Effective C++11 update -- Scott Meyers

By Blog Staff | Jan 30, 2013 05:40 PM | Tags: intermediate basics

This week, Scott Meyers posted a couple of updates on how C++11 is coming to one of the world's most-loved C++ book series -- Effective C++.

First, here's Scott's preamble about his approach to Effective C++11:

Effective C++11: Background

I've mentioned in some earlier posts that I plan to start writing a new book, Effective C++11.  The purpose of this post is to tell you a little bit about it. Lest there be confusion, let me emphasize that there is no book yet. If everything falls into place the way I hope it will, there will be a book about 10 months from now. If. I'm not making any promises. [...]

As a followup, Scott then posted an early draft list of candidate Items for Effective C++11 as part of this post:

Effective C++11: Content and Status

[...] At last year's C++ and Beyond, I gave a talk entitled "Initial Thoughts on Effective C++11." It had my usual guideline format. I also gave a talk on "Secrets of the C++11 Threading API," which consisted of observations about C++11's threading support. The material in those talks, combined with the feedback I got from giving them and mixed in with my experience explaining the idea of universal references, ultimately yielded the initial list of candiate Items for EC++11. The current snapshot of my vision for Effective C++11 is: [...]

At least a million developers are looking forward to your book, Scott!

No pressure.

cpp-netlib.org announced

By Blog Staff | Jan 28, 2013 08:49 AM | Tags: None

From Dean Michael Berris:

cpp-netlib.org is here!

The project's new home is now at http://cpp-netlib.org/ (links to the old site should automatically redirect to this domain). We're looking at scaling the effort of the project and enforcing a few processes for consistency and for velocity. A few highlight to the website content:

• A style guide. We are now getting to the point where we have a lot of code and more people sending in pull requests. In this light we've started a very minimalist style guide. We will discuss and update this as soon as we have more data to make decisions.
• A development policy document. We've attempted to codify what we do and how we do it.
• A proposal process. If you're considering getting involved or helping get your library developed or included in cpp-netlib, there's now a process for that.

We're also now ramping up our migration to use Google Test and getting ready to use Clang Format to use the Google style-guide formatting (just for the formatting) to make the code more consistent. I'm driving that process and getting the codebase into a more maintainable state. I've learned in these past few years that readable code makes my life easier, and contributors lives easier. Having said this we're not going to compromise on features of C++11 that we're going to use. I believe that now is the time to use C++11. ...

Continue reading...

Pattern-Oriented Software Architectures for Concurrent and Networked Software -- Doug Schmidt

By Blog Staff | Jan 22, 2013 10:25 AM | Tags: intermediate

A video preview is available for Doug Schmidt's upcoming free MOOC with Vanderbilt University via Coursera:

Pattern-Oriented Software Architectures for Concurrent and Networked Software

Next session: Starts March 4 (8 weeks long)

Workload: 4-6 hours/week

Douglas C. Schmidt is a Professor of Computer Science, Associate Chair of the Computer Science and Engineering program, and a Senior Researcher at the Institute for Software Integrated Systems, all at Vanderbilt University. He has also been the Chief Technology Officer for the Software Engineering Institute at Carnegie Mellon University, where he was responsible for directing the technical vision and strategic R&D investments.

C++ developers will know of Doug particularly because of his widely-acclaimed ACE and related libraries.

We asked Doug to provide an overview in his own words of what you can expect to see in the course and how it relates to C++11 in particular:

After a short ~45 minute intro to the topics covered in the course, the rest of the videos are divided into the following sections:

• [~3 hours] Intro to concurrency and networking, which provides background info at the OS and middleware levels.  This part focuses on concepts and is largely language-neutral.
• [~7 hours] Intro to patterns and frameworks, which provides coverage of pattern-oriented software architecture, with an emphasis on concurrent and networked software.  Small C++ and Java examples are shown throughout, though the main focus of this section is more on design techniques rather than programming, per se.
• [~6 hours] Applying patterns and frameworks to develop concurrent and networked software, which examines *lots* of C++ code.  A high-performance HTTP web server is used as a running example to illustrate patterns and frameworks in practice.  80-90% of the focus is on C++ here, with some examples showing how you can do similar types of things in Java to demonstrate the generality of pattern and framework techniques.
• [~3 hours] An appendix that provides an overview of C++ (including C++11 features), a case study of fundamental "Gang of Four" patterns that aren't directly related to concurrent and networked software, and other background information that may be of interest to some course participants.

January standards papers mailing available

By Blog Staff | Jan 21, 2013 11:46 AM | Tags: None

The between-meetings standards papers mailing is now available. It includes the spring meeting agenda, updated issues lists, and a number of new papers including at least one that came through the public std-proposals forum. (Update: Please also direct discussion about these papers to that forum.)

C++11 Rocks: Visual Studio 2012 Edition -- Alex Korban

By Blog Staff | Jan 18, 2013 05:24 PM | Tags: intermediate basics

Alex Korban has written a nice e-book that covers the parts of C++11 available in Visual Studio, including documenting limitations and bugs while still focusing on how using the C++11 features makes code cleaner, safer, and faster into the bargain.

The Visual Studio 2012 edition is now in beta. See the table of contents for what's covered, and a free sample to check out the style.

C++11 Rocks: Visual Studio 2012 Edition

by Alex Korban

Highlights from the description:

Visual Studio 2012 gives you the opportunity to use C++11 features to make your code significantly cleaner and easier to read, and to improve performance as well.

But which features are there? Are they ready for use in production code? ... 

You can master the C++11 features in VS2012 with this book. It’s laser focused on C++11, Visual Studio 2012, and nothing else. You’ll quickly get in-depth knowledge of the stuff you need to know.

You’ll learn easily with tons of examples. I spent a lot of time researching and testing, and as a result the book details many C++11 bugs and cases of non-standard behavior in Visual Studio.

Continue reading...

Announce: Third Annual European LLVM Conference

By Eric Niebler | Jan 16, 2013 01:03 PM | Tags: None

For many of our readers, LLVM and Clang will need no introduction. LLVM is a modular compiler toolchain, and Clang is an LLVM front-end for the C family of languages. They're both implemented in C++. Together, they're taking the C++ toolchain in new directions. Be a part of the action at this just-announced developer conference in April in Paris. (Does it get better?) From the announcement:

Announcements

We are pleased to announce the third European LLVM conference on April 29-30 2013 in Paris, France. This will be a two day conference which aims to present the latest developments in the LLVM world and help strengthen the network of LLVM developers. The format will be similar to that of the previous meetings held in London but with more time for presentations and networking. The meeting is open to anyone whether from business or academia, professional or enthusiast and is not restricted to those from Europe -- attendees from all regions are welcome.

This meeting is about 8 days after the ISO C++ standardization meeting in Bristol, UK. Twofer, anyone? The full announcement gives all the details.

Continue reading...

Are the Java vulnerabilities actually C and C++ vulnerabilities?

By Herb Sutter | Jan 15, 2013 01:40 PM | Tags: None

You've probably seen the headlines:

[US-CERT] Java in Web Browser: Disable Now!

We've been telling people to disable Java for years. ... We have confirmed that VU#625617 can be used to reliably execute code on Windows, OS X, and Linux platforms. And the exploit code for the vulnerability is publicly available and already incorporated into exploit kits. This should be enough motivation for you to turn Java off.

Firefox and Apple have blocked Java while U.S. Homeland Security recommends everyone disable it, because of vulnerabilities

Homeland Security still advises disabling Java, even after update

Some people have asked whether last week's and similar recent Java vulnerabilities are actually C or C++ vulnerabilities -- because, like virtually all modern systems software, Java is implemented in C and C++.

The answer is no, these particular exploits are pure Java. Some other exploits have indeed used vulnerabilities in Java's native C code implementation, but the major vulnerabilities in the news lately are in Java itself, and they enable portable exploits on any operating system with a single program. Note that this isn't to single out Java; other managed code environments have had similar vulnerabilities reported as well.

Today CERT posted an analysis of the current Java vulnerabilities, written by our own ISO C++ committee member David Svoboda:

Anatomy of Java Exploits

by David Svoboda

Java was exploited recently and last August. The August exploit was patched by Oracle on August 30; this most recent exploit now also has a patch available. Strictly speaking, the vulnerabilities that permitted both exploits are independent; the current exploit attacked code that was unused by the August exploit. Nevertheless, these vulnerabilities were quite similar. This blog post examines the vulnerabilities that permitted Java to be exploited in each case, using the proof-of-concept code exploits that have been published for them in January 2013 and August 2012.

The article demonstrates and comments on how security issues are common to all modern languages. From the conclusion:

While many previous Java vulnerabilities were actually vulnerabilities in the C code of a particular Java implementation, these exploits ran with pure Java -- no underlying C/C++ vulnerability was involved.

This doesn't mean Java is a horrible language any more than vulnerabilities in C and C++ make those horrible languages. Rather, it emphasizes that security is hard in any language or environment, and pretending otherwise is never helpful. For example, CERT publishes secure coding guidlines for various languages (the Java book coauthored by the author of the blog post above, David Svoboda):

• Robert Seacord: The CERT C Secure Coding Standard (720 pages)
• Robert Seacord, David Svoboda, et al.: The CERT Oracle Secure Coding Standard for Java (744 pages) -- the authors report that an additional second companion volume is due later this year.

And as Svoboda's CERT blog post today noted, many of today's popular attacks aren't language-specific, and:

... injection attacks, such as SQL injection, cross-site scripting (XSS), and command injection, occur in all languages that permit string manipulation.

Just like it isn't enough to think that using C++, which advertises an emphasis on performance, by itself means your code will be fast, it isn't enough to think that using a language that advertises an emphasis on safety means your code will be secure. As Robert Seacord, author or coauthor of both books above, said in email yesterday:

"The fact is that you need to understand the problems in whatever language you are using and diligently apply secure coding practices and principles if you want to have any hope of developing secure systems."

That's a lesson we can all benefit from, no matter which modern mainstream language we use.

Update from the Ranges Study Group

By Eric Niebler | Jan 14, 2013 11:04 AM | Tags: intermediate experimental

In December, we announced the opening of the SG9 (Ranges) mailing list. Since then, the activity on it has been nothing short of amazing, and the discussion is of a markedly high quality. Ranges promise a improvement in usability, power, and safety for the STL. If you have ever wanted to see how the C++ Standardization Committee crafts the future of C++, sidle on over to the Ranges group and learn about the future of the STL from many of the people who have helped shape it since its inception. Watch tomorrow's C++ take shape today, and maybe help shape it yourself.

Read the list archives here, or sign up to get the blow-by-blow here.

P.S. You can start using (one implementation of) Ranges today over at Boost (see Boost.Range's docs).

Site updates: StackOverflow highlights, blog tags and comments, and more

By Blog Staff | Jan 13, 2013 03:15 PM | Tags: None

Over the holidays we've made several improvements to isocpp.org. Many are behind the scenes where most readers won't notice, but here are a few that a more visible. We hope you find them useful.

Home page: Highlights from StackOverflow and StackExchange

Today, we added a new home page feature: Selected highlights from StackOverflow's [c++] and [c++11] tags, and from Programmers.StackExchange's [c++11] tag. We are pleased to endorse these sites as a premier place for question-and-answer discussion about modern C++ -- if you have a question about C++, you can probably already find the answer there, or post a new question and get a high-quality answer quickly. Please note: StackOverflow and StackExchange are for Q&A only, and actively discourage "discussion" styles -- for discussion about the Standard, see the Forums accessible from this site.

SO and SE are high-traffic sites, and many of our readers may only have time to consume a shorter "highlights reel" summary each day. That's why our home page shows an "auto-curated" filtered subset of the SO and SE traffic, selecting highlights from each feed using criteria that we can adjust over time. However, for those interested in following the full flow of questions on StackOverflow or StackExchange, we also provide a handy RSS link for each feed that lets you directly subscribe to the corresponding full feed. In the future, if there's interest, we might also consider providing our own custom RSS feeds for those who want to follow our custom filtered versions of the higher-volume SO and SE feeds.

Blog Tags

Each blog entry is now tagged, so you can more easily find the kind of content that interests you.

Here are the tags we're using initially:

• basics: General information useful to anyone using C++, including programmers coming to C++ for the first time.
• intermediate: Information that assumes you have a working familiarity with C++ and are ready to dig a little deeper.
• advanced: Information for C++ experts that assumes you know C++ pretty well, want to make the most of it, and aren't afraid to "lift the hood" from time to time to take full control.
• experimental: Material that isn't about Standard C++ today, but about what it could be -- including articles talking about future language and library extensions, and even prototype compiler implementations of future language features.

Sometimes posts will have multiple tags, when they point to material that covers useful information at more than one level. For instance, "Panel" style videos often range widely over many useful topics, and may include a lot of generally useful information appropriate to all levels while also including some pretty advanced parts of interest to experts. The goal is that if you're looking for, say, "intermediate" material, then following that tag will deliver only those items that have significant intermediate content, even if some parts may be more basic or advanced.

When you read a post, you'll see the tag(s) listed near the top. You can click on any tag to see what else has been posted with that tag. Over the next few days, we'll be adding an easy way to drill into each tag without going to a blog post first.

Blog Comments

You can now edit your own blog comments. Also, formatting control has been improved, with some more improvements coming. As always, including a nicely-formatted code block in your comment is as easy as wrapping it with <pre> and </pre>.

And More

We've also made many more improvements under the covers, and will have more to show you in the coming weeks and months. Stay tuned.

Stroustrup's Tour of C++: Third chapter posted

By Blog Staff | Jan 9, 2013 10:22 AM | Tags: basics

Part 3 of Bjarne Stroustrup's draft Tour of C++ is now available. This material is a preview draft of Chapter 4 of Stroustrup's upcoming The C++ Programming Language, 4th Edition.

A Tour of C++, Part 3: Containers and Algorithms

by Bjarne Stroustrup

Stroustrup writes:

No significant program is written in just a bare programming language,
it would be too tedious.

However, just about any task can be rendered simple by the use of good libraries.

This third chapter of my tour of C++ begins the presentation of the standard library, which is about half of the C++ standard.

Constructive comments would be most welcome.