PVS-Studio as SAST solution

By Andrey Karpov | Jul 25, 2018 02:19 AM | Tags: vulnerabilities sei cert security weaknesses sast devsecops cwe cve

PVS-Studio is a static application security testing tool (SAST). In other words, the PVS-Studio analyzer detects not only typos, dead code and other errors, but also security weaknesses (potential vulnerabilities).

PVS-Studio as SAST solution

by Andrey Karpov

From the article:

Until recently, in our articles we have positioned PVS-Studio as a tool for detecting errors in code. While we almost never regarded PVS-Studio in a security context. We will try to remedy this situation and take a look at the tool in terms of testing of security applications and DevSecOps practices.

For the convenience of specialists who will use PVS-Studio as a SAST tool, the analyzer provides mappings for its warnings to Common Weakness Enumeration, SEI CERT Coding Standards, and also supports MISRA standard (currently in development).

CppCon 2017: Programming with C++ Constraints: Background, Utility, and Gotchas--Walter E. Brown

By Adrien Hamelin | Jul 23, 2018 02:13 PM | Tags: community

Have you registered for CppCon 2018 in September? Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2017 for you to enjoy. Here is today’s feature:

Programming with C++ Constraints: Background, Utility, and Gotchas

by Walter E. Brown

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Compile-time constraints will likely soon become part of our routine C++ programming vocabulary. Why? Such constraints are induced by new core language features (requires-clauses and requires-expressions) that are on the horizon for C++. What are these all about?

Almost every function imposes requirements on its users; violating those requirements typically leads to incorrect programs. Historically, such requirements had to be expressed in comments or other documentation, as there was little machinery to express them in code. Soon we will be able to express more requirements in code, thus allowing compilers to detect and address more violations.

This talk aims to prepare both new and veteran C++ programmers with the necessary background, tutorial information, and advice to exploit this powerful new supplement to function declarations. A case study, illustrating an unexpected gotcha, will conclude the presentation.

Announcing “trivially relocatable”-- Arthur O’Dwyer

By Adrien Hamelin | Jul 23, 2018 02:10 PM | Tags: performance experimental

Do you want this?

Announcing “trivially relocatable”

by Arthur O’Dwyer

From the article:

Frequent users of Compiler Explorer, a.k.a. godbolt.org, may have noticed that a few days ago a new compiler appeared in its dropdown menu. “x86-64 clang (experimental P1144)” is a branch of Clang which I have patched to support the concept of “trivially relocatable types,” as described in my C++Now 2018 talk and as proposed for standardization in my upcoming paper P1144 “Object relocation in terms of move plus destroy” (coauthored with Mingxin Wang)...

How to Construct C++ Objects Without Making Copies--Miguel Raggi

By Adrien Hamelin | Jul 23, 2018 02:05 PM | Tags: performance

Avoiding copies.

How to Construct C++ Objects Without Making Copies

by Miguel Raggi

From the article:

C++ references are a powerful but tricky tool: used correctly, they can improve performance with little impact on the clarity of code. But used badly, they can hide performance issues, or even send a peaceful program into the realm of undefined behaviour.

In this post, we will explore how to use the various references of C++ to minimize copies when constructing an object that holds a value, and how in some cases we can even reach zero copies.

This article assumes that you’re familiar with move semantics, lvalue, rvalue and forwarding references. If you’d like to be refreshed on the subject, you can take a look at lvalues, rvalues and their references.

C++ Weekly Episode 125: The Optimal Way To Return From A Function—Jason Turner

By Jason Turner | Jul 23, 2018 10:31 AM | Tags: performance efficiency basics

Episode 125 of C++ Weekly.

The Optimal Way To Return From A Function

by Jason Turner

About the show:

In this episode of C++ Weekly Jason investigates the possible methods that one of two string values might be returned from a function. Which option is best? Which option can the compiler optimize the most? Do we take one return path or multiple return paths? Should a ternary be used?

Customisation points to support interfaces -- Krzysztof Ostrowski

By fj | Jul 21, 2018 01:25 AM | Tags: None

Testable interfaces with polymorphic backends.

Customisation points to support interfaces

by Krzysztof Ostrowski

From the article:

Definition of an interface is not a trivial task. The resulting abstraction that embeds the defined interface actions does not have to be a set of virtual member functions wrapped into a class from which implementations exposed to the user derive. General guideline promoted in this article is to expose non-virtual interfaces to the user while providing a customisation point in the form of a minimal set of actions that can be combined with each other.

CppCast Episode 159: Design Patterns in Modern C++ with Dmitri Nesteruk

By robwirving | Jul 20, 2018 08:38 AM | Tags: None

Episode 159 of CppCast the only podcast for C++ developers by C++ developers. In this episode Rob and Jason are joined by Dmitri Nesteruk to discuss Design Patterns with Modern C++.

CppCast Episode 159: Design Patterns in Modern C++ with Dmitri Nesteruk

by Rob Irving and Jason Turner

About the interviewee:

Dmitri Nesteruk is a quantitative analyst, developer, course and book author, and an occasional conference speaker. His interests lie in software development and integration practices in the areas of computation, quantitative finance and algorithmic trading. His technological interests include C# and C++ programming as well high-performance computing using technologies such as CUDA and FPGAs.

CppCon 2017: Undefined Behaviour is awesome!--Piotr Padlewski

By Adrien Hamelin | Jul 18, 2018 09:06 AM | Tags: community

Have you registered for CppCon 2018 in September? Registration is open now.

While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2017 for you to enjoy. Here is today’s feature:

Undefined Behaviour is awesome!

by Piotr Padlewski

(watch on YouTube) (watch on Channel 9)

Summary of the talk:

Undefined behavior (UB) is one of the features of C++ that is both loved and hated. Every C++ developer cares about performance, which is why it is very important to understand what the compiler can optimize and what are the language guarantees. Many times programmers are too optimistic about what the compiler can optimize, or they waste time optimizing code by hand.

In this talk you will learn:
- what is the “as-if” rule
- why compilers know less than the programmer — the main problem with Translation Units
- why compilers optimize based on UB, but don't warn about it
- why Undefined Behavior can transcend time, removing your whole code without running 88mph
- why having a more constrained language is better — optimizations that you can’t do in C

In-Place Construction for std::any, std::variant and std::optional--Bartlomiej Filipek

By Adrien Hamelin | Jul 18, 2018 12:12 AM | Tags: intermediate

Efficient construction.

In-Place Construction for std::any, std::variant and std::optional

by Bartlomiej Filipek

From the article:

When you read articles or reference pages for std::any, std::optional or std::variant you might notice a few helper types called in_place_* available in constructors.

Why do we need such syntax? Is this more efficient than “standard” construction?

The Incredible Const Reference That Isn’t Const--Jonathan Boccara

By Adrien Hamelin | Jul 18, 2018 12:07 AM | Tags: advanced

To be const or not?

The Incredible Const Reference That Isn’t Const

by Jonathan Boccara

From the article:

While working on the NamedType library I came across a situation that left me stunned in bewilderment: a const reference that allows modification of the object it refers to. Without a const_cast. Without a mutable. Without anything up the sleeve.

How can this be? And how to enforce the const in that const reference?