macros which often can't do what we need. Though it definitely isn't something that is needed frequently.
Net Send!!! I miss that. Sending messages during computer class was fun at the time.
I'm so glad I found your channel. Every video has something in it I didn't know, and I've been writing c for a long time (though not near as long as you)
Thank you!
You're so welcome!
Hi, Dave! I am an IT student. This is my first comment on TH-cam. YOU ROCK! The stories you tell are facinating. And the technical informations are brilliant! And you do not even charge any peny. Thanks a lot for your effort!
FOSS teaching :D
I just want to say how much I appreciate your content; thank you very much!
I appreciate that!
I love when you share mistakes, bad habits, etc. When people with more experience than yourself show how and when they make errors or mistakes, it gives the less experienced person so much valuable context, by which hers/his own body of knowledge can be judged. When the expert never fails at anything, and needs zero time to accomplish comparatively outlandish results, it is detrimental to the experience. But showing the, not always straight to target, path there inspires. Great work!!
You finally made C an interesting topic! ♥️♥️♥️♥️ I know a lot of the details went way above my head, but I enjoyed this video 👍👍👍👍
Glad it was helpful! Or at least enjoyable!
Looking forward to more of these! C++ is the first language I learned (aside from some messing around in BASIC) back in 2000, but I haven't kept up to date. You bet my code was full of insecure string functions. These videos are great for helping me modernize my knowledge!
I'd love to watch an episode about functors, I really enjoy this channel!
Excellent Dave! Thank you for the wonderful content. After 30 years, you are finally getting good at C and C++ 😁 Gold 👍 I moved to C# instead. Loved the sudden style change of no braces after 30 years. Code style changes are fascinating! I know it just feels right, but why didn't it before? What is your opinion of single line "if" statements? Mine seems to vary. Were you ever subjected to stupid coding standards about such things? My C++ topic suggestion is Templates.
I know I use single line ifs only for guards if(!valid) return;
warnings as errors, not just silently truncating... yes, yes, yes... nice to see someone else who thinks a bit like me on such things. Great video! Thanks!
The recommended way of including standard C headers in C++ is to include instead of , instead of , etc.
Since I was not using any C++ specific features, I kept it C-compatible, for the most part. But when I'm doing C++, I do it the way you indicate!
Given how many security vulnerabilities there are today... Not enough people read Writing Secure Code...
Either way, thanks for telling your story. Its amazing to hear all of this wisdom.
Cool stuff. I managed to write my own printf with a variable argument list back in the late '80's when I had no access to a real C compiler. I was playing with a shareware 16bit C compiler which had no libraries at all and which ran from 1.44MB diskettes as I was using a work laptop with a 20MB hard disk. I was (am) an accountant who just loved computers. I set out to write my own C stdlib to go with it and learned a lot by doing that.
Great way to learn how it's all really done!
Great Video. The /w4 /wx touched my heart. 💖 Hope not too many Devs did blind suppression after it was implemented.
Props for the Atari 830 Accoustic Coupler modem on top of the 850 Interface! Took me a second to realize what I was looking at.
Ladies and gentlemen, the man, the myth, the legend... Dave Plummer!
Refreshing. Miss my Kernigan and Ritchie days but I dont remember any of these functions. Nice and understandable.
I program from the 1980's started with a 1802 in assembler. Then C and even fortran. But I still learn from video's like this. My daugter is now programming in C++ so I have to catch up my skills. It is good to take some time to upgrade your coding skills. Thanks
I favour asprintf() for that job as is standard enough, needs little thought and fails in a simple way. More generally just don’t use functions which are still easy to get wrong. That’s what C++ and other languages’ string classes are for
Came here to say this. Given the choice between safe non-standard and safe standard functions, choose the latter. C++'s string class is better at handling strings anyway.
In some contexts it's better to avoid heap allocated memory.
@@evanwilliams2048 you can use a custom allocator or use string views
I programmed for IBM S/370 computers running variants of OS. My main languages for Assembler F (for systems code), COBOL, PL/1.
In Assembler, I might have had the odd problem with pointers and timing, and I had a couple of spectacular paper eaters. One generated "Intervention required" on a virtual printer. Had the operators confused. I filled VM's printer spool. And there was the paper cutter. The printers used continuous paper, and it was customary to print a line of asterisks on the fold between jobs to make it easy to find them. Print enough lines of asterisks on the same fold line and the paper gets cut. Operators don't like that.
Since I did interesting new magic things, the operators were generally pretty forgiving. It helped that I was running in a test environment.
IBM types got to use PL/S and later PL/X similar to PL/1.
40+ years ago I learnt C by writing a C compiler in Pascal for the CDC mainframes. Non ASCII, 60 bit words, flat filesystem. Added a cross compiler for 8086 ( segmented memory space ). Started by outputting Forth style stack operations. Sold three or four copies.
For anyone wanting to know what makes a C function hazardous just look up "gets". "It stops when either the newline character is read or when the end-of-file is reached, whichever comes first". That ought to be ammened to add "or when something critical gets overwritten".
👍 @Dave'sGarage your content is fantastic these use cases are more advanced than my current skill set. Primarily due to me still being in the introductory phase of my C++/programming journey. Today I was test my knowledge of how to use Composition In C×+ without my textbook. Additionally, I have not used a debugger yet with any my textbook lessons. However, your content is Gold to me. Your content provides value. Thanks.
Hey Dave! Love the content. Just wanted to let you know that you can add timestamps to TH-cam videos in the description and it will put them in the video timeline in the player. Super useful for content like this!
It is considered good practice to include your own examples to show the utility
1:00 the start
2:00 another minute
3:00 etcetera
@@peteralund yes, but usually fans do this 'dirty' work for him.. LOL
Dave, you mentioned in your previous episodes that some code you build for Microsoft OS, was non-debuggable. Could you share some ideas on how to make some of our critical code non-debuggable as well? The only idea I get in my mind is to measure code execution time and if it is more than expected, then change code execute flow to mislead the person who is trying to debug.
Look up "The Ultimate Anti-Debugging Reference" by Peter Ferrie. It's a bit old now and nothing is completely undefeatable, but it may give you some good ideas.
For example, one of my favourite techniques is to have the program run itself as a debugger, and have the debugger parent process change the control flow of the child process in a way that is necessary for it to work (have the child throw an exception, parent catch it and set a new thread context, or write to the process memory, etc.) This means you can't attach to the child process (which is the bulk of your program) with a debugger since, there's already a "debugger" attached (which your child process is dependent on to function correctly)
he's probably talking about code not being debuggable by Visual Studio, so simple checks such as IsDebuggerPresent would work for that. it completely falls apart when you use a third-party open source debugger such as x64dbg which can hide itself
@@TheAndreArtus Yeah, I've seen the timing idea used in the wild, but it's not a good anti-debug IMO. Of course, like I said, none of them are undefeatable. They only create a temporary hindrance.
The reason I don't like the timing idea is that any freeze up or temporary lag spike could trigger the check - and, it's usually not difficult to work around, either. It's a high risk, low reward technique.
Unless you know how to remove such a protection, you're not really in a position to create one. Modern protections like Denuvo hire hackers to break them on purpose, then continue to revise until they can't be broken (easily) anymore.
Take a look how cpus cache code ahead. You can write code “assembly” that modifies the next statements executed to distract the person analyzing/debugging the code. If debugged, the flow gets misdirected from the actual cached code execution. If undebugged, the original code executes in the “fast” undebugged and original code execution. Smart debuggers will catch that and just skip those lines to remain on the original path, they might nop out those lines trying to fool those unaware of cpu code caching.
@@robertsentgerath1008 Unless I am mistaken, that wouldn't work on x86 at least. Calling FlushInstructionCache, while good practice, is not strictly necessary there. I assume since the OP asked here they're asking about Windows/x86, but I don't doubt it would work on other CPU architectures
I've been playing with C/C++ for nearly 30 years, the first thing in compiling code, is to make sure it compiles clean, no errors, no warnings.... I sometimes see other peoples code, such as some libraries and there are hundreds of warnings in the code..... Warnings are problems in the code, you can spend weeks trying to track down logic bugs, that the compiler actually warned you about.
For strings on modern computers in C, I like to define them this way:
char *buff
.
.
.
buff = (char *)malloc(512);
memset(buff,0,512);
I now know that, the data space is zero filled. I've sometimes, memset the buffer multiple times, because I am using is as a string, before freeing at the end.
It will be great to see C++ custom allocators
Would be cool if you talked a little about c++ / c# interop!
Can you tell me what you mean? I do have some stories of how the shell was originally pure C but worked with C++ and COM by manually calling through vtables and such!
@@DavesGarage I have still never tried to ha e C call through a C++ virtual method table. Seems I need to set up a weekend project on how to abuse a computer language. 😀
Like calling native code from the .NET framework? PInvoke, Marshaling, [DllImport], all that jazz? I'd be keen for that!
I am just now exploring ImportDLL and the concept of having a static library that is used to load in the dynamic libraries. My code doesn't work quite yet, but getting there.
Using C++ CLI for .NET interop. is a great topic. It's still often way cleaner, easier and less bugprone to author interop. libraries in C++ CLI than any other .NET language when wrapping C and C++ libraries. There are lots of interop. layers still out there built this way that can be a challenge to maintain for devs. unfamiliar with this technology. Many great potential pitfall topics to talk about like CPU target architecture dependence for memory alignment and handling callback functions from native code without crashes on app. shutdown in .NET applications as well.
I miss the fun that could be had with netsend back in the day. I can see why that may have been an issue though haha
The way that C++ manages exceptions is pretty different from other programming languages. Windows approaches exceptions slightly different from other operating systems too.
Windows exceptions are just getlasterror
Good book recommendations, Snow Crash for imagination, Writing Secure Code for the craft.
woah! if you haven't read snow crash you should, it's a modern classic. The main character is a katana wielding pizza delivery man who delivers pizzas for the mafia in an armored sports car. That alone should be enough to make you read it
How about a comparison of how to write a window/GUI-based "Hello, world" in C# vs C++, and which language is more popular for modern development. For those new to Windows development, a quick segment on Visual Studio Community vs Professional vs Code would be nice too -- a "how to get started guide", if you will.
Love the example of malicious intent: "Maybe somebody will pipe the entire contents of the Oxford dictionary into my zip code field."
Dave, thanks for the lessons. I use these functions all over from firmware to software.
I will keep this video next time I need these functions on software.
Taking me to school by Dave.
Actual most dangerous function:
Hashtable::~Hashtable()
{
exit(0);
}
It's more than 15 years since I coded in C/C++... OMG I lost it all sadly :( which video proved to me. I remember really disliking (almost hate) C# in the beginning because I felt I lost control, I wanted to manage memory allocation/management my self.
I'm curious on how the Windows codebase migrated code using far pointers to the flat addressing model
It was all largely rewritten for the Win16->Win32 conversion, but that was done just before I arrived!
The hell is a far pointer?
@@iDontProgramInCpp in 16 bit x86, a 16 bit segment:16 bit offset address in memory.
This is generally rearranged into a 20 bit number representing the flat real address in the 1mb address space.
Regular pointers are within the 64k block relative to the segment value set by the os (com) or specified/assigned after relocation (exe).
16 bit code in real mode was generally only able to address 64k without far pointers.
@@1971merlin who thought that using this mess was a good idea?!
@@iDontProgramInCpp it was a matter of keeping retro compatibility and cost of memory back then pressuring the design, if I'm not mistaken.
Very informative and a fantastic reminder of why I gave up with C++
Keep up with Your excellent work.👍
I also like Your sense of humor 😂
The problem with learning new things in C++ is you don't know you should learn something, untill you know about it, but then you have probably already learned it.
Great video as always, thank you, Dave. But for any programmers reading this: please, PLEASE do not EVER throw exceptions of any types not inherited from std::exception! Use std::runtime_error, or std::logic_error, or any other exception type from . Or write your own struct / class, but inherit it from std::exception.
Exceptions are a billion dollar mistake in general. They make reasoning about the state of a processes data extremely hard and are unnecessary for flow of program control. Functions that return error codes can be used to achieve the same effect without complex stack unwinding
@@AbAb-th5qe Exceptions aren't great, but random integer error codes are even worse.
I appreciate the input and you're technically correct, but the problem is that you can't really do that in a TH-cam video. Now you've lost at least 15,000 people at "WTF if std::exception and std::runtime_error and std::logic_error and why do I need stdexcept? What's a namespace? Why is Dave skipping over all this stuff and not explaining ANY of it????? Why did he write his own struct/class an inherit from std::exception without explaining why he did it? I'm going to watch Amanda McCants programming instead."
Or, the alternative would be a 45 minute video that no one would finish. Note that I didn't even bite at the apple of "parameter validation with exceptions is a bad idea because malformed input is not truly an exceptional case" and so on. There just isn't time.
In other words, you can only introduce so many topics at a time and you can't leave loose ends like that. So it's better in a video like this to throw the absolute simplest thing (I would have thrown void, if you could). And then, when I do introduce exceptions, I'll discuss the proper way. But for now, the only point I wanted to cover is "You can use an exception from the handler". The minimal amount of syntactically code to do that is best, at least for the video. Now I regret the negative since, it's longer! Is throwing a negative int a good way to build an exception heirarchy? No. Is it correct? Yup.
Now you don't want to introduce bad style (which this is), and but you never want to be incorrect (which it isn't). So given the choice of poor style brevity and verbose completeness, in a venue like this you have to go with "shortest correct". Which is why magazines and so on often omit error checking... not to teach that you shouldn't check for errors, but because the space provided doesn't allow for it.
But as I said, you're right. Exceptions are very hard to get right. Witness how bad it was in MFC and early attempts. I'm not even sure the CRT has it solved. But I know that to this day, I have never been involved in a significant project that was exception based. Everything I've ever worked on that was successful was standard if-else failure code logic. Heck, I even pass std::nothrow and check memory allocs myself! You just can't "dabble" in exceptions.
@@DavesGarage Yeah. errno was a terrible idea as well and where error codes are returned by functions in the c standard library there's no consistancy. The toolkit library in mac os classic actually did this fairly well.
@@AbAb-th5qe The problem with exceptions/longjmp is that they are slow because of how memory is handle, on the other hand a jump table using if statements are faster and causes less overhead.
But that being said deepening on what you are programming exceptions/longjmp can be a good alternative.
"Maybe somebody is gonna pipe the entire Oxford dictionary into my zip code field" - good line
I very much enjoyed the history lesson at the start. It was around the XP SP2 release that I jumped ship to Mac. XP had just been too troublesome for me to keep going with it, and it also felt like Apple were bringing new features into the OS at a time XP wasn't really changing from a user point of view - now I know the developers were all working on security at that point.
It's impressive how far Microsoft have come. I use Win 10 on my gaming rig, and really like it. If I was just a Windows user now, there's absolutely no reason to move to Mac OS that I can see anyway.
Would love a third episode! :)
+1 for Neil Stephenson. Reading Termination Shock now . . .
An electrical engineer who has been C and C++ programing since the early 80s - first on Mark William's Coherent Unix running on an early IBM PC. Remember well when the _s functions were implemented and required updating my code. Annoying at the time, but appreciated the reasoning behind them.
hands down strcpy, it's like a time bomb in C
“Now that I’m finally getting good at it…”
Subbed
I have a 100TB NAS too (Synology)! Glad I am not the only one, lol. I also have a 36TB NAS (also Synology), a 3TB SSD TrueNAS Core for testing and a 32TB TrueNAS Scale, lol
Very useful programming best practices. Thank you.
Glad you think so!
I would really like to know the history behind Windows IOCP.
I’m endlessly happy I found this channel. You explain these concepts so efficiently! Could you possibly make a video on code optimization?
No touching upon the Unicode counterparts for these functions? (wcslen, wcscpy...) Given, I can't be bothered to use them in my own projects and they're near identical, but they have the same _s implementations so could've been at least briefly mentioned
Microsoft's _s functions are not always available on other C runtimes and recomending them as replacements for unsafe functions like strcpy or strcat is damaging in its own right as the concepts behind them are what's dangerous. Fixed size buffers in general are a poor choice for string handling.
Fixed size buffers are often the only correct route.
But a good choice is:
strcpy -> res = snprintf(dst,sizeof dst,"%s",src);
strcat -> res = snprintf(dst,sizeof dst,"%s%s",s1,s2);
snprintf() is generally available unless in very, very old embedded environments.
Only bad thing is some old implementations gives wrong return for too small buffer. They return -1 instead of actual size needed.
@@perwestermark8920 yeah snprintf is a more reasonable choice if you have to use fixed length buffers, however most of the time you don't need to. Also, to get the length needed you can call FILE temp = fopen("NUL", "wb"); then size_t len =fprintf(temp, ... that should always return the number of bytes needed (but you'll also need to add 1 to this value for the null string terminator). asprintf if available does all this together with malloc internally
@@AbAb-th5qe Many times for embedded, you need to be very, very, very careful about dynamically allocated RAM because the total RAM is so low and fragmentation is no fun in a device that expects uptimes in months or years.
@@perwestermark8920 true, but in those kinds of scenarios its better to avoid string handling altogether right? The concept of the heap in C doesn't help matters. You could build a "sliding heap" to prevent heap fragmentation I guess, but that's unnatural to use from C
@@AbAb-th5qe Embedded devices normally still need to process communications protocols etc. Just that they often need to focus on static allocations so if they get through the startup code, then they have all memory they will ever need.
Thanks for your helpful content.
Cryptonomicron - Another good read after Snow Crash
I'd like to see something on rvalue rederences, designing classes for move semantics, implementing constructors, operator=, etc, automatic memory management and exception safety
I do remember the C string functions being a pain as I always got the impression that when you try to make something idiot proof and someone will make a better idiot. I say this after I had some coder who did not use exceptions they used 'shudder' goto
Concatenating variables for fun and profit there’s your next video lol oh and did you use fstring?
Your sizeof broke my automatic reading of C more then I expected it would.
Why use C-strings inside C++? Just enforce a hard boundary between where you interact with some C API and your C++ program. Ingest C-strings by feeding them into std::string constructors and then bring them back out from string.c_str() if you need to take them back out for the API.
I'm sure you find yourself creating std::strings from C strings all the time, and not just constants. So you have to know how to deal with them, but I'd argue the best thing is to get it encapsulated in a string object as soon as you can trust it. That's sort of my boundary - raw strings untrusted, but string object have been parsed.
@@DavesGarage In what manner does handling "untrusted" C-strings with functions lifted from C, differ from handing the char* straight to your std::string constructor? If you want to cap the size, for instance, you can just pass it as a second parameter to the constructor. If the C-string could be missing a null terminator you're more or less powerless to do anything else regardless. What I'm saying is there's no need to "trust" things you would feed into the std::string constructor, such that you'd need some additional sanitization steps before then.
ah. just point me to the code you wrote and I'll show you a fun "why" while you reinstall the OS. You're trusting your inputs again.
Thanks dave.
Its a miracle that so much software written in C++ is working, somehow.
Very valuable advice! Thx for the great explanation!
In this day and age, thinking about such things as buffer overflow in the smallest pieces of code - that must've been a terror of programmers. Being a C++ programmer - you don't think about the working of the program as a whole - because you need to focus on making your smallest function working properly, like simple string concatenation :P.
But the biggest flaw of C and C++ is in my opinion lack of standardized, enforced type of exceptions that save whole stack. Nowadays in any modern language - when you have an exception, you get the whole stack of it - in some languages you not only get the names of functions, but also all their parameters. Looking back at C and C++ - it seems like we currently have heaven on earth.
Discovered your channel today and I subscribed!
heres my favorite dangerous function
system();
LOL
Very good initiative of Microsoft to introduce those _s variants. What I don't like is that in case of invalid argument they may end the program in case you use the default handler. Not sure if that's a good thing when most string functions are GUI related. Windows XP sp2 was a great service pack btw (contrary to NT 4.0 sp2)
By the way the GPL is called the GNU General Public License.
This is my new favorite channel that my wife hates watching :)
Why am I watching this, I don't even write C/C++.
Maybe you will now start! :-)
Because Dave's a cool dude.
Love your content man
How are these videos free? Thank you so much, your videos are super helpful and educational!
I have no idea what the heck you talk about but I still watch all the videos.
I get their point, but in fact, if you're not mixing code and data, then you're not using a stored-program digital computer. That's just von Neumann way of things. Anyway, it's always entertaining to me that people spent so much time fixing the flaws in the C string library, instead of fixing the fundamental flaw in K&R's approach to strings. Imo, zero-terminated strings have been a bad idea since the Z-80 was designed.
Snowcrash... brings back memories :D Still prefer Web of Angels and the Sprawl Trilogy, but Snowcrash had the best "dystopian funky" world...
saw this issue 15 years ago at the company I was working for, used standard library strncpy, etc...
i love this , brings back memories
Thank you so much for this knowledge.
Late to the party, but I sincerely miss spamming my teachers with net-send in Visual Basic class in high school. RIP net-send
I am the same when it comes to maximum warning level and treating warnings as errors. At least before I commit anything to our source code repository. During development, you may juggle around with code and have variables that aren't used yet and I don't want to be that too much of a bother. But nothing moves off of my computer if it throws a warning during the compile. My colleagues hate me for this attitude. 😆
However, I tried to introduce the _s string functions in the project I am working on, and apparently they don't seem to exist all across the C world. The compiler we use (some almost 20 year old embedded C compiler for ARM) doesn't know them at all. Unfortunately nobody is willing to spend the money on a new tool chain...😩
Been coding C# for so long, I even forgot this was an issue :)
you caught me writing C in Notepad and compiling with mingw-w64
Dave you ask for suggestions for content , OK I have one. I too am now retired and have taken up trying to learn C and C++ as a hobby and would like to understand C 3d arrays and C++ vectors better. So If you have the time and the inculcation I would like to know the best uses and best implementations of each one. Plus anything else you think could be important. Like anything at all...... Thanks love your Channel !
I can get the nullptr assertion, but why fire an "exception" when you ran out of buffer space? Like just put a null terminator at the end and return -1 or whatever. It's not that critical to halt the whole program
Exceptions don't halt the program. Terminate halts the program
I still use strcpy to initialize strings with smalls imm strings e.g. strcpy(s, "hi"); I may use strcat earlier on, again in initializing data, but never in a loop.
10: 50 I figure a lot of you may never have seen this done before
Excuse you, Majority developers for windows sooner or later used MFC, and every freaking MFC .cpp file generated from template contains redefinition of new operator via preprocess macro in _DEBUG build. What make you thing we never guessed to apply the same trick for warning?