Home » Blog » Categories »

GCC 14 -fanalyzer improvements for buffer overflows and more -- David Malcolm

By Blog Staff | Apr 4, 2024 03:31 PM | Tags: None

For anyone interested in the top source of memory safety issues, out-of-bounds accesses... GCC 14 will be able to catch more cases, and even show them with some colorful retro ASCII art:

Improvements to static analysis in the GCC 14 compiler

by David Malcolm

It does require some source code annotation, but also delivers safety value in return.

From the article:

So for GCC 14, I've added the ability for the analyzer to emit text-based diagrams visualizing the spatial relationships in a predicted buffer overflow. ... [For example,] this diagram shows the destination buffer populated by the content from the strcpy call, and thus the existing terminating NUL byte used for the start of the strcat call. For non-ASCII strings ... it can show the UTF-8 representation of the characters ...

... [Another improvement] is that the analyzer now simulates APIs that scan a buffer expecting a null terminator byte, and will complain about code paths where a pointer to a buffer that isn't properly terminated is passed to such an API.

Plus more, such as:

The analyzer has a form of "taint analysis", which tracks attacker-controlled inputs, places where they are sanitized, and places where they are used without sanitization. In previous GCC releases this was too buggy to enable by default, with lots of false positives, so I hid it behind an extra command-line argument. I've fixed many bugs with this, so for GCC 14 I've enabled this by default when -fanalyzer is selected. This also enables these 6 taint-based warnings:

Using Copilot Chat with C++ in VS Code -- Sinem Akinci

By Blog Staff | Apr 4, 2024 10:54 AM | Tags: None

copilotchat.pngIf you are a C++ developer who uses VS Code as your editor, Copilot Chat can help you with many of your everyday coding tasks by allowing you to iterate with your code in natural language.

Using Copilot Chat with C++ in VS Code

by Sinem Akinci

From the article:

We have just released a new YouTube video demonstrating the power of Copilot Chat in C++ code:

We cover how Copilot Chat can provide enhancements to your C++ coding scenarios like:

  • Simplifying and refactoring existing code
  • Generating new code and iterating with the prompt
  • Generating and explaining new test cases
  • Refactoring test cases to new frameworks
  • Understanding errors with your code
  • … and more!

SObjectizer Tales – 26. Dispatcher selection--Marco Arena

By Marco Arena | Apr 4, 2024 03:35 AM | Tags: sobjectizer intermediate c++20

A new episode of the series about SObjectizer and message passing:

SObjectizer Tales – 26. Dispatcher selection

by Marco Arena

From the article:

In this episode we explore guidelines and considerations for binding agents to dispatchers. We'll emphasize the significance of asking pertinent questions rather than expecting definitive answers, as the decision-making process hinges on the unique requirements of the system.

2024 Annual C++ Developer Survey "Lite"

By Blog Staff | Apr 3, 2024 09:31 AM | Tags: None

cpp_logo.png

The annual global C++ developer survey is now open. As the name suggests, it's a one-pager:

2024 Annual C++ Developer Survey "Lite"

Please take 10 minutes or so to participate! A summary of the results, including aggregated highlights of common answers in the write-in responses, will be posted publicly here on isocpp.org and shared with the C++ standardization committee participants to help inform C++ evolution.

The survey closes in one week.

Thank you for participating and helping to inform our committee and community!

Pure Virtual C++ 2024 Sessions Announced

By TartanLlama | Apr 3, 2024 08:14 AM | Tags: community

The session list for Pure Virtual C++ 2024 is live:

Pure Virtual C++ 2024 Sessions Announced

By Sy Brand

From the article:

  • Automated Testing of Shader Code with Keith Stockdale
  • Message Handling with Boolean Implication with Ben Deane 
  • I Embedded a Programming Language In Debug Information with Sy Brand
  • Enhancing C++ development with Copilot Chat with Sinem Akinci 
  • Progress Report: Adopting Header Units in Microsoft Word with Zachary Henkel

C++ and The Next 30 Years -- David Sankel

By Blog Staff | Mar 26, 2024 10:47 AM | Tags: None

sankel-next30years.pngI delivered a keynote, C++ and the Next 30 Years, at the 2024 CPP-Summit conference in Beijing, China. Experiencing the culture, the people, and the landscape was tremendous. In this post I’ll cover some of the points in my future-looking C++ talk and share my experience giving a talk for the first time in China.

C++ and The Next 30 Years

by David Sankel

From the article:

My talk: C++ and the Next 30 Years

The title of my keynote was C++ and the Next 30 Years which covered C++’s evolution, the changing landscape of programming languages, and the influence of AI. Here I break down some of my talk’s key points.

The next 10 years

In the next 10 years I expect C++ modules to become more accessible. Most C++ vendors have at least some support and CMake recently announced its feature set. However, transitioning existing code bases and, in many instances, bespoke build systems will be a great obstacle.

Package manager usage is on the rise, but the growth curve is slow. I don’t expect any tool to capture more than 40% market share by the decade’s end.

 

Is shadowing a member variable from a base class a bad thing? Maybe, but maybe not. -- Raymond Chen

By Blog Staff | Mar 21, 2024 10:42 AM | Tags: None

RaymondChen_5in-150x150.jpgIn C++, shadowing occurs when a name in one scope hides an identical name in another scope, sparking debate over its merit. This article explores scenarios where shadowing can either protect code integrity or hinder its evolution, highlighting its dual nature and impact on code maintenance. Join Raymond as he unravels the complexities of shadowing in C++, revealing its intricate balance between benefit and drawback.

Is shadowing a member variable from a base class a bad thing? Maybe, but maybe not.

by Raymond Chen

From the article:

What is shadowing? In C++, shadowing is the name given to the phenomenon when a name in one scope hides an identical name in another scope.

Is shadowing bad? That’s a harder question.

Whether shadowing is good or bad depends on the order in which the conflicting names were introduced.

Suppose you have a class library, and one of the classes is this:

struct Tool {
    int a;
};

And suppose some customer uses your class like this:

class Wrench : public Tool {
private:
    int a;
};

In this case, shadowing is probably unintended. The customer has accidentally shadowed Tool::a, and any references to a in the Wrench class will refer to Wrench::a, even if the author meant to access Tool::a.

Meanwhile, you have another customer who writes this...

Providing a stable memory address to an external API

By Meeting C++ | Mar 20, 2024 02:07 AM | Tags: performance meetingcpp intermediate experimental community c++20 advanced

A post on how to provide a pointer to a Qt Model/View or other APIs storing pointers to their data without using shared_ptr or unique_ptr for the actual object.

Providing a stable memory address

by Jens Weller

From the article:

Some APIs allow you to store a pointer to your data element. This is used to access additional information from your types to display them in Model/View Architecture.

A while ago I showed how you can implement a tree with shared_ptr and enable_shared_from_this and then display this in QTreeView. And when working on my current project I knew this problem would come around again. Maybe not for a tree and a tree view, but I'll clearly need to have some way to have ui panels display and edit my data classes and store a stable memory adress as a pointer in Qt models. Back in 2015 the Qt5 example still used a pointer allocated with raw new for this, in Qt6 the example uses unique_ptr. Using shared_ptr for this back in 2015 was a good decision, and the code works very well. For the moment I don't see that my current project would need to make use of enable_shared_from_this, so using unique_ptr would be a good option...