Clang 11.0.0 Release Notes — Clang 11 documentation

The new version is here.

Clang 11.0.0 Release Notes — Clang 11 documentation

From the article:

This document contains the release notes for the Clang C/C++/Objective-C frontend, part of the LLVM Compiler Infrastructure, release 11.0.0. Here we describe the status of Clang in some detail, including major improvements from the previous release and new feature work. For the general LLVM release notes, see the LLVM documentation. All LLVM releases may be downloaded from the LLVM releases web site.

Virtual C++ Day 2020

An online-only full day of C++:

C++ Day 2020

November 28, 2020


In a nutshell

The C++ Day 2020 is an online-only event about C++ with live sessions and virtual tables for networking (based on Remo).


What can I find in the Virtual C++ Day 2020?

We are scheduling:

  • 8x50-min live sessions
  • virtual networking based on Remo

You can refer to the event page for more information.


How can I attend the virtual event?

The event will go live on November 28 from 9 AM CEST and will last for the entire day.

All the sessions will be hosted on our YouTube channel. However, only registered people can see session links in advance.

Virtual tables will be hosted on Remo, kindly made available by the Standard C++ Foundation. For invitation link and further details, you must register.

Who supports this event?

The event is totally organized by the Italian C++ Community and it is supported by the Standard C++ Foundation.


Do I need to register?

The C++ Day 2020 is totally free (as all the previous editions) but you must register to be invited to virtual tables and to receive session links in advance.

Direct link to (free) tickets here.



See you at the event, safely from home!

C++ as a Second Language (Chrome University 2020)--Chris Blume

The basics.

C++ as a Second Language (Chrome University 2020)

by Chris Blume

Summary of the video:

A tour of C++ for experienced/advanced programmers coming from other languages (C/Java/JS/Python/Go/VHDL/etc). Chris Blume explains C++11 features, free functions, include & linkage, destructors & scope, RAII, pass-by-value / -reference, the standard library, and smart pointers...

C++ Compile time conditional struct member variables--Saleem Ahmad

Before we get metaclasses one day?

C++ Compile time conditional struct member variables

by Saleem Ahmad

From the article:

C++ has rich set of features to do compile time calculations and optimizations to generate a better code. In one of code segment I have very large data structure in which few member variables are not used based on compile time if constexpr condition, but these variables are logged in the log line...

Upsetting Opinions about Static Analyzers

Static analysis tools have advanced far over the time they've been around. They no longer resemble the "linters" that were in active use 20 years ago. But some programmers still view them as extremely primitive tools. And that's very sad.

Upsetting Opinions about Static Analyzers

by Andrey Karpov

From the article:

Of course, any modern static analyzer tracks the changes of variables' values. If a variable doesn't change, a warning is issued. If it does, no warning is issued. To ensure that, analyzers rely on data stream analysis. And that's exactly how PVS-Studio works. Let's take a look at the following synthetic example.


CopperSpice: Concepts in C++20

New video on the CopperSpice YouTube Channel:

Concepts in C++20

by Barbara Geller and Ansel Sermersheim

About the video:

In this video we look at the feature called Concepts which was added in C++20. We discuss some of the reasons concepts were added to the language, and why concepts as they were accepted are not like the original proposals they started with. We also provide an example of replacing SFINAE with concepts to produce cleaner and more readable code.

Please take a look and remember to subscribe!

Winning the race against TOCTOU vulnerabilities in C & C++ -- Ann G. Campbell

Researchers were surprised to find that their Time of Check to Time of Use (TOCTOU) attack succeeded 85% of the time, even when the critical operations were "separated only by a few milliseconds."

To better understand this vunlerability and what you can do, read:

Winning the race against TOCTOU vulnerabilities in C & C++

by G. Ann Campbell

From the article:

With TOCTOU, the idea is that there's a window of opportunity between when a privileged program checks a file (Does the file exist? Are permissions okay for what we're about to do? …)  and when it operates on that file (Create the file. Write to the file. …). In that window, an attacker could replace the file with e.g. a symlink to `/etc/passwd`, and the operation you meant to perform on `/home/ann/tmp` happens to an important system file instead.

Broader coverage of C++ Core Guidelines & broken access control detection with SonarQube and SonarCl

SonarSource recently improved C++ analysis to provide even broader coverage of the C++ Core Guidelines and to add detection of broken access control vulnerabilities

C++ analyzer provides a broader coverage of the C++ Core Guidelines and detects broken access control security issues

By Alexandre Gigleux

From the article:

We’re proud to announce the following improvements to the C++ analyzer:

  • security rules detecting broken authentication and access control issues
  • broader coverage of the C++ Core Guidelines

Security Rules

We implemented 6 rules related to broken access control (incorrect permission assignments, privilege escalations, unprotected APIs …):