Recent

Author Topic: Object Pascal, Memory Safety, the US Whitehouse and future programming  (Read 3634 times)

hshatti

  • New member
  • *
  • Posts: 7
  • Don't be evil isn't enough, Be virtuous!
Greetings
My apologies for the possible long post, if anyone interested, I was stumbled across this and I feel like wanting to discuss this by now and get some opinions/insights.

maybe some of you good people have read the recent statement from the US Whitehouse couple of days ago issued by the US Office of the National Cyber Director (ONCD), if interested you can read the official statement in this link:


https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/memory-safety-fact-sheet/


in short it's urging programmers to adopt memory safe programming languages (and it feels like an implicit preference toward Rust and discouragement of using C/C++), this made me a little intimidated given that C++ is my second favourite language after Object Pascal and my 1st language for daily usage bread an butter, now it's being discouraged on the highest official levels and I'm really REALLY not a fan of adopting a trendy reptilian based interpreter languages (Py#$% cough cough  :-X )  or other auto garbage collecting languages
but here is my personal take on this which I would like to get some opinions on:

- What makes a language really memory safe and is really a language fault or the programmers responsibility?

- Object Pascal natively support memory safe managed types (correct me please if I'm wrong), along with that, it make the usage of stack based types such as advanced records and type helpers much easier and more efficient than other even the most modern languages which are considered mem-safe, additionally range checks, auto initializers/finalizers since the earliest days and now a better memory management for heap allocated types, and in my opinion it make the need for garbage collection unnecessary if not discomfortable.

- Modern C++ and since the C++11 STL has implemented a hefty amount lot of memory safe libraries. auto initializers/finalizers (RAII, smart pointers vector etc..) so should it be really crucified now? let alone that it has produced most of the OS systems and software that we now use.

isn't it the lack of good practice and does it really matter which language?, what are the list of the languages and why would it be considered memory safe it seems a little subjective rather objective no? why suddenly this has to be an argument taken to the highest official acknowledgement 

anyway the good news after further reading around this is that according to the NSA and US Department of defence, Object Pascal (I guess they are referring to FPC) and Delphi is considered one of the memory safe languages (read here in page [3]) :

https://media.defense.gov/2023/Apr/27/2003210083/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY_V1.1.PDF

maybe this is a good opportunity to make Pascal great again.

what are the further practices that a pascal developer should consider for making a memory safe program

Cheers everyone
« Last Edit: February 29, 2024, 04:23:49 am by hshatti »
Don't be evil isn't enough, Be virtuous!
------------
Research-O-Holic .. Highly Skilled Delphi/Lazarus/FPC developer Oh C/C++ too - Solutions with Micro-Controllers (PIC+AVR +STM .. etc )- I.A - anything related to bind thinking and humanity with technology .. all the interesting ideas

lainz

  • Hero Member
  • *****
  • Posts: 4473
    • https://lainz.github.io/
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #1 on: February 29, 2024, 03:35:20 am »
Well I must say : do the same as you do in Rust (because the language don't allow you to do) and you are good to go.

Free the objects when Rust will free them. Or don't use objects and use advanced records.

hshatti

  • New member
  • *
  • Posts: 7
  • Don't be evil isn't enough, Be virtuous!
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #2 on: February 29, 2024, 04:18:43 am »
Indeed! and Advanced records has a better performance generally but unlike C++, pascal doesn't allow you to polymorph them or inherit them (maybe it will if using object instead of record), but I got habit of polymorphing all my classes to be decedents of TInterfacedClass or TInterfacedObject, this way I don't have to worry about free nil them tor wrap them inside a try / finally in theory just like in Rust they should be freed automatically once they get out of scope if I'm not wrong.
Don't be evil isn't enough, Be virtuous!
------------
Research-O-Holic .. Highly Skilled Delphi/Lazarus/FPC developer Oh C/C++ too - Solutions with Micro-Controllers (PIC+AVR +STM .. etc )- I.A - anything related to bind thinking and humanity with technology .. all the interesting ideas

Laksen

  • Hero Member
  • *****
  • Posts: 754
    • J-Software
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #3 on: February 29, 2024, 04:48:39 am »
Doing a lot of C# work I think that they have absolutely nailed memory handling with the relatively recent Span<> and Memory<> additions. And I dream often about something similar for FPC

The way I see FPC and memory safety is that it might be too easy to mess up even with good high-level code.
For example it's almost unavoidable to interact with functions that take untyped references where it's up to the programmer to pass the right size. Like TStream.Read. And there's no safe alternative supplied by the RTL

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11458
  • FPC developer.
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #4 on: February 29, 2024, 10:09:54 am »
note that this is nothing new, the US military tried the same pushing Ada in the eighties, but as usual they only do one sided pressure, and leave it to the industry to make economic sense of it.

If your code was outward facing and sensitive enough to be attacked by cybercriminals, you shouldn't have been using plain C in 2024 n the first place.
« Last Edit: February 29, 2024, 10:59:33 am by marcov »

Mr.Madguy

  • Hero Member
  • *****
  • Posts: 844
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #5 on: February 29, 2024, 10:45:13 am »
Memory safety depends on programming style, not language. C-style programming, where programmer has to manage everything by himself - is root of all memory-unsafe code. Use managed types, like strings, dynamic arrays and ref-counted interfaces - and you'd be ok. Also use advanced memory management tools with memory leak/corruption reporting, like FastMM and HeapTrc.
Is it healthy for project not to have regular stable releases?
Just for fun: Code::Blocks, GCC 13 and DOS - is it possible?

VisualLab

  • Sr. Member
  • ****
  • Posts: 332
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #6 on: February 29, 2024, 10:49:59 am »
https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/memory-safety-fact-sheet/

https://media.defense.gov/2023/Apr/27/2003210083/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY_V1.1.PDF

The only thing that worries me is that Python is listed among the list of programming languages. And that comes first. This undermines the credibility of the author of this content (he probably does not understand what software development is). Python is crap. And unlike (flawed) C and C++, Python has basically no advantages. This is one of the worst designed programming languages. Yes, you can write simple scripts to perform one-off activities (but you can also use available tools). But definitely not serious software. Interestingly, other languages in this category (i.e. JavaScript, PHP, Ruby) were not mentioned. And PHP is slightly better designed than Python, but no sane person tries to create serious software in it*.


*) Facebook, Instagram or Twitter are not serious software (they are "bullshit"). Serious software includes SolidWorks, Altium Designer, Chemcad, Statistica, Matlab, Excel, Photoshop, etc.

domasz

  • Sr. Member
  • ****
  • Posts: 437
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #7 on: February 29, 2024, 11:39:10 am »
And PHP is slightly better designed than Python, but no sane person tries to create serious software in it*.

PHP compared to Python is a masterpiece. Not only by design but also by community standards.
1) PHP interpreter is very small, just a few files. You can easily distribute the interpreter with your PHP code to other people. Python interpreter is billions of files
2) PHP has very good backwards compatibility. Basically PHP4+ code will work under PHP8 out of the box or with tiny changes
3) When people write in PHP they just use built-in PHP functions and libraries written in PHP. This means pretty every PHP website, script, library works under any operating system. In Python people use extensions written in C/C++ that often are not available for other OS or need to be compiled with a C/C++ compiler. So to use Python you need another language compiler and often some knowledge how to use it.
4) Because of the above if you have a problem (eg. security problem) with a library in PHP you can easily fix it if you are a PHP programmer. If you are a Python programmer you won't fix anything because the problem is with C/C++ library and you would first need to learn that.
5) Python without its C/C++ libraries is useless while in pure PHP people have created lots of nice things

440bx

  • Hero Member
  • *****
  • Posts: 4065
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #8 on: February 29, 2024, 11:40:38 am »
Any language that allows a programmer to use pointers is inherently "memory unsafe".  FPC is definitely not a memory-safe language.

There are some "things" that cannot be done properly (fast enough or done at all) without pointer manipulation.  Try to write a full blown interrupt manager in a "memory-safe" language.  It's safe to say that's not likely to work very well. :)





(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

domasz

  • Sr. Member
  • ****
  • Posts: 437
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #9 on: February 29, 2024, 11:43:49 am »
Any language that allows a programmer to use pointers is inherently "memory unsafe".  FPC is definitely not a memory-safe language.
Yes, but Pascal offers many ways to write fast code without pointers. Instead of passing parameters to functions via pointers you can use var and out. You have nice strings instead of pointers to chars you can use absolute to access same memory as 2 different data types and so on.
So Pascal is a lot safer than C.

Dzandaa

  • Sr. Member
  • ****
  • Posts: 253
  • From C# to Lazarus
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #10 on: February 29, 2024, 11:45:51 am »
Hi,

How can Python be considered a safe language?
It uses a lot of libraries written in C/C++...

B->
Dzandaa

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11458
  • FPC developer.
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #11 on: February 29, 2024, 11:59:11 am »
Hi,

How can Python be considered a safe language?
It uses a lot of libraries written in C/C++...

B->

The package system alone is considered an enormous risk, even before actually looking at the language. Same for e.g. javascript.  In a safe environment, you could only work with a special repository of vetted packages, never the ones straight from internet.

440bx

  • Hero Member
  • *****
  • Posts: 4065
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #12 on: February 29, 2024, 12:16:03 pm »
So Pascal is a lot safer than C.
Generally speaking I agree with that but, every class is a _pointer_ and it is far from uncommon to read about problems programmers have with the freeing of classes.

Your point that Pascal provides mechanisms to avoid pointers is valid but, it also goes out the window because "modern Pascal" rains hidden/disguised pointers onto (unsuspecting) programmers.  It would probably be better to not hide the pointers but, pointers are too scary for many programmers these days therefore we hide them under the class "rug" (it's not a pointer... it's a class... yeah.. right!)
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

paule32

  • Full Member
  • ***
  • Posts: 211
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #13 on: February 29, 2024, 12:24:36 pm »
For me, it is a Hoax.

Because, the Government there had thinking over a Policy that includes, that Uploader's (also not the Person itself that upload Files onto a Web Platform have to Check the Content - but against the lesser Competence Peoples all out there, the AI (artificat Intelligenz) should exists about a Algorythm that check the uploaded Content before it came out to the Public Domain).

Last but not least there are the German Data Policy - what was a loud Laugh for me, as it came out.

And last but not least, the Content off ALL would be checked by the Government's.
Did you know, that some Countries block/filter the Internet so restrictive that the Folk will be sent to the Yesterday Years - like Back To The Future - where we have a silent Circumstances where nothing has Place for new Inovation's.

China, and Russia are such Countries.
I heard, that Russia plan they own Internet, and filter the Content from western Countries.

Each Country have it's own Secret Service - but what should this, when ALL over the World is speaking about Global Player, and Freedom git ?
I know, that it give public Internet Content, that is available to catch, and track the Listener/Visitor's.
This Internet/Web-Sites will be called as Honeypot - you click on it, you would be logged, but you don't came out of this WebSites, because all other Activities will be logged then.

For me personally, I find it good, that such Content exists.
Because (when not), the dark Number of Crime will be not realized anymore by Police, and Government Worker's.

domasz

  • Sr. Member
  • ****
  • Posts: 437
Re: Object Pascal, Memory Safety, the US Whitehouse and future programming
« Reply #14 on: February 29, 2024, 12:39:40 pm »
For me personally, I find it good, that such Content exists.
Because (when not), the dark Number of Crime will be not realized anymore by Police, and Government Worker's.

Not sure I understood you correctly. You want the government to monitor crimes? Are you German?

 

TinyPortal © 2005-2018