Perspective Security Beyond Memory Safety Using Modern C++ to Avoid Vulnerabilities by DesignMax Hoffmann Security Beyond Memory Safety CppCon 2024 2 Security Beyond Memory Safety Using Modern C++ to Avoid Beyond Memory Safety CppCon 2024 3 FIFTY SHADES OF SHOOTING YOURSELF IN THE FOOT WITH A RAILGUNMax Hoffmann Security Beyond Memory Safety CppCon 2024 4Max Hoffmann Security Beyond Memory Safety CppCon 2024 Beyond Memory Safety CppCon 2024 6Max Hoffmann Security Beyond Memory Safety CppCon 2024 7Max Hoffmann Security Beyond Memory Safety CppCon 2024 8Max Hoffmann Security Beyond Memory Safety CppCon 2024 9Max

Improving our safety with a quantities and units library The future is here 2CppCon 2024: Improving our safety with a quantities and units library The future is here 3CppCon 2024: Improving our safety with library Me 10 years ago 4CppCon 2024: Improving our safety with a quantities and units library Tactical Flight Computer 5CppCon 2024: Improving our safety with a quantities and units library Tactical Flight safer high-level abstractions in the library CppCon 2024: Improving our safety with a quantities and units library C++ safety 7• Many C++ engineers are expected to write life-critical so�ware today

architect of C++ software solutions for autonomous driving market in Intel Contribution into functional safety MISRA standard Contribution into WG21 in threading, vectorization and numerics. Contribution into mine! You can’t have them. Agenda 1. Current status of C++ safety: MISRA and C++ CG 2. Parallel Safety rules 3. Automotive Safety case Safety Critical API Evolution minimize API surface area , reduce determinism New Generation Safety Critical APIs for Graphics, Compute and Display Industry Need for CPU/GPU Acceleration APIs designed to ease system safety certification Rendering Compute

to safety C++ is getting safer The lifetime safety toolbox What comes next?Memory Safety • Microsoft: 70 percent of all security bugs are memory safety issues | ZDNET • Memory safety (chromium (googleblog.com)Spatial safety Temporal safetySpatial safety Temporal safetySpatial safety Temporal safetySpatial safety Temporal safetySpatial safety Temporal safetySpatial safety • BufferCheck (soon) Fuzzing • Bounds-checked data structures • Checked C, Deputy • -fbounds-safety, buffer hardening Temporal safetySpatial safety • BufferCheck (soon), SAL • ASAN, GWP-ASAN, HWASAN + Fuzzing • Bounds-checked

Pre-exasacaleKHRONOS SAFETY CRITICAL STANDARDS EVOLUTION OpenGL ES 1.0 - 2003 Fixed function graphics OpenGL ES 2.0 - 2007 Programmable Shaders OpenGL SC 1.0 - 2005 Fixed function graphics safety-critical subset 2016 Programmable Shaders Safety-critical subset Vulkan 1.2 - 2020 Explicit Graphics and Compute and Display Vulkan SC 1.0 - 2022 Explicit Graphics, Compute and Display safety-critical subset SYCL 2020 heterogeneous parallel compute programming framework for safety-critical systems Khronos has 20 years experience in standards for safety-critical markets Leveraging proven mainstream standards with

LLVM’s Real-time Safety Revolution Tools for Modern Mission Critical SystemsChris Apple ● 10-year veteran of the audio industry ● Previously Dolby, Roblox, Spatial Inc. ● Currently: layabout David dependencies?What if we had a tool that could simply tell us?A nice tool would… - Assess real-time safety - Detect a wide range of violations - …even from third-party and pre-compiled dependencies - code - Be able to fail a CI pipeline build:linux build:mac build:win build rtsan real-time safety unit:mac unit tests unit:win unit:linux unit:mac:armLLVM 20 1. RealtimeSanitizer 2. Performance

challenges of safety • What is “safety”? • C++ Evolution • with a focus on safety • C++ Core Guidelines • How to write good contemporary C++ • Safety Profiles • How to guarantee safety Stroustrup Stroustrup - C++ safety -CppCon - October 2023 3A cause for concern (not panic) • The overarching software community across the private sector, academia, and the U.S. Government have begun initiatives to drive • NSA: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf Stroustrup - C++ safety -CppCon - October 2023 4To contrast (not a cause for complacency) • February 2023 Headline: C++

Exception Handling When to Use Exceptions (And When Not) How to Use Exceptions The Exception Safety Guarantees How to Write Exception-Safe Code How to Refactor Non-Exception-Safe CodeContent 4 How to Use Exceptions The Exception Safety Guarantees How to Write Exception-Safe Code How to Refactor Non-Exception-Safe CodeWhy Another Talk on Exception Safety? 56 https://wg21.link/p07097 https://wg21 Exception Handling When to Use Exceptions (And When Not) How to Use Exceptions The Exception Safety Guarantees How to Write Exception-Safe Code How to Refactor Non-Exception-Safe CodeHow Do Exceptions

collection. • Focuses on reliability and safety without sacrificing performance. 26 4.2 Benefits of Rust Some unique selling points of Rust: • Compile time memory safety - whole classes of memory bugs are dependency management. • Experience with Java, Go, Python, JavaScript...: You get the same memory safety as in those languages, plus a similar high-level language feeling. In addition you get fast and predictable functional language, it includes a range of functional concepts. 5.2 Variables Rust provides type safety via static typing. Variable bindings are made with let: fn main() { let x: i32 = 10; println!("x:

The Absurdity of Error Handling: Finding a Purpose for Errors in Safety-Critical SYCL Erik Tomusk CppCon 2023 October 5, 2023© 2023 Codeplay Software Ltd. Codeplay Corporate Slide 2© 2023 Codeplay • SYCL is an abstraction layer for running C++ code on accelerators like GPUs • SC stands for safety-critical, not supercomputing • SC is any domain where software can cause substantial harm • More of Safety • Definition of Error Handling • Case Study • Why is this Important? • Is it Really so bad? • What does this mean for SYCL SC? • What does this mean for you? 5Definition of Safety 6©