C++ Club - Meeting 145
Episode Date: May 24, 2022Show notes: https://cppclub.uk/meetings/2022/145/Video: https://youtu.be/74ynaNlMVzo...
Transcript
Discussion (0)
Welcome to C++ Club, meeting number 145 that took place on the 17th of March 2022.
Discussing C++ while a war in Europe is raging feels surreal.
I stand with people of Ukraine who are experiencing this unspeakable tragedy.
I hope they prevail and I hope Russian war criminals are brought to justice.
P2300 to execution or send as receivers is headed to C++26.
The latest poll with the question Advance P2300, revision 5 to electronic polling to
send it to Liuji for C++26 resulted in strong consensus with just a single neutral vote
and no votes against.
You probably remember that on its way to C++23 the paper was met with strong objections from
quite a few people. Maybe the latest poll
reflects the fact that C++26 is a long way away and the paper can be ready in time. Or maybe not
all committee members were notified of the poll, which I guess is one way of solving the problem. Modern C++ course from Bonn University
There is a decent Modern C++ course on YouTube
and you can check it out
Mold version 1.1.1 released
Rui Uyama released version 1.1.1
of his new Fastlinker mold.
This version adds new LTO options for LLD compatibility and reduces memory usage by approximately 6%, consuming less memory than GNU Gold or Clang LLD.
These are the benchmarks, just to remind you how efficient it is.
Hacking C++ published a tweet with a cheat sheet for when you need to choose string-like
function parameter types.
If you always need a copy of the input string inside the function use parameter
type std string or pass by value if you want read-only access and don't always
need a copy and are using C++ 17 or 20 you can use std string view also by value. If you want read-only access, don't always need a copy,
and are stuck with C++ 98, 11 or 14, use const reference to std string. If you want the function
to modify the input string in place, although you should avoid using such in-out parameters.
You can use a non-const reference to string.
When using the pass-by value and move idiom in constructors, be extra careful not to use
the past parameter after it has been moved from.
Eric Niebler tweeted regarding specializations of variable templates.
Quote, specializations of a variable template can have different types. Hmm,
today I learned, Cpp.
Hanna Dusikova replied, it's exactly the same as specialization of a template based on type.
As you can see in this tweet, there is a code snippet which illustrates that a variable
template can be specialized. Amir Keshe posted an article on the Incredibuild blog called Top 10 Secure
C++ Coding Practices. In it, he gives an overview of what security is and how a C++ programmer
can make the code more robust to avoid vulnerabilities. He starts with the following quote
Understand that there are no safety nets provided by the compiler or runtime
while coding in C++. C++ compiler generates the code the programmer asked
it to generate without adding any safety checks. While coding in C-sharp or Java, for example, incorrect array access would lead to a runtime
exception.
Whereas in C++ this leads to incorrect memory access or memory corruption in case of writing.
Incorrect or sloppy coding can lead to overflows, stack, heap and buffer overflows which can
easily be used for an attack.
End quote.
Some of the advice from the author.
There are several bullet points.
Don't misuse APIs.
Don't rely on undocumented behavior.
Don't use APIs that are established to be vulnerable.
Validate input.
Take advantage of type safety.
Don't intentionally bypass type checking.
Be careful of arithmetic overflows and underflows.
Ah yes, the infamous size underscore T.
Handle exceptions and errors carefully.
Don't leak sensitive information including error codes, stack traces, user IDs etc.
Initialize variables. Security by obscurity is no security.
Don't implement your own cryptography.
Be careful with random numbers. Use the new C++11 random generators.
Hmm... Keep in mind that initializing them properly is quite difficult and there
was a proposal regarding that. It's called allow seeding random number
engines with random device. The document number is P0205
and it wasn't accepted into C++23 unfortunately, so hopefully it'll end up in C++ 26. At the moment the naive
approach that most people seem to use doesn't work and is wrong and the
correct approach or more correct approach is very cumbersome.
The proposal is about making this code work with the random device initializing the engine.
It would work properly and would be quite simple to use, but we can't have nice things
unfortunately. we can't have nice things unfortunately also amir kersh says don't use uninitialized variables as a random number generator
what let's look at this stack overflow question is an initialized local variable the faster to
random number generator no this is undefined behavior and you better not do that.
The answer says there are two main problems though.
It won't be particularly random.
And it's bad capital B.
Back to the article.
Use C++ secure coding standard to complement your C++ coding standard, like SEI cert C++.
And use the right tools to detect security issues, static code analyzers and sanitizers. The related Reddit thread has an interesting discussion on using at instead of square brackets.
I didn't know that in some cases the compiler can optimize away bounds checks in at.
Of course a better solution is to use range for loops or even better ranges and algorithms.
An interesting clang-tidy bug. Leslie Ly tweeted bad idea clang-tidy. His code example shows us an if statement with an if init statement,
which initializes C++17 structured bindings and has an else part.
The first part of the if has a return statement at the end.
And in this case, Clang-Tidy says,
do not use else after return,
and proposes to remove else.
If we applied the fix, the second if wouldn't compile,
because one part of the structured bindings
that is used in the second else if would not be available
because it was declared within the if init section of the first if.
That's it for this short meeting and I will leave you with this couple of tweets. Vicky Boykis says,
A senior developer is someone who fluently hates more than one programming language.
And Terratech tweeted,
Microcontroller programming.
If the timer overflows, we restart the chip to prevent erratic behavior.
FPGA programming. This 84-bit timer
should last till the sun explodes. Thanks for coming and I'll talk to you next time. Bye.