Product News

SonarQube / SonarCloud detect buffer overflows in most POSIX functions

SonarQube and SonarCloud perform static analysis of C, C++ and 25 other languages. 

Detect C++ buffer overflows in most POSIX functions

By G. Ann Campbell

From the article:

Buffer overflows have been responsible for some of the most notorious crashes, worms, and hacks for more than 30 years, including the Morris worm, the Code Red worm, and the ping of death. More recently, VPNs have been compromised via buffer overflow; an overflow-related code execution flaw was found in macOS Mojave (fixed in Catalina); and a WhatsApp buffer overflow exposed users' private messages, location, and even camera and mic feeds. In short, buffer overflows aren't just bugs that could crash your program; they also represent serious threats to security. That's why we're excited to announce the availability of a new C and C++ rule to detect overflows in most POSIX functions: S5782, "POSIX functions should not be called with arguments that trigger buffer overflows".

PVS-Studio 7.07: Features Overview

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

From the article:

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).

GCC 10.1 Released--Jakub Jelinek

The new version is out.

GCC 10.1 Released

by Jakub Jelinek

From the article:

A year has lapsed away since the release of last major
GCC release, more than 33 years passed since the first
public GCC release and the GCC developers survived
repository conversion from SVN to GIT earlier this year.

Today, we are glad to announce another major GCC release, 10.1.

This release makes great progress in the C++20 language support,
both on the compiler and library sides [1], some C2X enhancements,
various optimization enhancements and bug fixes, several new
hardware enablement changes and enhancements to the compiler back-ends
and many other changes.  There is even a new experimental static
analysis pass [2]...

CppDepend v2020.1 Released! - Dependency Graph Completely Rebuilt, new Linux version, CUDA support

CppDepend allows architects and developers to analyze C and C++ code base, automate code reviews, and facilitate refactoring and migration.

CppDepend v2020.1

by CppDepend

About the release

CppDepend’s Dependency Graph feature has been rebuilt from scratch. And, thanks to several innovations, it is now a unique and differentiated tool for exploring and navigating code bases. Feature highlights include:

  • Optimized to work on very large codebases: For example, now the graph can be used to navigate in a very large project in real-time.
  • New graph navigation bar: expand/collapse parent nodes; focus on entangled code; generate call graphs, coupling graphs, inheritance graphs, and more.
  • New dependency graph layout option: group by project, namespace, or class with new color conventions and new filters.
  • Complex graphs are simplified with Clusters: cluster nodes can be automatically introduced to make large and complex graphs readable.
  • Search in graphs: Interesting graphs can be quickly obtained by searching elements by name and pruning un-matched elements.
  • Export graphs to SVG vector format
  • Dependency Graph presentation in reports has been improved: thanks to clusters feature.
  • Smart Graph Persistence: A list of actions can be persisted to obtain a graph that remains in-sync through code changes.

Also, CppDepend 2020.1 includes:

  • CppDepend on Linux completely rebuilt: The Linux GUI is completely rebuilt to use the GTK framework for a better user experience.
  • C/C++ plugin for SonarQube is now available on Linux
  • CUDA Support: CppDepend fully supports the analysis of CUDA-based applications.
  • Improved Physical structure analysis: When you create a new CppDepend project you have now the choice to use a logical view or a physical view.
  • Source File Store Out Of The Box: Parsed source files are now zipped at analysis time.
  • Bamboo and AppVeyor Integration: You can now integrate the CppDepend report to Bamboo and AppVeyor
  • Numerous Bugs Fixes and Improvements

Click here to see a series of short GIF animations that illustrate these features and product improvements.

Download and enjoy the new version of CppDepend now by clicking here.

Codeplay implements MKL-BLAS for NVIDIA GPUs using SYCL and DPC++

SYCL is an open standard developed by the Khronos™ Group that enables developers to write code for heterogeneous systems using standard C++.

Codeplay implements MKL-BLAS for NVIDIA GPUs using SYCL and DPC++

by Codeplay

About the release:

Software developers are looking more than ever at how they can accelerate their applications without having to write optimized processor specific code. SYCL is the industry standard for C++ acceleration, giving developers a platform to write high-performance code in standard C++, unlocking the performance of accelerators and specialized processors.

The oneMKL BLAS library is the first math library implementation for oneAPI to enable support for NVIDIA GPUs and uses the interoperability features implemented by DPC++. This work consists of a major open source contribution to the oneAPI intiative by Codeplay. It also represents an opportunity for developers to use SYCL as an alternative to using CUDA for developing high performance parallel applications.

Boost Version 1.73.0

With two new libraries.

Boost Version 1.73.0

From the article:

New Libraries

  • Nowide: Standard library functions with UTF-8 API on Windows, from Artyom Beilis.
  • StaticString: A dynamically resizable string of characters with compile-time fixed capacity and contiguous embedded storage, from Vinnie Falco and Krystian Stasiowski


How to Use C++ for Azure Storage--Bartlomiej Filipek


How to Use C++ for Azure Storage

by Bartlomiej Filipek

From the article:

Blob storage is an object storage service you use in Azure. It is designed for storing large volumes of unstructured data, including text, binary data, images, and text. In this service, your data is stored in containerized blobs with a directory-like structure. You can use blob storage to ensure flexible access to storage, high availability, and data consistency. Read on to learn how you can use C++ with Azure storage...

Finding build bottlenecks with C++ Build Insights--Kevin Cadieux

Did you try it?

Finding build bottlenecks with C++ Build Insights

by Kevin Cadieux

From the article:

C++ Build Insights offers more than one way to investigate your C++ build times. In this article, we discuss two methods that you can use to identify bottlenecks in your builds: manually by using the vcperf analysis tool, or programmatically with the C++ Build Insights SDK. We present a case study that shows how to use these tools to speed up the Git for Windows open source project. We hope these tutorials will come in handy when analyzing your own builds...