> Do you think Annex K of C11 will be widely adopted by programmers or unused? Why aren't people adopting it?
So far, it's not been widely adopted. Part of the issue is that there are specification issues relating to threads and the constraint handlers, and part of the issue is that popular libc implementations have actively resisted implementing the annex.
That said, I field questions about Annex K on a regular basis and there are a few implementations in the wild, so there is user interest in the functionality.
> Do you see the use of any analysis tools that are particularly effective for finding memory safety issues?
<biased opinion>I think CodeSonar does a great job at finding memory safety issues, but I work for the company that makes this tool.</biased opinion>
> C++ added in smart pointers to its specification. Are there any plans to do something similar in future C specifications?
We currently don't have any proposals for adding smart pointers to C. Given that C does not have constructors or destructors, we would have to devise some new mechanism to implement or replace RAII in C, which would be one major hurdle to overcome for smart pointers.
I’ve had good luck (in C++) replacing the underlying memory allocator with one that tracks leaks by allocation type (which is fast enough for production use).
This can be done in C, but the calling code has to spell malloc and free differently.
In debug mode, configuring malloc to poison (and add fences) on allocation and free finds most of the remaining things.
These techniques tend to have much lower runtime overhead than valgrind (2-digit percentages vs 5-10x), so they can be left on throughout testing and partially enabled in production.
They find >90% of the memory bugs that I write (assuming valgrind finds 100%). YMMV.
> We currently don't have any proposals for adding smart pointers to C. Given that C does not have constructors or destructors, we would have to devise some new mechanism to implement or replace RAII in C, which would be one major hurdle to overcome for smart pointers.
why would you have to devise a new mechanism and not borrow one from one of the thousand other mechanisms already existing in PL litterature for this ?
Annex K isn't being adopted because it's unergonomic and doesn't solve the problem it purports to. Even the proposer (Microsoft) does not actually implement Annex K as specified in the ISO.
Microsoft originally implemented the Annex K Bounds checked interfaces (e.g., the *_s functions) back in the 1990s in response to well-publicized vulnerabilities. They proposed standardization to the C Standards committee. The committee made many changes to the proposal, possibly going too far away from the original implementation. During this time, I would say that Microsoft was very differential to the wishes of the committee.
By the time the ISO/IEC TR 24731-1:2007 was released, and then later Annex K added to the C Standard, Microsoft had to decide if they wanted to change the interfaces to conform to the changed standard and re-implement their code bases. They presumably decided that they did not, which I think is a defensible decision.
I think we are in agreement that Microsoft does not implement Annex K as specified in ISO C. I don't fault them for that; I wouldn't either.
As to unergonomic, that's somewhat subjective. But I'm a long-time C practitioner and that's my feel of the API. Constraint handlers are a mistake. Ambient state that is not part of the function interface, as well as asynchronous interaction, make for poor APIs. Constraint handlers are a mismatch for library use of safe functions, as well as kernel environments.
Most functions seem pointless; e.g., snprintf_s. Re-adding gets() in the form of gets_s() seems unhelpful. Why bsearch_s, qsort_s, memcpy_s/memmove_s?? Do you really think strerror_s() is useful? Or strnlen_s()?
Wrong. Many implemented them, Microsoft as first, followed by Cisco, Watcom, Embarcadero, Huawei and Android. Widely used in Windows, Embedded and phones.
Microsoft just changed one bit of the proposal, but no one followed them there. Currently it's the most widely used and worst implemented. I tested all of them.
It solves the bounds checking problem better than _FORTIFY_SOURCE, ASAN and valgrind, because it does the checks always, if compile-time or run-time, independent on the optimizer, the used intrinsics, where valgrind fails, and is much faster than ASAN. Also faster than glibc btw.
Well I was asked to parallelize a loop where it was totally unobvious in one interview something like a sum of elements in an array where elements are replaced by the sum of elements from the previous elements(they didnt even shake my hand they just showed me the door silently), in another I had 30 minutes to design an algo that outputs from a matrix it's spiral in C(I think I know how to do this now but I couldn't solve it and program it there under pressure in 30 minutes and my solution is ugly), in another I had to use a semaphore to make a loop that increments up to some number and I didn't know what a semaphore was, I had to find if a linked list was looping, I had to write a code that deletes duplicate elements from a linked list and puts them in to a new sorted list in 30 minutes, the financial engineering jobs required the transcript so they didn't work out. I think I like CS and blame a lack of attention or preparedness for the grades. Maybe I am deluding myself though and need to move on.
You need more practice coding, because it doesn't look like you got a strong intuitive grasp for it from school. Those aren't great interview questions, but they're not serious CS problems either.
Also, you should definitely know what a semaphore is. Write some threaded Python code to get a feel for concurrency.
If this ^ link works, I excluded the sales portion. My cv is a bit embellished, the courses I barely passed were algorithms, real analysis, graph theory, number theory, and a statistics class. I couldn't follow the teacher's talking and reading was difficult. I have talked with several hedge funds in my area who shot me down, a couple startups who shot me down, and microsoft. The gpa was looked at, algorithms was the most crucial thing I missed.
I made it no longer public if anyone reads this, it was probably a stupid idea broadcasting who I was publicly in this context because that is a sure way of shooting yourself in the foot in case an employer didn't ask about the specifics.
Do you think Annex K of C11 will be widely adopted by programmers or unused? Why aren't people adopting it?
Do you see the use of any analysis tools that are particularly effective for finding memory safety issues?
C++ added in smart pointers to its specification. Are there any plans to do something similar in future C specifications?
Thanks!