Home » Blog » Categories »

CppCon 2015 Secure C++ Programming--Gwendolyn Hunt

By Adrien Hamelin | Sep 5, 2016 01:42 PM | Tags: community advanced

Have you registered for CppCon 2016 in September? Don’t delay – Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2015 for you to enjoy. Here is today’s feature:

Secure C++ Programming

by Gwendolyn Hunt

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Security vulnerabilities are fundamentally defects in our code. We know many of these defects stem from string processing, buffer overflows and integer underflow and overflows. These defects become security vulnerabilities when an attacker can crash an application, cause undefined behavior that leads to a Denial of Service, privilege escalation or hidden installation of rogue software.

So how do we build more secure C++ software? It starts by gaining an understanding of the basics of security vulnerabilities and how to identify them using the rich set of tools we now have available. With this foundation we can build a development culture where security considerations are pervasive and treated as important as program and algorithm correctness.

This session begins with a survey of common C/C++ string, integer and STL container issues and mitigations for these vulnerabilities. Follows with two detailed examples of vulnerabilities and how to fix their problems. Finishes with a survey of tools and references we have available today.

CppCon 2015 Demystifying Floating Point--John Farrier

By Adrien Hamelin | Sep 2, 2016 12:29 PM | Tags: intermediate efficiency

Have you registered for CppCon 2016 in September? Don’t delay – Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2015 for you to enjoy. Here is today’s feature:

Demystifying Floating Point

by John Farrier

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Every day we develop software that relies on math while we often overlook the importance of understanding the implications of using our IEEE floats. From the often cited “floating point error” to unstable algorithms, this talk will explain the importance of floats, understanding their storage, the impact of the IEEE floats on math, and designing algorithms better. Finally, the talk will conclude with a quick case study of storing time for games and simulations.

Bugs found in GCC with the help of PVS-Studio

By Andrey Karpov | Sep 1, 2016 02:01 AM | Tags: static code analysis pvs-studio gcc bugs basics

I regularly check various open-source projects to demonstrate the abilities of the PVS-Studio static code analyzer (C, C++, C#). Now it is time for the GCC compiler to get checked.

Bugs found in GCC with the help of PVS-Studio

by Andrey Karpov

From the article:

This part could also be called "Example number one thousand, why macros are bad". I really don't like macros and always urge people to avoid using them if possible. Macros make it difficult to read the code, provoke errors, and make the work of static analyzers harder. As best I can tell, from a brief interaction with the GCC code, the authors are big fans of macros. I was really tired looking at what the macros are expanded to, and perhaps missed quite a number of interesting errors. I should confess that I was lazy at times. But still, I will demonstrate a couple of errors, connected with macros.

CppCon 2015 Compile-time contract checking with nn--Jacob Potter

By Adrien Hamelin | Aug 31, 2016 01:56 PM | Tags: performance intermediate

Have you registered for CppCon 2016 in September? Don’t delay – Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2015 for you to enjoy. Here is today’s feature:

Compile-time contract checking with nn

by Jacob Potter

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Tony Hoare called null pointers a “billion-dollar mistake”, but nearly every language in wide use today has them. There have been many efforts to reduce the risk of nulls creeping in where they shouldn't be, but most involve attributes or annotations rather than being part of the type system itself. Can we do better? C++'s customizable value types make it possible to solve this sort of problem.

In this talk, I’ll present a non-nullable pointer wrapper, `nn`, that’s found wide use in Dropbox’s C++ code. This helper lets us use the type system to track pointers that can't be null, and express and enforce contracts at compile time. I’ll go into some depth on the template trickery needed to make things “just work”, the toolchain bugs we found along the way, and how this tool has helped us improve our code.

Episode Eleven: To Kill a Move Constructor--Agustín "K-ballo" Bergé and Howard Hinnant

By Adrien Hamelin | Aug 29, 2016 01:08 PM | Tags: c++11 advanced

Following here is an advanced article about the behavior of C++ concerning copy and move operations. A more simple version is provided for a quicker and easier understanding of the best practices. The sum up is, don't declare as deleted a move constructor!

A more user friendly version

by Howard Hinnant

Episode Eleven: To Kill a Move Constructor

by Agustín "K-ballo" Bergé

From the article:

Unlike copy operations, which are provided by the compiler if not user declared, move operations can and often are suppressed such that a class might not have one. Furthermore, it is possible for a class to have a —user declared— move operation which is both defined as deleted, and at the same time ignored by overload resolution, as if it didn't exist...

 

Top 15 C++ Exception handling mistakes and how to avoid them--Deb Haldar

By Adrien Hamelin | Aug 29, 2016 11:34 AM | Tags: efficiency basics

This article changed my vision about exceptions:

Top 15 C++ Exception handling mistakes and how to avoid them

by Deb Haldar

From the article:

Do you use exception handling in your C++ code?

If you don’t, why not?

Perhaps you’ve been conditioned to believe that exception handling is bad practice in C++. Or maybe you think that it’s prohibitively expensive in terms of performance. Or maybe it’s just not the way your legacy code is laid out and you’re stuck in the rut.

Whatever your reason is, it’s probably worth noting that using C++ Exceptions instead of error codes has a lot of advantages. So unless you’re coding some real-time or embedded systems, C++ exceptions can make your code more robust, maintainable and performant in the normal code path (yes performant, you read that right !).

In this article we’re going to look at 15 mistakes that a lot of developers make when just stating off with C++ exceptions or considering using C++ exceptions...

CppCon 2015 Templator: Demo of a nice tool for Visualizing Template Instantiations--Peter Sommerlad

By Adrien Hamelin | Aug 29, 2016 11:22 AM | Tags: intermediate experimental community

Have you registered for CppCon 2016 in September? Don’t delay – Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2015 for you to enjoy. Here is today’s feature:

Templator: Demo of a nice tool for Visualizing Template Instantiations

by Peter Sommerlad

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Many C++ beginners shy away from employing templates in their code, because of the myth of templates being hard. Even seasoned C++ developers can have problems manually interpreting template code correctly as Olve Maudal's C++ pub quiz demonstrates. Overloads and template specializations make it hard for programmers and also IDEs to show a developer what happens without compiling a program and even with a compile one might not get, what actually happens unless an unintelligible error message from your compiler appears.

My students tried to alleviate that problem by visualizing template instantiation and overload selection in a C++ IDE and allow to navigate through template code in instantiation context that a compiler would only create internally and that is otherwise not available for humans. While still in its nascent state I hope to show what is possible and if things go as planned at the time of the submission you should be able to solve the template pub quiz questions without running the programs.