Herb Sutter

• add things (more); fix things (some); simplify (least);
• Why not reverse this?
• adding things (eg MetaClasses) can simplify things

A tale of two compiler switches

-fno-exceptions

-fno-rtti

• Make things static by default
• Dynamic by opt-in

Exception Handling

• isocpp.org 2018-02 survey; 48% ban exceptions either fully or partially (22% not allowed)
• error codes; expected/outcome types; exceptions
• std::error_code. std::filesystem supports both dialect

Root cause

• Today’s exception handling is not zero-overhead. Just enabling increases size
• throwing an exception not statically boundable space and time overhead. Violates you can’t reasonably write it better by hand
• Lack of control

Key definition

• what is a recoverable error
• A function cannot do what it is supposed to do. Mirriam webster definition of “error”
• A precondition violation is always a bug in the caller

Four coordinated proposals

• Enable zero-overhead exception handling
• throw few exceptions (90% of all exceptions should not be)
• support explicit try for visble propagation

static exceptions

• throwing values of static types means by value. No dynamic memory
• isomorphic to error codes
• share return channel
• Need to be backward compatible. Opt in
• As-if returning union(Success; Error;} + bool
• doubles down on value semantics

Proposal

• Add a noexcept-querable allocator proprety for “reports vs aborts” on allocation failure.
• recommend conditional noexcept based on the relvant allocator
• babb on GitHub.com/HerbSutter

Part 2: Run-time type information

• Same for exceptions
• Joe Bialek Wendesday Root cause of CVEs by patch year.
• Type confusion increasing (e.g. static downcast)
• static_cast perhaps because RTTI is banned
• RTTI allowed in 68%

static_cast down-casts

• Peter Collingbourne
• Uses vtable ordered in memory so downcast is just a range check

• down_cast

  5 instructions

• fads

Greg Law

gdb

• ptrace()
• signals ony reach the tracee via PTRACE_COUNT
• breakpoints and single step are SIGTRAPs
• ^C is SIGINT
• modify instruction causes SIGTRAP

DWARF

g++ -g3??? ; helps make inline functions not look inline; macros

• “Optomized out” really means it’s just later
• readelf —dump-debug
• can actually track registers while live
• Call frame analysys
• Catch throw or catch
• Libthreddb

address Sanitizer

Malloc and free are intercepted. Shadow memory keeps track

Replay

Record and replay nondeterministic steps. Just Re execute to get to current point

Static analysis

What’s The best way for a c++ programmer to make money? Inheritance

Synopsis

Kate Gregory

gregcons.com/kateblog

Naming things

• It matters
• It’s a learned skill

Not Naming conventions

• camelCase, snake_case, PascalCase ….

Names carry meaning

• expire date vs end date
• is a date or datetime
• It matters everywhere
• Bad names confuse
• Giving something the correct name may happen long after it’s first written

Naming requires empathy

• sort/partial_sort/partial_sort_copy
• top_n() is better name

Consitency

• Names exist outside of your code
• Headings n reports
• Emails
• Alaows call things by their proper names, everywhere
• Don’t use same words for different things
• Don’t accept similar English words in conversation
• Don’t invent business works
• Avoid pre/post and other “dependent” names
• Unless the business uses them
• Prefer single English words like “Save” or “Location” vs UpdateConfigFile and StorageCoOrdinates
• Don’t mimsmatch
• begin goes with end, …
• Functions are verbs
• Helper verbs: isEmpty() less ambigrous then empty()
• isShippable() vs canShip() vs getShipStatus()
• avoid the “-able”
• Tools matter
• alphabetical lists
• Classes are Nons
• Anything ending in “er (et al) is suspect without a noun
• Adjectives are your friend
• FullName not Name
• Avoid encoding type
• exceoptions: Date, asX
• Maybe avoid leaking enums? e.g. instead of getStatus() == Application::OK maybe isApproved()
• Don’t abbreviate
• templates:
• One? T is ok
• Two: make meaningful
• When to name things? When you know what it is
• Sometimes before you even write the code
• Never miss an opportunity to fix a name
• Sometimes when code chnags the names need to change

Better naming

• Care about the code you write and the people who will read it
• Think about the purposes names server
• Don’t be paralyzed
• Fix it later
• Demand good names
• When you learn what something is, fix its name

John Kalb, Sean Parent, Phil Nash

Discussion about interviewing

• binary search as a take home test question
• Talking about Alex Stepanov who works at Adobe www.stlport.org/resources/StepanovUSA.html
• STL: Software Technology Lab (at Compaq/HP)

Adobe History

• Photoshop: $2B? 20-40 people
• Port to ipad read 1G file with only 40M memory

Sean Parent

• Let’s rotate (cppcon six years ago); meme?
• – Goal: No contradictions
• A novice sees only the chessman; an amateur sees the board; a master sees the game

Entity notation

• Witnessed Relationships: a relationship represented by an object
• copyable and equality comparable
• When an object is copied or moved any witnessed relationship is either maintained, severed, or invalidated
• When an object is destructed any witnessed relationship is either severed, or invalidated

Safety

• std::move()

  is an unsafe operation

C++20

• One new feature: concepts (joke about contracts)
• Hoare Logic (paper from 1969, C.A.R Hoare)

Equality

Applying “Design by Contract”

Contracts

• Preconditions (require)
• Postconditions
• Invariants

Concepts

A compile time constraint to select an appropriate operation

Contracts assert at runtime if an an operations

A runtime constraint to select an appropriate operation is know a pattern matching

No Raw Loops

The Game

• Architecture is the art and practice of designing and constructing structures

Timer example

Registry

Container support these:

• Add an object and obtain receipt
• Use receipt to retrieve the object
• iterate

Russian Coat Check Algorithm

• Receipts are ordered
• Coats always appended with stub
• Binary search to retrieve coat
• when more than half the slot are empty; compact the coats
• Coats are always ordered receipt stubs
• Coats ordered by insertion

Double entry bookkeeping

• Every transaction twice
• 5 standard accounts: Asses, Capital, Liabilities, Revenues, and Expenses
• This ensure the mechanical process of entering a transaction is done in two ways

Contradictions

• unit tests expose contradictions

No Raw Synchronization Primitives

Use strong preconditions to move the issue to the caller

Setting a property

• Code is redundant
• – Different aspects of the same code
• value is a*b when a changes
• other_value is a*b when b changes
• asking for troubles
• Different, mutually exclusive relationships with non-local control
• Implied last in wins relationship
• An incidental algorithm; property convert to the correct value
• property is not a simple property but a stream, trigger, or latch
• or it’s just wrong

No Raw Pointers

https://sean-parent.stlab.cc for talks

Hyrum Wright

C++ is a dynamically typed language

example with sso_string and union

If somebody can (ab)use your API, they will

Types Encode constraints

int timeout;
int number_of_pumpkins = 6*timeout;

better:

void set_deadline (absl::Duration deadline);


See “Time Programming Funamentals” by Greg Miller

Abseil Time API

• Valid invalid operations: Duration + Duration gives Duration;
Duration + Time gives Time;
Time + Time is invalid, etc

Gradual Typing

• python: adds annotation

Goals

• Automated (almost) everything
• Keep code buildable (each multiple steps)
• Keep code readable
• Eventually converge at a fixed point

Things that don’t work

• Monolithic changes
• Variable type
• Most integers don’t represent time
• Variable name
• What does timeout_seconds actually mean?
• Comments super unreliable

Types of transformations

• Expression
• Simplification
• Comparison
• Addition and Subtraction
• Distribution
• Variable
• Local, global, class members
• Inter-function
• Parame and value

Expression: Simplification

• Makes matching easier
• clang-tidy code for matcher
• code for fixer

Expresion: Comparison

Inter-function return values

Seeding Type Information

• Identify high value targets

Reactions

• You added a bug … oh
• Thanks
• (crickets)

Other applications

• Converting to std::string_view
• Ownership deduction (i.e. std::unique_ptr)

GitHub.com/llvm-mirror/clang-tools-extra/tree/master/clang-tidy/abseil

Questions

• How to justify? “We should be able to change our software”