Lot 51 Core Library V1.7
This is a set of core guidelines for modern C++ (currently C++20 and C++17) taking likely future enhancements and ISO Technical Specifications (TSs) into account.The aim is to help C++ programmers to write simpler, more efficient, more maintainable code.
Lot 51 Core Library v1.7
A C++ programmer should know the basics of the standard library, and use it where appropriate.Any programmer should know the basics of the foundation libraries of the project being worked on, and use them appropriately.Any programmer using these guidelines should know the guidelines support library, and use it appropriately.
There are environments where extensions are necessary, e.g., to access system resources.In such cases, localize the use of necessary extensions and control their use with non-core Coding Guidelines. If possible, build interfaces that encapsulate the extensions so they can be turned off or compiled away on systems that do not support those extensions.
There are environments where restrictions on use of standard C++ language or library features are necessary, e.g., to avoid dynamic memory allocation as required by aircraft control software standards.In such cases, control their (dis)use with an extension of these Coding Guidelines customized to the specific environment.
The standards library and the GSL are examples of this philosophy.For example, instead of messing with the arrays, unions, cast, tricky lifetime issues, gsl::owner, etc.,that are needed to implement key abstractions, such as vector, span, lock_guard, and future, we use the librariesdesigned and implemented by people with more time and expertise than we usually have.Similarly, we can and should design and implement more specialized libraries, rather than leaving the users (often ourselves)with the challenge of repeatedly getting low-level code well.This is a variant of the subset of superset principle that underlies these guidelines.
Using a well-designed, well-documented, and well-supported library saves time and effort;its quality and documentation are likely to be greater than what you could doif the majority of your time must be spent on an implementation.The cost (time, effort, money, etc.) of a library can be shared over many users.A widely used library is more likely to be kept up-to-date and ported to new systems than an individual application.Knowledge of a widely-used library can save time on other/future projects.So, if a suitable library exists for your application domain, use it.
Unless you are an expert in sorting algorithms and have plenty of time,this is more likely to be correct and to run faster than anything you write for a specific application.You need a reason not to use the standard library (or whatever foundational libraries your application uses) rather than a reason to use it.
You must be aware of the execution environment that your code is running whendeciding whether to tag a function noexcept, especially because of the issueof throwing and allocation. Code that is intended to be perfectly general (likethe standard library and other utility code of that sort) needs to supportenvironments where a bad_alloc exception could be handled meaningfully.However, most programs and execution environments cannot meaningfullyhandle a failure to allocate, and aborting the program is the cleanest andsimplest response to an allocation failure in those cases. If you know thatyour application code cannot respond to an allocation failure, it could beappropriate to add noexcept even on functions that allocate.
The C++ built-in types are regular, and so are standard-library classes such as string, vector, and map. Concrete classes without assignment and equality can be defined, but they are (and should be) rare.
Many language and library facilities rely on default constructors to initialize their elements, e.g. T a and std::vector v(10).A default constructor often simplifies the task of defining a suitable moved-from state for a type that is also copyable.
That is the generally assumed semantics. After x = y, we should have x == y.After a copy x and y can be independent objects (value semantics, the way non-pointer built-in types and the standard-library types work) or refer to a shared object (pointer semantics, the way pointers work).
Ideally, that moved-from should be the default value of the type.Ensure that unless there is an exceptionally good reason not to.However, not all types have a default value and for some types establishing the default value can be expensive.The standard requires only that the moved-from object can be destroyed.Often, we can easily and cheaply do better: The standard library assumes that it is possible to assign to a moved-from object.Always leave the moved-from object in some (necessarily specified) valid state.
swap is widely used in ways that are assumed never to fail and programs cannot easily be written to work correctly in the presence of a failing swap. The standard-library containers and algorithms will not work correctly if a swap of an element type fails.
There are of course other fundamentally sound design styles and sometimes reasons to depart fromthe style of the standard library, but in the absence of a solid reason to differ, it is simplerand easier for both implementers and users to follow the standard.
Not every class is meant to be a base class.Most standard-library classes are examples of that (e.g., std::vector and std::string are not designed to be derived from).This rule is about using final on classes with virtual functions meant to be interfaces for a class hierarchy.
There are examples where final can be important for both logical and performance reasons.One example is a performance-critical AST hierarchy in a compiler or language analysis tool.New derived classes are not added every year and only by library implementers.However, misuses are (or at least have been) far more common.
Consider swap. It is a general (standard-library) function with a definition that will work for just about any type.However, it is desirable to define specific swap()s for specific types.For example, the general swap() will copy the elements of two vectors being swapped, whereas a good specific implementation will not copy elements at all.
Code using a library can be much easier to write than code working directly with language features, much shorter, tend to be of a higher level of abstraction, and the library code is presumably already tested.The ISO C++ Standard Library is among the most widely known and best tested libraries.It is available as part of all C++ implementations.
Large parts of the standard library rely on dynamic allocation (free store). These parts, notably the containers but not the algorithms, are unsuitable for some hard-real-time and embedded applications. In such cases, consider providing/using similar facilities, e.g., a standard-library-style container implemented using a pool allocator.
The built-in array uses signed subscripts.The standard-library containers use unsigned subscripts.Thus, no perfect and fully compatible solution is possible (unless and until the standard-library containers change to use signed subscripts someday in the future).Given the known problems with unsigned and signed/unsigned mixtures, better stick to (signed) integers of a sufficient size, which is guaranteed by gsl::index.
Sometimes, just passing the minimal amount of information back (here, true or false) is sufficient, but a good interface passesneeded information back to the caller. Therefore, the standard library also offers
It is also important to note that concurrency in C++ is an unfinishedstory. C++11 introduced many core concurrency primitives, C++14 and C++17 improved onthem, and there is much interest in making the writing ofconcurrent programs in C++ even easier. We expect some of the library-relatedguidance here to change significantly over time.
With the exception of async(), the standard-library facilities are low-level, machine-oriented, threads-and-lock level.This is a necessary foundation, but we have to try to raise the level of abstraction: for productivity, for reliability, and for performance.This is a potent argument for using higher level, more applications-oriented libraries (if possible, built on top of standard-library facilities).
Now the == in Bad was designed to cause trouble, but would you have spotted the problem in real code?The problem is that v.size() returns an unsigned integer so that a conversion is needed to call the local ==;the == in Bad requires no conversions.Realistic types, such as the standard-library iterators can be made to exhibit similar anti-social tendencies.
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker must place a malicious DLL on a local system and convince a user to execute a specific executable. The security update addresses the vulnerability by correcting how the Visual Studio C++ Redistributable Installer validates input before loading DLL files.
CVE-2021-43877 .NET VulnerabilityAn elevation of privilege vulnerability exists in ANCM which could allow elevation of privilege when .NET core, .NET 5 and .NET 6 applications are hosted within IIS.
Navigate to Decompiled Sources in now on by default allowing you to navigate to declarations of library types. Navigate to Decompiled Sources is available when you invoke Go to Definition on a library symbol in your source code and on decompiled sources.
The Z Garbage Collector, also known as ZGC, is a scalable low latency garbage collector (JEP 333). At its core, ZGC is a concurrent garbage collector, meaning that all heavy lifting work (marking, compaction, reference processing, string table cleaning, etc) is done while Java threads continue to execute. This greatly limits the negative impact that garbage collection has on application response times. 041b061a72