Slides:
https://github.com/boostcon/cppnow_presentations_2017/blob/master/05-19-2017_friday/locally_atomic_capabilities_and_how_to_count_them__lisa_lippincott__cppnow_05-19-2017.pdfVideo:
https://www.youtube.com/watch?v=iNgXW09G7SQWhen we write a program, we imagine that each function should only exercise certain local capabilities — for example, that it should only examine or alter certain objects, and that other objects are reserved to other parts of the program.
But when we execute a program, these restrictions are largely unenforced. If any part of a program may exercise a capability, all parts may, and the accidental (or malicious) use of a non-local capability is at the heart of many bugs.
In this talk, I will examine the nature of capabilities; show how a notation for function interfaces can express the flow of capabilities between functions; define correct usage of capabilities; and present a way to instrument a function’s neighborhood or an individual translation unit to test the correct local usage of capabilities.
This talk continues the examination of program correctness in “How we reason about procedural programs” (C++Now 2015) and “What is the basic interface?” (C++Now 2016, CppCon 2016), but is intended to be accessible to people unfamiliar with that material.