We often need to store private data in programs, for example passwords, secret keys, and their derivatives, and we usually need to clear their traces in the memory after using them so that a potential intruder can’t gain access to these data. In this article we will discuss why you can’t clear private data using memset() function.
Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed for smartphones, tablets, smart TVs, smart watches, cameras and PCs.
Once one of our colleagues left the team and joined one company developing software for embedded systems. There is nothing extraordinary about it: in every firm people come and go, all the time. Their choice is determined by bonuses offered, the convenience aspect, and personal preferences. What we find interesting is quite another thing. Our ex-colleague is sincerely worried about the quality of the code he deals with in his new job. And that has resulted in us writing a joint article. You see, once you have figured out what static analysis is all about, you just don’t feel like settling for “simply programming”.
Sometimes it seems that things have gone relatively quiet on the year-2038 front. But time keeps moving forward, and the point in early 2038 when 32-bit time_t values can no longer represent times correctly is now less than 21 years away. That may seem like a long time, but the relatively long life cycle of many embedded systems means that some systems deployed today will still be in service when that deadline hits. One of the developers leading the effort to address this problem is Arnd Bergmann; at Linaro Connect 2017 he gave an update on where that work stands.
In this article, I’ll try to assess the current situation concerning static analysis of C/C++ code. This study has a slightly philosophical character and in no way claims to be absolutely complete and objective. There also won’t be any discussions of which analyzer is better. Such comparisons are usually a pointless action: there will always be people who disagree with the chosen methodology or suspect the researcher in being biased. To do the research, I’ll try to take the list of popular contemporary analyzers of C/C++ code (for example, from Wikipedia) and understand, which tools don’t already fit there and if there is a need to add something there.
Modern programmers live in a very special period of time, when the software is penetrating into literally all spheres of human life and is installed on a numerous amount of devices that are a part of our every day life. Nobody is surprised by software in the fridges, watches and coffee-machines. However, the dependence of people on the smart technology is also growing. The inevitable consequence: the reliability of the software becomes priority number 1. It’s hard to scare someone with a freaked out coffee-maker, although it can bring a lot of harm (liters of boiling coffee flowing on your white marble countertop…). But the thought of growing requirements for the quality of software is really important, that’s why let’s talk about errors in the code that led to significant waste of time and money.
Back in 2005, with the release of C# 2.0 standard we got a possibility to pass a variable to the body of an anonymous delegate by capturing it from the current context. In 2008 the C# 3.0 brought us lambdas, user anonymous classes, LINQ requests and much more. Now it January, 2017 and the majority of C# developers are looking forward to the release of the C# 7.0 standard that should provide us a bunch of new useful features. However, there are still old features that need to be fixed. That’s why there are plenty of ways to shoot yourself in the foot. Today we are going to speak about one of them, and it is related with quite an unobvious mechanism of variable capture in the body of anonymous functions in C#.
