Home » Blog

Blog

CopperSpice: Declarations Gone Wrong -- Copperspice

By Ansel Sermersheim | Apr 26, 2024 12:39 PM | Tags: None

New video on the CopperSpice YouTube Channel:

Declarations Gone Wrong

by Barbara Geller and Ansel Sermersheim

About the video:

A new C++ video has been uploaded to our YouTube channel about how declarations work and what happens when they go wrong.

Do you know which part of a declaration is the declarator? How about what can happen with multiple variables in one declaration statement? Let us entertain you with the surprising details, including some most programmers have never seen or considered.

Please take a look and remember to subscribe.

Embedding (and Extracting) DLLs into EXEs as Binary Resources -- Giovanni Dicanio

By Giovanni Dicanio | Apr 26, 2024 12:38 PM | Tags: None

Windows EXE files can contain resources, including binary resources. In particular, you can embedd one or more DLLs into an EXE, and then extract them at run-time. Let's learn more about that in the following article:

Embedding (and Extracting) Binary Files like DLLs into an EXE as Resources

by Giovanni Dicanio

From the article:

A Windows .EXE executable file can contain binary resources, which are basically arbitrary binary data embedded in the file.

In particular, it’s possible to embed one or more DLLs as binary resources into an EXE. In this article, I’ll first show you how to embed a DLL as a binary resource into an EXE using the Visual Studio IDE; then, you’ll learn how to access that binary resource data using proper Windows API calls.

(...)

Once you have embedded a binary resource, like a DLL, into your EXE, you can access the resource’s binary data using some specific Windows APIs. (...)

The above “API dance” can be translated into the following C++ code: (...)

I uploaded on GitHub a C++ demo code that extracts a DLL embedded as a resource in the EXE, and, for testing purposes, invokes a function exported from the extracted DLL.

Looking for Pointers: The C++ Memory Safety Debate -- John Farrier

By John Farrier | Apr 26, 2024 12:37 PM | Tags: None

From the White House to the NSA to Bjarne Stroustrup has an opinion on C++ and Memory Safety.  Let's examine this from a historical context and see where this debate may lead.

Looking for Pointers: The C++ Memory Safety Debate

by John Farrier

From the article:

The dialogue around C++ and memory safety has intensified following recent evaluations by authoritative bodies. The White House’s Office of the National Cyber Director issued a compelling call for a pivot toward memory-safe programming languages. This stance is predicated on a history of cyber vulnerabilities linked to memory safety issues, influencing national security and the broader digital ecosystem’s integrity.

This debate takes place against a backdrop of historical precedence, technological evolution, and a reevaluation of programming language safety standards, underscoring the need for a nuanced understanding of memory safety within the context of C++.

When and How Variables are Initialized? - Part 2 -- Sandor Dargo

By Blog Staff | Apr 22, 2024 12:39 PM | Tags: None

SANDOR_DARGO_ROUND.JPGDuring the last two weeks, we saw a bug related to uninitialized values and undefined behaviour, we listed the different kinds of initializations in C++ and we started to more detailed discovery with copy-initialization. This week, we continue this discovery with direct-, list- and aggregate-initialization.

When and How Variables are Initialized? - Part 2

by Sandor Dargo

From the article:

Direct-initialization initializes an object from an explicit set of constructor arguments. Different syntaxes invoke direct initialization such as T object(<at least one arg>);T(<at least one arg>); or new T(<at least one arg>); but it might also happen when you use curly braces (T object{oneArg};). Additional use cases are static casts, constructor initializer lists and values taken by value in lambda captures.

While at first glance this might obvious there are some catches.

Take this expression: T object{ arg };. In this case, object is directly initialized only if it’s a non-class type, otherwise, we talk about list-initialization. But if you use the parentheses syntax (T object(arg) then there is no such distinction between class and non-class types, in both cases, direct-initialization is performed. Also, T object{ arg1, arg2 }; would never be direct-initialized, that’s always an aggregate-initialization.

In the expression [arg]() {}, the generated lambda members will not be copy-initialized, but they will be directly initialized.

Overload 180: C++ Safety, In Context -- Herb Sutter

By Blog Staff | Apr 18, 2024 09:21 AM | Tags: None

Overload180-Sutter.pngThe safety of C++ has become a hot topic recently. Herb Sutter discusses the language’s current problems and potential solutions.

Overload 180: C++ Safety, In Context

by Herb Sutter

From the article:

We must make our software infrastructure more secure against the rise in cyberattacks (such as on power grids, hospitals, and banks), and safer against accidental failures with the increased use of software in life-critical systems (such as autonomous vehicles and autonomous weapons).

The past two years in particular have seen extra attention on programming language safety as a way to help build more-secure and -safe software; on the real benefits of memory-safe languages (MSLs); and that C and C++ language safety needs to improve – I agree.

But there have been misconceptions, too, including focusing too narrowly on programming language safety as our industry’s primary security and safety problem – it isn’t. Many of the most damaging recent security breaches happened to code written in MSLs (e.g., Log4j [CISA-1]) or had nothing to do with programming languages (e.g., Kubernetes Secrets stored on public GitHub repos [Kadkoda23]).

In that context, I’ll focus on C++ and try to:

  • highlight what needs attention (what C++’s problem is), and how we can get there by building on solutions already underway;
  • address some common misconceptions (what C++’s problem isn’t), including practical considerations of MSLs; and
  • leave a call to action for programmers using all languages.

tl;dr: I don’t want C++ to limit what I can express efficiently. I just want C++ to let me enforce our already-well-known safety rules and best practices by default, and make me opt out explicitly if that’s what I want. Then I can still use fully modern C++… just nicer.

Let’s dig in.

Results summary: 2024 Annual C++ Developer Survey "Lite"

By Blog Staff | Apr 11, 2024 08:44 PM | Tags: None

Over the past week, we ran our 2024 annual global C++ developer surveyThank you to everyone who responded. As promised, here is a summary of the results:

CppDevSurvey-2024-summary.pdf

The results have now been forwarded to the C++ standards committee to help inform C++ evolution. Your feedback will be very helpful, and thank you again for your participation! Stay safe, everyone.

Update to add note: We discovered after the survey went live that SurveyMonkey has started rejecting responses from some countries. They did not notify us this was going to happen, and it means we don't have responses this year from countries that were included in all previous years. We'll look into fixing that for next year because we do want to hear from all C++ programmers worldwide.