Delphi and "Use only memory safe languages"

[Die Holländer 45]

Lately, I see many tech blog articles about this statement..

What should I say if my manager ask me "What about Delphi?" 

 

"White House asks programmers to use only memory safe languages
The American Office of the National Cyber Director, in collaboration with the White House,

asks programmers to in principle only use programming languages that are memory safe.

Rust is one of the languages considered suitable, while C and C++ are considered unsafe."

 

press-release-technical-report

BACK TO THE BUILDING BLOCKS

Introduction to memory unsafety for vps of engineering

Edited February 29 by Die Holländer

[Dalija Prasnikar 1396]

Delphi is not memory safe language. But, at the end it all depends on the kind of code you write.

 

 

[Kas Ob. 121]

I have few thoughts on this subject, i mean Rust and its safety because there is so much hype around this accompanied with lot of confusion with terminology.

 

so :

1) By safety, most of the need for Rust is for security breach and counter fighting malicious and buggy code, due the memory safety, so it is not only about memory here, but around abusing the unsafe code that can be manipulated by handled (or arrived) data from untrusted source.

2) This safety concern come from almost from one source boundary checks and type casting (abusing), along with use after free.

3) Delphi is way more safer than C and C++, but when it comes to Rust then it is relatively comparable, and to understand what i mean you need to understand how Rust as language defined and how the compiler handle the code, this is the most important point, and there is many sources over the net explaining this and yet most of them mix terminology or just badly written to target a specific readers, wither too advanced in Rust or don't know if it is subject is the rust on an old power supply.

 

An example of the differences and power of Rust against language like Delphi, in very short and lame way, in Delphi we can declare an array of bytes or TBytes or whatever, something like a list may be, but we can access it by an index, right ? of course right.

That index can be a variable or a constant like MyList[5]. , in Rust you can't do that, you can't declare an open array and you can't access it by a constant or even by any variable, again it is complicated and i am not the best writer

Again, in Delphi we can declare limited length array like ARR: array [0..255] of byte, in rust that is possible and in fact it is almost the only way but it must have a type, so in Delphi we should declare the type of that array then use it in variable like ARR: TMy256ByteArr.

in Rust you can't access this 256 byte array by an integer variable it does need a variable declared as limited one to this very specific array, but in Delphi we can do that too like this (My256Int = 0..255;) and if you to the index of our array with this variable then never can breach the boundaries hence we stayed memory safe as much as Rust, both handled by the compiler, the difference Delphi might warn and might not, RUST will not compile, it will twist your hand to write strongly declared types and stick to them.

This is a glimpse of the difference, and yet it does show how Delphi is comparable in memory safety if and only if the Delphi developer was experienced (as Dalija said) enough to not make such mistakes or ready to write many lines to ensure safety, also Delphi compiler does not help much with warning, as example ..it will eat any integer for an index without a problem and only will offer runtime checks when the boundaries are violated.

Also Delphi doesn't use the stack for instances and this is huge safety on its own.

 

So if you want an pseudo answer for this

1 hour ago, Die Holländer said:

What should I say if my manager ask me "What about Delphi?" 

It is safer then C and C++ and you need to pay more for the extra work to make it comparable to Rust.

But for real most the switching to Rust is due the security not the memory safety per se.

 

Hope that was clear.

[David Heffernan 2345]

5 minutes ago, Kas Ob. said:

Delphi is way more safer than C and C++

No it's not.

 

5 minutes ago, Kas Ob. said:

It is safer then C and C++ and you need to pay more for the extra work to make it comparable to Rust.

But for real most the switching to Rust is due the security not the memory safety per se.

Not really the point if a government agency will only accept work using tools that meet certain criterion. You can either follow the specification and have a chance of getting the work. Or argue about  the specification and be completely ignored. That's just reality.

[Kas Ob. 121]

7 minutes ago, David Heffernan said:

Not really the point if a government agency will only accept work using tools that meet certain criterion. You can either follow the specification and have a chance of getting the work. Or argue about  the specification and be completely ignored. That's just reality.

Agree, and if it is governmental agency then definitely they should use the most relevant and modern technology, in this case this will minimize the risk of faulty, unsafe or unsecure code, by argument above about everyone else non governmental, in software business trying to justify the transition and the cost, the cost is 0 for the tool chain yet the needed experienced developer/programmer in Rust is higher.

 

12 minutes ago, David Heffernan said:

19 minutes ago, Kas Ob. said:

Delphi is way more safer than C and C++

No it's not.

Lets agree to not agree on that, for me, just don't duck with the stack and the stack will not duck with you, is a moto.

[DelphiUdIT 176]

In one of the document they say:

Quote

......... Javascript, Rust, Python, Java, Ruby, and Swift are all examples of memory safe languages .......

Really ? JS is a memory safe languages ? Who exposed this ...

You can use a variable before declared ("hoisting") ... this is safe memory language ?

Edited February 29 by DelphiUdIT

[David Heffernan 2345]

1 hour ago, Kas Ob. said:

Lets agree to not agree on that, for me, just don't duck with the stack and the stack will not duck with you, is a moto.

Just let me know what you can do with C++ that you can't do with Delphi, in terms of safety 

[Der schöne Günther 316]

Can't add to "How does this compare to Delphi" but here's three interesting standpoints why companies have come to enjoy the memory safety of Rust:

 

Mozilla

Quote

Due to the overlap between memory safety violations and security-related bugs, we can say that Rust code should result in fewer critical CVEs (Common Vulnerabilities and Exposures). However, even Rust is not foolproof. Developers still need to be aware of correctness bugs and data leakage attacks. Code review, testing, and fuzzing still remain essential for maintaining secure libraries.

Source: Implications of Rewriting a Browser Component in Rust - Mozilla Hacks - the Web developer blog

 

Microsoft

Quote

As we’ve seen, roughly 70% of the security issues that the MSRC assigns a CVE to are memory safety issues. This means that if that software had been written in Rust, 70% of these security issues would most likely have been eliminated.

Source: Why Rust for safe systems programming | MSRC Blog | Microsoft Security Response Center

 

Google

Quote

To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.

We don’t expect that number to stay zero forever, but given the volume of new Rust code across two Android releases, and the security-sensitive components where it’s being used, it’s a significant result. It demonstrates that Rust is fulfilling its intended purpose of preventing Android’s most common source of vulnerabilities

Source: Google Online Security Blog: Memory Safe Languages in Android 13 (googleblog.com)

[Rollo62 536]

4 hours ago, Die Holländer said:

What should I say if my manager ask me "What about Delphi?"

Regarding the search for arguments:

I would not rely on language alone, but I always consider the libraries and frameworks built on this language too.

Maybe it is a vague argument, that the language + libraries = can be ( more or less ) memory safe?

 

What I mean by this, is to embrace the use of smart-pointers and forbid to use POC, by help of all possible external tools, strict guides and library tricks.

Yes, the underlying language alone is not memory safe and can be forced to fail,

but the whole ecosystem could have a degree's higher memory safety index, IMHO, if the libraries are structured well.

 

I did something like this centuries ago, as a kind of simple script language for machine control, which was based on C++ and its wonderful pre-processor.

The language could be abused, but the functionality offered by the core library would enforce a higher level of safety than plain C++ alone.

Would that be something workable for Delphi too, at least to get it half-way memory safe?

 

 

 

[Kas Ob. 121]

1 hour ago, David Heffernan said:

Just let me know what you can do with C++ that you can't do with Delphi, in terms of safety 

Nothing, literally there is nothing !

 

But the point still stand C and C++ can so the same as Rust, as there is nothing Rust do and C++ can't, with that in mind and there is already a measure or standard that distinguish between Rust and C++ then Delphi has a place on that scale and it is closer to Rust than C++.

 

It is all about semantics and investing time, where the language and compiler force the developer or prevent him from shortcuts or mistakes.

[Pat Foley 51]

Just a shake down by the government.  Consider the Tik-Tok uproar last year. The Tik-Tok lobbyists silenced the talk by talking to the complainers and voila Tik-Tok is good. If you want your stuff used get a good lobbyist!  

[Rollo62 536]

1 hour ago, Pat Foley said:

Just a shake down by the government.  Consider the Tik-Tok uproar last year. The Tik-Tok lobbyists silenced the talk by talking to the complainers and voila Tik-Tok is good. If you want your stuff used get a good lobbyist!  

However, I now see things completely differently. I have to deal with EU compliance rules for various products and see new rules and regulations being pushed through almost daily, regardless of the consequences.
This is not about lobbying, but entire industries are being dismantled for an ideological agenda.
This whole agenda is being driven by the USA as a pioneer and when someone there coughs up a new regulation, I already take the whole thing very seriously and prepare myself for the worst.

 

Edited February 29 by Rollo62

[David Heffernan 2345]

What's pretty astonishing is that the NSA thinks that Delphi is memory safe!  See White House urges developers to avoid C and C++, use 'memory-safe' programming languages | Tom's Hardware (tomshardware.com)

 

I guess the NSA don't know anything about Delphi.

obj := TObject.Create;
obj.Free;
obj.Free;

Take that, NSA!

[Rollo62 536]

7 minutes ago, David Heffernan said:

What's pretty astonishing is that the NSA thinks that Delphi is memory safe!

Perhaps because of the myth and the old tale from days long gone about the high type safety level of Delphi and the banishment of pointers in that language.

[JonRobertson 72]

4 hours ago, David Heffernan said:

I guess the NSA don't know anything about Delphi.

Or US-CERT advisories from DHS.  The advisory below may be 9 years old, but the Delphi language/RTL/VCL is as memory safe today as it was then. Possibly less safe.

 

https://www.coresecurity.com/core-labs/advisories/delphi-and-c-builder-vcl-library-heap-buffer-overflow

[Brian Evans 105]

They certainly added to the list between the 2022 and 2023 / 1.1 revision of the report.  

 

2022: Examples of memory safe language include C#, Go, Java®, Ruby™, Rust®, and Swift®

2023: Examples of memory safe language include Python®, Java®, C#, Go, Delphi/Object Pascal, Swift®, Ruby™, Rust®, and Ada.

 

CSI_SOFTWARE_MEMORY_SAFETY.PDF (defense.gov)

CSI_SOFTWARE_MEMORY_SAFETY_V1.1.PDF (defense.gov). 

[Rollo62 536]

Ok, psssst, please don't complain so much

[Lars Fosdal 1792]

On 3/1/2024 at 11:31 AM, David Heffernan said:

obj := TObject.Create; obj.Free; obj.Free;

That feels almost like you're advocating the use of FreeAndNil 😄

[David Heffernan 2345]

59 minutes ago, Lars Fosdal said:

That feels almost like you're advocating the use of FreeAndNil 😄

That doesn't help if you have multiple variables that refer to the same instance which I guess is a more likely scenario for double free.

[Der schöne Günther 316]

For those interested, here is the very recent

 

Secure by Design: Google's Perspective on Memory Safety (research.google) (March, 4th)

[Kas Ob. 121]

3 hours ago, Der schöne Günther said:

Secure by Design: Google's Perspective on Memory Safety (research.google) (March, 4th)

Thank you for sharing !

This is yet the best reading i came across about Memory Safety.

[Sherlock 663]

Now there's something the folks over at Embarcadero can aspire to. Imagine built in memory safety in Delphi.

[Cristian Peța 103]

Linux and Windows sources are C, C++, Assembly....

[Sherlock 663]

4 minutes ago, Cristian Peța said:

Linux and Windows sources are C, C++, Assembly....

And we cry about the issues because of that almost every day...at least if we are at all concerned with security.

[Dalija Prasnikar 1396]

46 minutes ago, Sherlock said:

Now there's something the folks over at Embarcadero can aspire to. Imagine built in memory safety in Delphi.

I hate to be the one saying this... but ARC compiler was a step in that direction. You cannot have memory safety without automatic memory management.