Home » Blog » Categories »

C++ Safety with Herb Sutter

By Jordi Mon Companys | Jun 11, 2024 11:52 PM | Tags: security memory_safety c++23

The U.S. government released a report calling on the technical community to proactively reduce the attack surface area of software infrastructure. Herb tackles the concerns cast on C++ on memory safety.

C++ Safety with Herb Sutter


by Jordi Mon Companys in Software Engineering Daily

From the interview:

It's really, really important as native languages C and C++, not to have our heads in the sand and say, "Oh, well, we've been hearing this for years. All is well." No, it's not. We have work to do. But it's also important not to go to the other extreme, and think that, "Oh, if we just magically wave a wand and make all the world's software, suddenly convert overnight to memory-safe languages", which would be great if it can be done. It's not technically feasible. ut even if we could do that, we're not going to make most of the attacks go away.

CppCon 2023 Exceptionally Bad: The Misuse of Exceptions in C++ & How to Do Better -- Peter Muldoon

By Blog Staff | Jun 11, 2024 11:32 AM | Tags: None

cpp23-muldoon.pngRegistration is now open for CppCon 2024! The conference starts on September 15 and will be held in person in Aurora, CO. To whet your appetite for this year’s conference, we’re posting videos of some of the top-rated talks from last year's conference. Here’s another CppCon talk video we hope you will enjoy – and why not register today for CppCon 2024!

Exceptionally Bad: The Misuse of Exceptions in C++ & How to Do Better

by Peter Muldoon

Summary of the talk:

Exceptions were originally heralded as a new modern way to handle errors. However the C++ community is split as to whether exceptions are useful or should be banned outright. It has not helped the pro-exception lobby that in their enthusiasm to embrace exceptions, a lot of code has been written that puts exceptions in a bad light.

In this talk, We will present the original intent/history of exceptions and a brief overview of how exception mechanics work and how they circumvent the usual stack return mechanism to set the stage. we will then examine the philosophy of using exceptions and then the many cases of exception misuse including resource management, retries, hierarchies, data passing and control flow to name but a few.

For each case, we will then suggest better ways to handle each specific situation. In many cases, exceptions are often dropped in favor of some other more appropriate paradigm.
Finally, we will introduce situations that can truly benefit from exceptions and what a model exception class might look like.

Adding State to the Update Notification Pattern, Part 7 -- Raymond Chen

By Blog Staff | Jun 10, 2024 03:44 PM | Tags: None

RaymondChen_5in-150x150.jpgLast time, we refined our change counter-based stateful but coalescing update notification. This version still relies on a UI thread to do two things: (1) make the final final change counter check and the subsequent callback atomic, and (2) to serialize the callbacks.

Adding State to the Update Notification Pattern, Part 7

by Raymond Chen

From the article:

If we don’t have a UI thread, then we open a race condition.

 
class EditControl
{
    ⟦ ... existing class members ... ⟧

    std::atomic<unsigned> m_latestId;
};

winrt::fire_and_forget
EditControl::TextChanged(std::string text)
{
    auto lifetime = get_strong();

    auto id = m_latestId.fetch_add(1, std::memory_order_relaxed);

    co_await winrt::resume_background();

    if (!IsLatestId(id))) co_return;

    std::vector<std::string> matches;
    for (auto&& candidate : FindCandidates(text)) {
        if (candidate.Verify()) {
            matches.push_back(candidate.Text());
        }
        if (!IsLatestId(id))) co_return;
    }

    // co_await winrt::resume_foreground(Dispatcher());

    if (!IsLatestId(id))) co_return;

    SetAutocomplete(matches);
}

CppCon 2023 You Should Use Address Sanitizer -- Brody Holden

By Blog Staff | Jun 8, 2024 10:42 AM | Tags: None

cpp23-holden.pngRegistration is now open for CppCon 2024! The conference starts on September 15 and will be held in person in Aurora, CO. To whet your appetite for this year’s conference, we’re posting videos of some of the top-rated talks from last year's conference. Here’s another CppCon talk video we hope you will enjoy – and why not register today for CppCon 2024!

Lightning Talk: You Should Use AddressSanitizer

by Brody Holden 

Summary of the talk:

This talk aims to get you, yes you, to use Address Sanitizer. ASan will detect various memory errors and is worth your time.

Understand Internals of std::expected -- Bartlomiej Filipek

By Blog Staff | Jun 7, 2024 03:39 PM | Tags: None

BartlomiejFilipek-expected.pngIn the article about std::expected, I introduced the type and showed some basic examples, and in this text, you’ll learn how it is implemented.

Understand Internals of std::expected

by Bartlomiej Filipek

From the article:

In short, std::expected should contain two data members: the actual expected value and the unexpected error object. So, in theory, we could use a simple structure:

template <class _Ty, class _Err> 
struct expected {  
     /*... lots of code ... */  
     _Ty _Value;  
     _Err _Unexpected; 
};

However, there are better solutions than this. Here are some obvious issues for our “struct” approach.

  • The size of the object is the sum of the Value type and the Error type (plus padding if needed).
  • Two data members are “active” and initialized, which might not be possible - for example, what if the Value type has no default constructor? The Standard requires that std::expected" holds either a value of type Tor an error of typeE` within its storage.
  • We’d have to guarantee that _Ty cannot be a reference type or an array type; it must be a Destructible Type.
  • Similarly for the _Err type we have to guarantee that it’s also Destructible, and must be a valid template argument for std::unexpected (so not an array, non-object type, nor cv-qualified type).
  • Plus, we’d have to write a lot of code that creates an API for the type

C++ programmer's guide to undefined behavior: part 1 of 11

By Andrey Karpov | Jun 7, 2024 04:59 AM | Tags: undefined behavior ub narrowing conversions implicit type conversion

Your attention is invited to the first part of an e-book on undefined behavior. This is not a textbook, as it's intended for those who are already familiar with C++ programming. It's a kind of C++ programmer's guide to undefined behavior and to its most secret and exotic corners. The book was written by Dmitry Sviridkin and edited by Andrey Karpov.

C++ programmer's guide to undefined behavior: part 1 of 11

by Dmitry Sviridkin

From the article:

Many modern programming languages, especially newer ones, forbid implicit type conversions. So, in Rust, Haskell, or Kotlin, we can't just use float and int in the same arithmetic expression without explicitly stating in the code to convert one to the other. Python isn't as strict but still keeps strings, characters, and numbers from mixing. C++ doesn't forbid implicit conversion, which leads to a lot of erroneous code. Moreover, such code can contain both defined (but unexpected) and undefined behavior.

CppCon 2023 Delivering Safe C++ -- Bjarne Stroustrup

By Blog Staff | Jun 6, 2024 10:34 AM | Tags: None

cpp23-deliveringsafec++.pngRegistration is now open for CppCon 2024! The conference starts on September 15 and will be held in person in Aurora, CO. To whet your appetite for this year’s conference, we’re posting videos of some of the top-rated talks from last year's conference. Here’s another CppCon talk video we hope you will enjoy – and why not register today for CppCon 2024!

Delivering Safe C++

by Bjarne Stroustrup

Summary of the talk:

Type safety was one of the key initial C++ design ideals. We have evolved C++ to the point where we can write C++ with no violations of the type system, no resource leaks, no memory corruption, no garbage collector, no limitation of expressiveness or performance degradation compared to well-written modern C++.

We face three major challenges: To define what “safe” means in the context of various C++ uses, to guarantee such safety where guarantees are needed, and to get developers to write such verified safe code.

I outline an approach based on safety profiles to address these challenges, describe an approach to eliminate dangling pointers, and suggest how to eliminate all dangling pointers and all range errors. My aim for key applications is verified type-and-resource-safe C++. An emphasis is on minimizing costly run-time checks through the use of abstractions. I see the current emphasis on safety as an opportunity to complete one aspect of C++’s fundamental aims in real-world code.

 

Speaking about C++ is tomorrow

By Meeting C++ | Jun 5, 2024 01:41 AM | Tags: meetingcpp intermediate community basics

Like in the last two years Meeting C++ is organizing an event about technical speaking at C++ conferences, aiming to help new speakers with their talks and give everyone a chance to pick up something to improve their talks! The call for talks for Meeting C++ 2024 is running until June 25th!

Speaking about C++

Organized by Jens Weller

From the event description:

This event will focus on the process of creating technical talks for the C++ community. Various speakers will share their views on how to submit, prepare and give talks to the C++ community in the form of lightning talks and a panel.

Qt and Trivial Relocation (Part 1) -- Giuseppe D'Angelo

By Blog Staff | Jun 4, 2024 03:33 PM | Tags: None

sso1.pngIn Qt 4, container classes like QVector introduced an optimization that transformed certain operations on contained objects into efficient byte-level manipulations. By identifying types that can be safely moved via a simple memory copy, Qt was able to streamline reallocations for specific data types like int and QString. This article explores the concept of trivial relocation, how Qt leverages it for optimized data manipulation, and the implications for different container structures and data types.

Qt and Trivial Relocation (Part 1)

by Giuseppe D'Angelo

From the article:

The container classes introduced in Qt 4 (Tulip, for the aficionados) had an interesting optimization: the ability to turn certain operations on the contained objects into byte-level manipulations.

Example: vector reallocation

Consider the reallocation of a QVector<T>: when the vector is full and we want to insert a new value (of type T), the vector has to allocate a bigger block of memory.

vector_realloc_step0.png

Error on verge of extinction, or why I put if (x = 42) in Red List of C & C++ bugs

By Andrey Karpov | Jun 4, 2024 11:14 AM | Tags: yoda notation collection of bugs bugs assignment

If we ask a programmer what bugs are the most common in C and C++ code, they'll name a null pointer dereference, undefined behavior, array overrun, and other typical error patterns. They may name an accidental assignment in condition as well. However, let's see if this error is common today.

Error on verge of extinction, or why I put if (x = 42) in Red List of C & C++ bugs

by Andrey Karpov

From the article:

Because of this bug, developers invented the Yoda notation: a programming style where the constant is placed on the left side of the comparison operator. This style was meant to prevent a typo. If a programmer writes = instead of ==, the code won't compile.