Is IoT a Reason To Learn C?

itwbennett writes: Whether or not beginning programmers should learn C is a question that has been roundly debated on Slashdot and elsewhere. The general consensus seems to be that learning it will make you a better programmer -- and it looks good on your resume. But now there might be another reason to learn C: the rapid growth of the internet of things (IoT) could cause a spike in demand for C skills, according to Gartner analyst Mark Driver. "For traditional workloads there is no need to be counting the bytes like there used to be. But when it comes to IoT applications there is that need once again..."

A damn good reason to learn security best practice

[haruchai]

and I not sure learning C will help much with that.

Re:A damn good reason to learn security best pract

[bug1]

C was invented as portable assembly IIRC. If you cant sort out a buffer overflow then dont call yourself a programmer.

Real programmers see their job as making the computers job easy, not the other way around.

Learn C for advanced security, not for basics

[raymorris]

Career network security programmer here.

Absolutely of you're programming a device that connects to the internet, you should understand a bit about security and have a security mindset. If your device won't get regular updates, this is even more true.

Where does C fit in? It's unnecessary, if you just want to learn basic security best practices.

If you want to really understand how exploits work, and some advanced protections, you need to understand how your program and your data are arranged in memory, what actually happens in the hardware to when your asynchronous timer goes off, etc. For that, C is the language to learn. Java programmers know how to use Java. C programmers know how Java works, internally. The bad guys writing exploits are (typically) C programmers, they can defeat your PHP or Python program because they know how PHP and Python work internally.

You've always used languages with automatic garbage collection, so you mostly don't have to worry about freeing memory after you use it? Great. You don't know how and when memory is freed, and what happens when a hacker exploits a "use after free" to execute code that he's put into the variable you think no longer exists.

To be clear, I'm not saying that people need to *use* C to write secure software. I'm saying that if you *learn* C, you'll learn a lot that applies to advanced security knowledge in any language. Higher level languages are most commonly written in C; if you know how things are done in C you'll understand what your high-level language is doing behind the scenes. You'll understand your Ruby software much better if you understand how the same program works in C.

Re: Learn C for advanced security, not for basics

[AaronW]

I agree. I write bootloaders for multi-core 64-bit processors. I've mostly been working on MIPS. C is very easy to get running. In one of my bootloaders which boots off of a SD card or eMMC chip all of the assembly code fits inside the 512-byte boot sector, and that includes the partition table and some UART functions because I had extra space. Most code is written in C. The C compiler does close to hand-tuned assembly code in terms of code density and the compiler often makes decisions that only a well seasoned assembly programmer would think of. C code provides a lot of flexibility but it also keeps the overhead to a minimum. You know exactly what the code will do. There is no hidden garbage collection or anything else. A pointer is just that, an actual address. You can easily convert them to an unsigned long or other numerical representation. You can also easily do things like have bitfields that map directly to hardware registers.

On the processors I work with we have scripts that parse the hardware design and generate bitfields and addresses for all of the hardware registers (and there are many thousands of them on the chips I work with). C is the language to use when you want to get down and dirty with the hardware. On top of that, with gcc and many other compilers it is easy to incorporate inline assembly where needed since there are instructions and things that the compiler will not know how to properly deal with. It's also easy to call C code from assembly or assembly code from C.

Working down at the hardware level you have to know what the language is doing and C does this very well and has all the constructs to do this. For example, the volatile keyword is perfect for mapping a pointer to a memory-mapped hardware register since that tells the compiler that the value can change at any time and not to cache it.

That's not to say that other languages can't also be used. At one point I worked on a large (100K lines of code) kernel-level device driver that was written almost entirely in C++. There was a huge amount of work that was needed to make it work. The drawback was that only one particular version of the Watcom compiler could be used. It had to be 10.1b (I don't remember the exact version but it was 10 something b). Revision C could not be used. There was all sorts of magic that had to be implemented in order to support some of the memory magic that went on due to C++. This was also before exceptions. While the driver worked great and was easy to maintain once all the magic had been implemented, it also required a lot more skill to work with compared to C since one had to know all the caveats involved.

From my initial reading of Rust, it would have major problems due to the way it deals with pointers. If the language is holding your hand to be "memory safe" then there's a good chance it won't work well when dealing with low-level stuff.

Another advantage of C is that there is minimal overhead. C isn't going to do crap behind the scenes. If you assign an array it's just a block of indexed memory with minimal overhead.

Things like pointer arithmetic and typecasting are extremely useful. I can't count the number of times I need to map between a pointer and a unsigned long (or unsigned long long) and it's easy to switch between them.

Features like the volatile keyword in C are extremely useful, and most higher-level languages don't support that (C++ does). Java and C# have the keyword but it doesn't mean the same thing. In C one can also implement things like read and write barriers which are needed for drivers that talk to the hardware.

Re:A damn good reason to learn security best pract

[Opportunist]

Real programmers? As compared to the untrue Scotsman?

Look around you and see what doubles as "programmer" today. Ask them how a stack overflow happens and why that is a problem. If I get a buck from you every time you get a blank stare and you get ten from me every time you get a sensible answer, your house belongs to me before the week is out.

Re:A damn good reason to learn security best pract

[ShooterNeo]

I do embedded C programming. With this said, I don't think that improvements to the tools are impossible - sure, I have to prevent buffer overflows myself at the present time - but it doesn't have to be this way. The key thing about embedded programming is that hardware designers are lazy. They want to do the least amount of work possible. So instead of making their hardware easy to program, they like to make it in a way that is easiest to them. So every data sheet contains all kinds of special exceptions to the rules that you the programmer have to take into account. And instead of supporting some fancy, easy to program in language, they do the minimum amount of work to make a C compiler work. (it's really minimal - you only need to map a few base instructions to opcodes on the hardware and you can bootstrap the C compiler).

One major issue is while every microcontroller or DSP generally has roughly the same stuff - various ports that do the same thing, the MAC instruction, usually a von Neuman architecture, usually interrupts and DMA - you basically have to scrape the datasheet for weeks to do something you've done before on a different microcontroller.

Re:A damn good reason to learn security best pract

[Darinbob]

Most buffer overflows weren't necessarily because of being sloppy in the original code, but because the code was copied so readily. Someone has a simple routine without all the necessary checks because it's not being used for anything very important, software that doesn't need to be secure, it's a one-off utility (maybe it converts postscript to PCL). Then someone copies that routine into another program, makes that a set-uid program, and poof you've got a security hole. First programmer says "it was not intended to be re-used", second programmer says "re-inventing the wheel is foolish!", and they blame each other.

No. IoT is a fad. ...

[Qbertino]

... Embedded is a reason to learn C though. And embedded and IoT do have some intersection/overlap. But I IoT itself is mostly a fad involving the slapping together of unsafe preconfection microlinuxes with unsafe overkill websevers/port 80 stuff and adding that to toasters and stuff that really don't need it and won't be used more than ~3 times unless by some bored teenagers wgo wants to screw up your homes heating or AC by surfing on shodan for some lonb forgotten default access to said IoT trinkets.

Bottom line:
You shouldn't do anything because of IoT unless it,s avoiding it like the plague (unless you're a hacker that is). OTOH If you want to learn embedded, C with assembler for the basics is the way to go.

Good luck.

Re:JavaScript ... and maybe Python

[LordWabbit2]

Good god, just learn C instead of trying to force javascript into everything. It's like my wife trying to drive a nail into a wall with her high heel shoe. Sure, it would probably work eventually, but the right tool for the job is right there in the toolbox. Use it. Step outside your little javascript box and learn something new.

Re:Arduino uses C++, Pi uses Linux

[AaronW]

I work at a company that makes chips for IoT, though in this case the chips are targeted at things like routers, switches, network security appliances and highly intelligent network cards. While C++ is supported, all of the stuff I work on is C. Our SDK is C. All of the vendor SDKs I've come across for dealing with different devices are written in C. Interfacing to C is fairly simple and well understood compared to introducing C++ in an embedded environment. Now the environment I deal with is either the Linux kernel or lower, usually lower since I work with bare metal most of the time.

C is used for a number of reasons.
1. The generated code is quite fast and fairly compact. With my experience with MIPS the output of the compiler is pretty close to hand-tuned assembly in most cases.
2. It's easy to deal with hardware registers in C. Hardware registers can be defined by volatile bitfields so a simple pointer can be used to access them.
3. There is no unintended overhead or hidden behavior. With C it is very much what you see is what you get. It doesn't do stuff under the covers.
4. Memory mapping data structures and things like that are very easy in C.
5. One is not dependent on things like a certain standard library. The amount of code needed for basic C support is fairly minimal. All you really need is a stack. I have plenty of code that does not have a heap.
6. Things like interrupt handlers are fairly trivial to code in C.
7. One can do interesting things using the linker with C code that are not really possible with most other languages. For example, I can easily link my code to execute at a particular address and generate a binary without any elf headers or any other cruft and there are interesting things that can be done with linker scripts.
8. There is no unexpected overhead due to the language. There is no background garbage collection that can run at some inopportune time. There's no extra code to do bounds or pointer checking to slow down the code or even get in the way.
9. Generally it is pretty easy to move between different versions of the toolchain. C generally doesn't change much.
10. C seems to resist bloat better than other languages, in part because it does exactly what you tell it to and nothing more.

Much of this can apply to C++ as well, though C++ requires a lot more overhead in order to properly support it due to some of the language features and C++ can hide certain things if you aren't careful.

That's not to say that things can't be written in high-level languages. There is plenty of flexibility once you get to something like a Raspberry Pi user-space program.

Arduino uses a subset of C++ but it's such a small subset that it might as well be C.

I write this as someone who has been writing embedded C code and assembly (98% C) for the last 20 years, though I have also worked on a few C++ projects as well. Most of this was device drivers, Vx Works, bootloaders (U-Boot and custom), bare metal applications and SDKs (dealing with high speed networking, 1, 2.5, 5, 10, 25 and 40Gbps) and some Linux kernel work and Arduino. I've worked with a variety of different CPU architectures (Intel, MIPS, ARM, PowerPC and more) including one that ran a functional programming language natively in hardware (the processor was physically incapable of running C code).

Re:Until

[Joce640k]

Right, but it's shitty for the programmer to manage it manually, isn't it?

Not as shitty as having to guess when Java will close the file you just wrote (eg. so you can copy it to a USB stick).

Resource management is much more than RAM, it's files, network connections, etc. Garbage collectors handle RAM OK but they're really really crap for everything else. In reality languages like Java need just as much manual resource management as C.

The only language which really doesn't need manual work is C++. C++ has stack unwinding. C++ frees resources immediately when objects go out of scope, not when some garbage collector decides to wake up (which might be "never" - your file might _never_ close unless you quit the program).

Re:Until

[Megane]

The trick to using C++ in embedded is to throw away stuff like the STL that depends on memory allocation, and the ivory-tower stunt crap like iostreams. Even templates are generally bad because they cause code size to explode by compiling a new version of each method for every class that uses them.

Basically, do what mbed does and use it as "C with classes". If you declare global objects for each I/O device, the class declaration then becomes an API for the device, and the object hides all the internal state. The operational details of it can be rewritten for a similar kind of device, without changing the code that uses it. If you do things right, you might even save some bytes. C++'s inlining of method calls when there is no ambiguity also contributes to the efficiency. It is also much easier to use virtual methods than to deal with the twisty function pointer syntax in C, plus you only get one set of virtual function pointers generated per class in the vtable, and can't use the wrong function pointers by accident.