Trip Report: C++Now 2024

I attended C++Now for the fourth time last week, and it was definitely one of the best conferences I've ever been to. I don't think I've ever experienced so many amazing talks in a row, so I can only highlight some of the talks that are definitely worth watching.

A talk absolutely everybody should watch is C++ should be C++ by David Sankel. It shouldn't be controversial that C++ has a bit of an image problem right now, given the legislative push for memory safety in programming languages and all the successor languages popping up. David argues that this isn't a big problem: There is already a proven, memory-safe systems programming language, Rust, and you should use it for safety-critical code. Programming languages are tools, and you should use the right tool for the job. Sometimes that's Rust, sometimes that's C++, and that's fine. The committee should instead focus on keeping C++ mostly as-is and look at ways to improve inter-op with other programming languages. I tend to agree with that.

If you violate a precondition in the standard library, it is undefined behavior, which is unsafe. People often complain about that; the Rust approach, where preconditions are checked and the program panics instead, is safe. However, an implementation is free to do whatever it wants in the presence of undefined behavior, including checking the precondition and aborting. And finally, somebody does: Users of libcxx can now enable a hardening mode in production to reliably check cheap preconditions. Louis Dionne presented the design in Security in C++ - Hardening techniques from the trenches. It has minimal runtime and code-size overhead, can be enabled/disabled separately for each translation unit, and is currently running in many production systems like Chrome. There really is no excuse anymore to ship code that can suffer from buffer overflows!

Leave a Comment