Comments for COdE fr3@K

Comment on 當 Constructor 遇上 Virtual Function by jeffhung

jeffhung — Thu, 04 Mar 2010 10:35:11 +0000

我習慣用 proxy (handle) class 包裝 class hierarchy 來解這個問題。因為 client code 只能接觸到 proxy (handle)，所以可以隔絕採用 Virtual Constructor Idiom 的 (醜陋) implementation class hierarchy。另外，proxy (handle) class 視情況，可以用 shared_ptr 來盛裝 implementation object，以兼顧 thread-safety。最後，Base-from-Member Idiom 是這個問題的另外一種變形，稍加修改設計，亦可適用。

Comment on Quiz on C++ Object Model by Keiko

Keiko — Thu, 04 Mar 2010 05:46:28 +0000

不考慮 compiler 怎麼 encode type name 。印出：Base 再印出 Derived 。

因為當 Constructor 遇上 Virtual Function說：
建構一個 Derived 的 object instance 時, 先被建構的是其父類別，因此此時 typeid 會是拿到 Base class 。待子類別建構完成後、在 main() 中的 d.print_type_name(); 呼叫才會拿到 Derived 。

Comment on 當 Constructor 遇上 Virtual Function by Ricky Lung

Ricky Lung — Wed, 03 Mar 2010 02:12:29 +0000

好文章. 期待 “當 Destructor 遇上 Virtual + Multi-thread”

Comment on 當 Constructor 遇上 Virtual Function by Keiko

Keiko — Wed, 03 Mar 2010 02:00:37 +0000

可能是這裡：Effective C++, 3rd: Item 9: Never call virtual functions during construction or destruction.

Comment on 當 Constructor 遇上 Virtual Function by av

av — Tue, 02 Mar 2010 17:37:55 +0000

我忘了之前在哪本書看過的，反正結論說，就是不要在 constructor 使用 virtual function 就對了。

Comment on StatCounter – Now 5 Times Better by fr3@K

fr3@K — Thu, 04 Feb 2010 05:41:47 +0000

500 page view log entries.

Comment on StatCounter – Now 5 Times Better by bao

bao — Thu, 04 Feb 2010 03:06:47 +0000

But what’s the log size mean?500 vistors?500K?500B?

Comment on 啟始 Global Variable 的困境 by jeffhung

jeffhung — Thu, 07 Jan 2010 08:21:04 +0000

「在 include 使用者自訂 header 之前 include 標準 header 是不好的習慣.」

我亦認同且自己嚴格執行這個 convention，不過，考慮到 pre-compiled header 可以有十分顯著的 compilation speed up 時，把 standard headers 放前面有其好處。

Comment on What Should We Teach New Software Developers? Why? by fr3@K

fr3@K — Tue, 05 Jan 2010 08:20:15 +0000

沒有行醫經驗的特定專門醫學老師肯定是需要的, 但讓沒實務經驗的老師來教外科手術就很恐怖了吧.

Comment on What Should We Teach New Software Developers? Why? by Jerry Wu

Jerry Wu — Tue, 05 Jan 2010 03:08:33 +0000

在醫學院裡面也是有專做基礎醫學的老師吧。個人認為學問跟技藝的確是要相輔相成，不過單就這段quote看起來好像是說那些不是”mastery of its app in complete systems”的人，不應該當老師?

Comment on 一看就知道 – 不 Thread-Safe 的 API by fr3@K

fr3@K — Fri, 04 Dec 2009 02:06:15 +0000

@av, jeff 的意思是說 MS 提供的 runtime library 常會做非標準的事情. 例如 inet_ntoa 的回傳字串的實作.

POSIX (BSD)

... The string is returned in a statically allocated buffer, which subsequent calls will overwrite.

WIN32

... The string returned is guaranteed to be valid only until the next Windows Sockets function call is made within the same thread.

於是, 在 windows 上的 programmer 並不會知道程式寫錯了, 那些問題也只會在程式要從 windows 跨到其他 platform 時爆炸.

Comment on 一看就知道 – 不 Thread-Safe 的 API by av

av — Thu, 03 Dec 2009 17:46:55 +0000

boost 的 thread_specific_ptr 應該就派的上用場了，不過我沒用過，不敢肯定。

Comment on 一看就知道 – 不 Thread-Safe 的 API by jeffhung

jeffhung — Tue, 01 Dec 2009 06:41:16 +0000

Visual Studio 的骯髒解法是，針對這種 API，就 per thread 建立一個 buffer，指標存在 TLS (thread local storage) 裡，然後回傳之。

於是 upgrade visual studio 版本後，或是一開始就發現，程式很神奇的不會爛掉，但是當 porting 到其它「正常」的平台後，就爛掉了。

Comment on So, You Think C++ is Slower than C by Royce

Royce — Mon, 09 Nov 2009 04:06:35 +0000

I can’t agree with you more.

Comment on Security Enhanced CRT, Safer Than Standard Library? by Bill Spitzak

Bill Spitzak — Sat, 26 Sep 2009 21:31:15 +0000

It would be quite a stupid strategy to spend time and money trying to get these ‘*_s’ routines standardised if ‘lock in’ were Microsoft’s goal.

No, it is a brilliant strategy, because it allows you to make claims like this in order to try to defend their actions. It has zero effect on the “lock in” (the funcitons are trivial enough that no “standard” is needed to reverse-engineer them) but it provides a nice-sounding excuse for their compiler to spew warnings about portable code.

Comment on Security Enhanced CRT, Safer Than Standard Library? by Bill Spitzak

Bill Spitzak — Sat, 26 Sep 2009 21:24:09 +0000

Just want to point out to mr tinfoil that strlcpy does indicate if truncation happened, by returning a value larger than the value passed to it. This value is actually useful in that it is the size the buffer must be reallocated to.

Comment on Boost.Lexical-Cast Alternatives by fr3@K

fr3@K — Tue, 22 Sep 2009 02:45:59 +0000

Works with lexi_cast4 Have fun~

Comment on Boost.Lexical-Cast Alternatives by jeffhung

jeffhung — Mon, 21 Sep 2009 15:29:41 +0000

The lexi_cast3() failed to compile for my simple test case:

CHECK(lexi_cast3(123) == "123");

(CHECK() is a macro of my tiny test framework.)

Comment on Security Enhanced CRT, Safer Than Standard Library? by Tinfoil

Tinfoil — Mon, 24 Aug 2009 13:19:45 +0000

Hi fre3@K,

I still think the claim of a Microsoft conspiracy to ‘lock in’ developers cannot be taken seriously, except by those who could easily be convinced to wear tinfoil on their heads. It would be quite a stupid strategy to spend time and money trying to get these ‘*_s’ routines standardised if ‘lock in’ were Microsoft’s goal.

Second, the issue is not whether a routine is inherently ‘unsafe’ — virtually anything /can/ be used ’safely’ — but whether an interface is so poorly designed that it promotes ‘unsafe’ coding. That is, it cannot be used ’safely’ without a lot of extra code to check things that the library routine itself could (and should) very easily check.

Even the original strcpy can be used perfectly safely if developers keep track of string lengths and buffer sizes. The reason strcpy is ‘unsafe’ is because (a) the interface does not make it clear that developers /have to/ think about these things themselves, and (b) the compiler/runtime does not offer any checking or error reporting, so developers have to rely on spotting bugs in code reviews, with debug allocators (for heap buffers) or from crash dumps.

The main point of these ‘*_s’ routines (well, my guess as to the point) is to force developers to think about string lengths, buffer sizes and truncation whenever they call one of the library routines, and to help them spot cases where they have made mistakes. If you don’t know the string lengths, buffer sizes and whether or not you want to truncate, then your code is already wrong. If you do, then switching to these ‘*_s’ routines is trivial. These are not marketing effects. Thinking about these things is exactly what every developer using the C library should do. Unfortunately, many of them don’t, and even the ones that do sometimes make mistakes, for which the standard C library interfaces/runtime offer no help.

On the whole, strcpy is an awful design and strncpy makes things worse, by introducing confusing special cases without even guaranteeing null termination. strlcpy is a good (but non-standard) solution, and so is strcpy_s. Where strcpy_s wins is in requiring that developers who want truncation explicitly say so, in its more powerful error-handling mechanisms and in the overall consistency of the ‘*_s’ interfaces.

Comment on Security Enhanced CRT, Safer Than Standard Library? by fr3@K

fr3@K — Mon, 24 Aug 2009 10:53:36 +0000

Hi Tinfoil,

First of all, let me just say that I am glad that you stopped calling people “tinfoil heads” in your response to Spitzak’s comment.

The scenario you laid out does demonstrate your points very well, (BTW, I fixed the ‘\0′ thing in your comment) but still, it doesn’t mean one can’t code securely using strncpy.

This post is NOT about how I hated a set of (supposedly) more secured string functions that is not in the Standard, but rather, to dispute one compiler vendor’s secure programming strategy, which IMO, produces more marketing effects than secure coding minds.

Apology to all if I’ve been misleading. By implying strncpy is as safe as strcpy_s, I meant one can’t overrun destination buffers, as a result of invocations of either strncpy or strcpy_s, when used correctly. And one could indeed code securely, with strncpy. (though additional effort may be required) As the zero filling behavior of strncpy, which wastes CPU cycles, is another topic.