Blog

Checking a Header-Only C++ Library Collection (awesome-hpp)

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better.

Checking a Header-Only C++ Library Collection (awesome-hpp)

by Andrey Karpov

From the article:

A note for library developers. You can use PVS-Studio to check open-source projects for free. To get a free license to use with your open-source project, please fill in this form.

17 Smaller but Handy C++17 Features--Bartlomiej Filipek

Did you know about them?

17 Smaller but Handy C++17 Features

by Bartlomiej Filipek

From the article:

When you see an article about new C++ features, most of the time you’ll have a description of major elements. Looking at C++17, there are a lot of posts (including articles from this blog) about structured bindings, filesystem, parallel algorithms, if constexpr, std::optional, std::variant… and other prominent C++17 additions.

But how about some smaller parts? Library or language improvements that didn’t require decades to standardise or violent “battles” at the ISO meetings.

In this article, I’ll show you 17 (plus a few extra!) smaller C++17 things that will improve your code...

More and More Utilities in C++20--Rainer Grimm

Small but usefull things.

More and More Utilities in C++20

by Rainer Grimm

From the article:

Today, I present a few utilities for calculating the midpoint of two values, check if a std::string starts or ends with a substring, and create callables with std::bind_front. These little utilities may not seem so little when you need them...

Lay a strong foundation by writing secure C and C++ utilities

*nix systems assume you know what you're doing - even if you're doing something silly or dangerous. That's why you need to take extra precautions if you expect your code to be run as a privileged process.

Lay a strong foundation by writing secure C and C++ utilities

by G. Ann Campbell

From the article:

Libraries and system utilities form the foundations on which larger projects are built. So it's critical to make sure they, in particular, are secure. That's why we recently introduced five new rules for C++ and C to detect broken authentication and access control in *nix systems. The new rules fall into three categories: account validity, granting permissions, and changing directories.

SonarLint for Visual Studio adds secondary locations

The latest release of SonarLint for Visual Studio adds secondary locations to help you better understand the issues it raises in your C++ code. SonarLint is a free static analysis extension installable from the Visual Studio Marketplace. 

Visualizing issues with secondary locations

By Duncan Pocklington

From the article: 

All SonarLint issues specify a location in the code showing where the issue occurs. However, some of the more complex rules produce issues for which a single location is not enough to adequately explain why the issue has occurred. These more complex rules often identify additional locations in the code to help understand the problem. These additional locations are referred to as secondary locations.

The current Berlin status for Meeting C++ 2020

An update on how Meeting C++ 2020 will be online but also feature a small onsite event in Berlin:

The current Berlin status for Meeting C++ 2020

by Jens Weller

From the article:

With this post I'd like to give you the details for the onsite event in Berlin in November 2020.

First, let me say that unless there is a local lockdown, this is going to happen. I've been in Berlin at the beginning of the week, and had a meeting with the hotel. So this is the up to date information. And I assume for some of you its something to look forward to, to enjoy a real conference with actual people in 2020. The tickets for Berlin are available, and these include access to the online event.

Part 2: Upsetting Opinions about Static Analyzers

By writing the article "Upsetting Opinions about Static Analyzers" we were supposed to get it off our chest and peacefully let it all go. However, the article unexpectedly triggered robust feedback. Unfortunately, the discussion went in the wrong direction, and now we will make a second attempt to explain our view of this situation.

Part 2: Upsetting Opinions about Static Analyzers

by Andrey karpov

From the article:

And started coming up with cases when it might be justified, which means that the PVS-Studio analyzer warning was a false-positive. Some speculations about the change in memory between two checks came into play which occurs due to:

  • running parallel threads;
  • signal/interrupt handlers;
  • the variable X is a reference to the element A[0];
  • hardware, such as performing DMA operations;
  • and so on.

After heated debate on the analyzer's inability to comprehend all cases, they left to cut down forest with axes. In other words, they found an excuse why they could still avoid using a static code analyzer in their work.