The Notorious B.U.G. - The Most Popular Bugs and Code Smells in C and C++

Speaker: Philipp Dominik Schubert

Audience level: [ Beginner | Intermediate ]

The C and C++ programming languages are often regarded as particularly error-prone. The US President’s administration recently recommended avoiding using memory-unsafe languages such as C and C++. But to what extent does this recommendation also apply to modern, contemporary C++?

This talk presents the "most popular" bugs and code smells observed in real-world C and C++ software projects that can be detected statically, i.e., without the need for executing the program. The data and statistics used to create this list of "most popular" bugs will be drawn from one of Sonar's databases. The talk also showcases a few of the most unpleasant footguns that cannot be detected statically. These are drawn from the speaker's experience developing program analyzers for/in C++. For each type of bug, the talk presents how to mitigate or even avoid it using C++ best practices as well as additional tooling, if necessary.

The goal of this talk is to provide a comprehensive overview of what to watch out for to prevent the most common bugs and how to develop high-quality and secure software in C++. This not only saves unnecessary, extensive debugging sessions but also spares developers' nerves. Perhaps this talk will also convince a few C programmers to try C++, a difficult endeavor in general.