A short report from code::dive 2017

Author:Wojciech Muła
Added on:2017-11-26

Code::dive 2017 was a free conference held in Wrocław, Poland. The conference was organized and sponsored by Nokia Poland. The fourth edition took two days (14-15 November), it was in a huge cinema near the city center. There were five sessions, in each session one could choose from four lectures. In total 40 talks in two days, awesome.

The organization was great, as always. The only downside was a pretty big queue to the registration on the first day. Otherwise it was perfect; there were even free snacks and water.

I attended following talks:

FPGA for a software developer

It was one of my favourite talks. Miodrag presented an architecture of typical FPGA, he also showed a number of open source tools that enables us to play with FPGAs. He also got through core parts of Verilog, using as an example a simple 8-bit CPU. The CPU has a fully functional design -- it has got an ALU, a control unit; it was able to decode variable-length opcodes and execute them. At the end the speaker run a sample program on the CPU realized on a real, cheap FPGA hardware. Wow!

Although I have already known some bits of FPGA and Verilog, the presentation gave me a grasp of the whole stack needed to use the programmable arrays in practice.

Concurrency in Rust

Because I don't know Rust, I was keen on seeing the talk. I learnt that Rust can precisely track the ownership and lifetime of values and thanks to that many C++-specific problems (like read-after-free) are ridden off. To my surprise Rust doesn't support threads. All multithreading work is done by third-part libraries. Due to the ownership tracking, a multithread code is hard to misuse. Libraries won't allow to use shared values, which otherwise would be the root of many problems.

The existing libraries are pretty rich; for instance, they support fork-join pattern, as well as well-known primitives, like condition variables and mutexes. The latter might make program unsafe, as wrongly used mutexes may lead to deadlocks.

C++17 and beyond

It was a review of new features introduced in C++17 and C++20. The speaker described in details three upcoming changes from C++17.

The first one is std::string_view, a really nice std::string-compatible wrapper for any string data. The only disadvantage of this class is not tracking lifetime of the underlying data, thus a string_view might be dangerous when we forget about that trait.

The second feature is possibility of override a dot operator. Yes, it's not a mistake. The dot operator. It allows to provide wrappers that are transparent for programmer, i.e. no extra code is needed to properly use such wrapper; it's spelled as a normal value. My first impression: it's a wolf in sheep's clothing. I can't imagine how a programmer would easily reason about the code.

The last feature is the nicest one: constexpr if. This makes possible to get rid off all this utterly unreadable SFINAE crap and replace with explicit conditions that are executed in compile-time. I'm grateful for this change.

Architecture is (not) everything

I didn't like this presentation. To be honest the whole talk could be squeezed into a single statement: mind that you, a programmer, don't work in void, the result of your work would be used by somebody.

Interconnection security -- SS7 and Diameter

The best presentation I saw on all code::dives I attended. Silke described the current state of the network which interconnects mobile networks; now there are around 800 networks. The bad news is there's no security build in. Would you like to fake a SMS? Not a big deal. Would you like to grab some private keys? No problem, they're send in plain text. Would you like to locate a cellphone? You're welcome! Approximately 1% of network traffic looks suspiciously.

Moreover, entry points to the network, either hardware equipment or APIs, are available on the black markets; not to mention that governments and special forces has open access to that network. As Silke said, attacks on the interconnection network are getting similar to attacks on traditional networks.

My conclusion is that we should be worried. The Internet is well known. All its users, even non-technician, are less or more aware of the dangers come from the net. The mobile network has even more users, and they (we!) are basically unaware of technical details and perils.

The better parts

A nice show of the creator of JSON. He tried to convince people that Javascript used properly is not as bad as it's commonly believed.

For me the most interesting part was presentation of a new format for decimal floating point numbers -- more details on dec64.com. I like it very much, the format nicely includes integers into the representation. If broadly accepted, it would solve a great deal of problems that people encounter in practice.

Striving for ultimate low latency

I enjoyed the talk! The speaker, who works in a trading company, showed several ways and solutions to achieve low latency C++ code. For instance he showed how factoring out a rarely called branch into a separate function speed up the code (due to reducing use of the instruction cache size). The well known godbolt.org was used to show how complicated and time consuming std::shared_ptr is; and how cheap std::unique_ptr is.

I really like Mateusz's call for measuring things. He said his predictions about the performance are almost always wrong. Welcome to the club!

Go: Optimizing for correctness

I don't know Go very well, just read this and that about the language, even though I enjoyed the talk. It was a really nice presentation of tools and builtin facilities that allow to profile both the CPU and memory usage of a go program. William made a live-coding session, where he showed how to use different utilities to track down performance and heap problems. He also showed that one can extend own application with hooks that can report the current measurements, through REST API, I guess. I didn't get well that part.

A story of 3 CCTV cameras - a story of 3 admins

In the Polish comedy "Va Bank", a seasoned robber opens a safe and his friend asks him:

--- Wow, how have you opened it?

--- You should have payed attention.

This presentation was like this. The speaker showed that he cracked three different CCTV cameras. However, when it came to details, his answers was like "I know where to seek for because I'm experienced" or "can't give more details". It was awful.

An important take away from this talk is that producers of pretty expansive devices don't care too much about security.

Introduction to Rust

The funny fact is that this talk was given in the last session on the last day.

I saw the previous Alex's presentation about concurrency in Rust; some information was repeated here. From this presentation I learnt that although Rust is advertised as a "safe language", it has unsafe parts. Unsafe is the language keyword, and such an unsafe block of code may be full of dragons. In the real-world case of Firefox there is around 30% unsafe code (if I remember the number correctly).

It was also said that thanks to Rust it was possible to build a concurrent CSS parser for Firefox. According to Alex, C++ somehow prevented programmers from this. However, I didn't get what these reasons were. I would love to learn more details about the problems imposed by C++.