October 2020

Broader coverage of C++ Core Guidelines & broken access control detection with SonarQube and SonarCl

SonarSource recently improved C++ analysis to provide even broader coverage of the C++ Core Guidelines and to add detection of broken access control vulnerabilities

C++ analyzer provides a broader coverage of the C++ Core Guidelines and detects broken access control security issues

By Alexandre Gigleux

From the article:

We’re proud to announce the following improvements to the C++ analyzer:

  • security rules detecting broken authentication and access control issues
  • broader coverage of the C++ Core Guidelines


Security Rules

We implemented 6 rules related to broken access control (incorrect permission assignments, privilege escalations, unprotected APIs …):

Range-v3: An Introduction to the Library [In Spanish] -- Daniel G Vergel

This series of posts provides a brief introduction to some of the most commonly used algorithms, views, and actions of the library. It is written entirely in Spanish, in part to mitigate the lack of educational materials on modern C++ currently available in my native language. Many of the codes are nevertheless self-explanatory, and I hope, may be of interest to a broader audience.

Ranges-v3: An Introduction to the Library

 

Range-v3: An Introduction to the Library

by Daniel G Vergel

About the series

As an Associate Professor at the European University (Madrid, Spain), I decided to integrate C++17/20 and the Range-v3 library into my teaching materials to build a more interesting and up-to-date syllabus for my courses. The adoption of a functional style of coding has helped me produce better and more expressive code, making my students' first approach to system programming easier.

  1. Examples 1 (generate_n, group_by, sort, to) and 2 (filter)
  2. Examples 3 (enumerate, shuffle, take, zip) and 4 (intersperse, tokenize)
  3. Examples 5 (getlines, transform) and 6 (iota, set_difference, split_when)
  4. Example 7 (stable_partition, subrange)
  5. Example 8 (concat, drop, generate, take_while)
  6. Examples 9 (cycle) and 10 (keys, values)

 

std::format in C++20--Peter Gottschling

More convenience for formatting.

std::format in C++20

by Peter Gottschling

From the article:

Today, I'm happy to present Peter Gottschling's guest post to the new formatting library in C++20: std::format.  Thanks to std::format, text formatting becomes in C++20 as easy as in Python...

Announcing the closing keynote of Meeting C++ 2020!

Finally I can announce the closing keynote of this years Meeting C++ conference!

Announcing the closing keynote of Meeting C++ 2020

by Jens Weller

From the article:

During September I was thinking about this years closing keynote. It would have been fine to leave it open, but its also the case that 2020 gives us opportunities and so I thought about who could be giving this years closing keynote.

Why it is important to apply static analysis for open libraries that you add to your project

If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.

Why it is important to apply static analysis for open libraries that you add to your project

by Andrey Karpov

From the article:

Because of a typo, the original vector is returned, not the new scaledVector container. The same error occurs in the division operator. Facepalm. Again, these errors don't mean anything separately. Although, this is a hint that this library isn't used much and there is highly likely that there are other serious undetected errors in it.

False positives are our enemies, but may still be your friends -- Loic Joly

Insights into how static analysis rules are structured, why false positives exist, how they're fought, and why - hard as we try - they may always be with us. 

False positives are our enemies, but may still be your friends

By Loic Joly

About the article:

When writing a rule for static analysis, it’s possible that in some cases, the rule does not give the results that were expected. Unfortunately, naming a false positive is often far easier than fixing it. In this post, I’ll discuss how the different types of rules give rise to different types of false positives, which ones are easier to fix than others, and how you can help. I’ll end with insight into how issues that are false positives can still be true indicators that the code needs to change.

"C++ Move Semantics - The Compete Guide" is Complete and in Print -- Nicolai Josuttis

The book "C++ Move Semantics - The Complete Guide" is now done and out as ebook or printed.

C++ Move Semantics - The Complete Guide

by Nicolai Josuttis

About the book

On 260 pages (yes, it is that complicated if you want to deal with all the details), Nicolai Josuttis introduces and explains all aspects of C++ move semantics:

  • Intuitive motivation
  • Compelling examples
  • Tricky details

The book covers all aspects of move semantics:

  • From std::move() and rvalue references
  • Over reference qualifiers, invalid moved-from states, and value categories
  • Up to tricky details in generic code using std::forward(), universal/forwarding references, auto&&, and decltype(auto).

Additional chapters about move-only types and the support of move semantics in the C++ standard library help to understand and use standard types in practice.

See cppmove.com for a detailed list of all topics covered.

 

Getting timely, accurate feedback on your C++ from the SonarQube ecosystem -- G. Ann Campbell

The SonarQube ecosystem offers C++ developers feedback throughout the workflow: in-IDE for the individual, in PRs for peer review, and in SonarQube for the team

Getting timely, accurate feedback on your C++ from the SonarQube ecosystem

By G. Ann Campbell

From the article

Late feedback is a pain in the butt. Regardless of how it comes, hearing "that thing you did two weeks ago was wrong" is unwelcome at best. Good feedback is immediate, actionable and at least dispassionate, if not compassionate. That's why we help you integrate C++ static analysis throughout your workflow, so you and your team get the feedback you need when and where it's most useful. In this post, I'll walk through how SonarQube and SonarLint integrate smoothly into your workflow and your team to give you the right data at the right time and in the right place.

HPX V1.5.1 released -- STE||AR Group

The STE||AR Group has released V1.5.1 of HPX -- A C++ Standard library for parallelism and concurrency.

HPX V1.5.1 Released

The newest version of HPX (V1.5.1) is now available for download! This is a relatively small bug-fix release that fixes some problems we discovered in the 1.5.0 release.

    HPX is a general purpose parallel C++ runtime system for applications of any scale. It implements all of the related facilities as defined by the C++ Standard. As of this writing, HPX provides the only widely available open-source implementation of the new C++17 parallel algorithms. Additionally, HPX implements functionalities proposed as part of the ongoing C++ standardization process, such as large parts of the features related parallelism and concurrency as specified by the upcoming C++20 Standard, the C++ Concurrency TS, Parallelism TS V2, data-parallel algorithms, executors, and many more. It also extends the existing C++ Standard APIs to the distributed case (e.g. compute clusters) and for heterogeneous systems (e.g. GPUs).

    HPX seamlessly enables a new Asynchronous C++ Standard Programming Model that tends to improve the parallel efficiency of our applications and helps reducing complexities usually associated with parallelism and concurrency.