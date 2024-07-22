Discover your dream Career
With C++ blamed for CrowdStrike calamity, an ex-DE Shaw researcher has an answer

by Sarah Butcher
9 minutes ago
3 minute read
With C++ blamed for CrowdStrike calamity, an ex-DE Shaw researcher has an answer

What went wrong at CrowdStrike? Aside from an apparently woeful lack of testing before releasing an update to what CrowdStrike itself says were 8.5m devices globally, the issue seems to have been linked to the complexities of C++. 

Engineers across the internet spent the weekend Tweeting opinions like that below, suggesting that CrowdStrike's issue apparently came from a "null pointer" in which a C++ programmer at CrowdStrike accidentally told the program to refer to an invalid region of memory, resulting in the program being aborted by Windows. 

While there is some debate whether this is really what happened (it may have instead been due to a discrepancy between synthetic test data and actual data, for example) the null pointer suggestion has rekindled complaints about C++'s complexity and reinvigorated suggestions that it should really be replaced with Rust, which has a "bulletproof" compiler. Bill Buchanan, a professor of applied cryptography at Edinburgh Napier University noted, for example, that his students have always struggled to understand pointers and that "Overall, C and C++ are often a recipe for disaster for those who are not experienced in understanding how variables are allocated in memory."

This is where Sean Baxter, a former scientific programmer at DE Shaw Research, has a potential answer. Baxter, who spent two years at hedge fund DE Shaw's Research arm and three years at NASA, appears to have spent the past eight years or so working on a method of creating "safe code in C++." Visible here and here, it's called "Circle C++ for memory safety." Baxter says his intention is to create a "superset of C++ with a safe subset" that's as safe as Rust but has "unbeatable interoperability with your existing [C++] code." 

Baxter didn't respond to our attempt to contact him for this article, but he did spend the weekend tweeting about how the implementation of his safe code might have prevented the alleged CrowdStrike problem. 

Bryce Elder, principal architect at NVIDIA and a C++ Library Evolution chair emeritus, seemed to share the perception that C++ was the issue, but Elder said this is only part of the problem: "Adding a borrow checker or similar for C++ or switching to Rust protects code written in the future. But the issue with C++ isn't future code, it's the billions of lines of existing code," Elder observed....

