To anyone who's still following any of my public works - FastFormat,
Pantheios, STLSoft, Breaking Up The Monolith, Quality Matters, VOLE,
etc. - and wondering whether these activities are permanently moribund, I
want to let you know that I'll soon be free of a very intense and
overwhelmingly consuming commercial engagement over the last 2.5 years,
and the second half of this year should see much activity in
open-source, commercial, and writing activities.
Cheers
Matt
Monday, May 21, 2012
Monday, January 10, 2011
Pantheios 1.0.1 beta 210 released: closing a vulnerability to badly written third-party libraries
The latest release of Pantheios - version 1.0.1 beta 210 - closes a vulnerability to implicit conversion of instances of fundamental types in the presence of badly-written third-party C++ libraries.
For reasons of robustness, Pantheios log statements do not accept instances of fundamental types - integers, floating-points, bool, char, and so on. Instead, users are advised to select from the set of stock inserter classes and functions provided with the library, or to define their own.
Consequently, and by design, statements such as the following will result in compilation errors:
Instead, inserters should be used:
This can be expressed more succinctly by using namespace and inserter aliases:
In a wide-string build in the presence of MFC, then rather than causing a compilation error, the 10 will actually be converted to an instance of CString, via the conversion constructor taking a TCHAR argument!
Obviously this is not desirable, particularly not for a diagnotic logging library! As of 1.0.1 beta 210, there are compile-time constraints in the application layer function templates - log(), log_DEBUG(), etc. - that cause a compile error if any argument is of fundamental type.
For reasons of robustness, Pantheios log statements do not accept instances of fundamental types - integers, floating-points, bool, char, and so on. Instead, users are advised to select from the set of stock inserter classes and functions provided with the library, or to define their own.
Consequently, and by design, statements such as the following will result in compilation errors:
#include <pantheios/pantheios.hpp>
pantheios::log_NOTICE("int: ", 10);
pantheios::log_INFORMATIONAL("float: ", 1.23);
pantheios::log_INFORMATIONAL("bool: ", true);
pantheios::log_NOTICE("int: ", 10);
pantheios::log_INFORMATIONAL("float: ", 1.23);
pantheios::log_INFORMATIONAL("bool: ", true);
Instead, inserters should be used:
#include <pantheios/pantheios.hpp>
#include <pantheios/inserters/integer.hpp>
#include <pantheios/inserters/real.hpp>
#include <pantheios/inserters/boolean.hpp>
#include <pantheios/inserters/integer.hpp>
#include <pantheios/inserters/real.hpp>
#include <pantheios/inserters/boolean.hpp>
pantheios::log_NOTICE("int: ", pantheios::integer(10));
pantheios::log_INFORMATIONAL("float: ", pantheios::real(1.23));
pantheios::log_INFORMATIONAL("bool: ", pantheios::boolean(true));
pantheios::log_INFORMATIONAL("float: ", pantheios::real(1.23));
pantheios::log_INFORMATIONAL("bool: ", pantheios::boolean(true));
This can be expressed more succinctly by using namespace and inserter aliases:
#include <pantheios/pan.hpp>
#include <pantheios/inserters/i.hpp>
#include <pantheios/inserters/real.hpp>
#include <pantheios/inserters/b.hpp>
#include <pantheios/inserters/i.hpp>
#include <pantheios/inserters/real.hpp>
#include <pantheios/inserters/b.hpp>
pan::log_NOTICE("int: ", pan::i(10));
pan::log_INFORMATIONAL("float: ", pan::real(1.23));
pan::log_INFORMATIONAL("bool: ", pan::b(true));
pan::log_INFORMATIONAL("float: ", pan::real(1.23));
pan::log_INFORMATIONAL("bool: ", pan::b(true));
Unfortunately, in the presence of ATL or MFC - or any other library that has conversion constructors and for which string access shims are defined - the former statements will compile and execute, but will not produce the expected output. Consider the following code:
#include <afx.h>
#include <pantheios/pan.hpp>
pan::log_NOTICE("int: ", 10);
#include <pantheios/pan.hpp>
pan::log_NOTICE("int: ", 10);
In a wide-string build in the presence of MFC, then rather than causing a compilation error, the 10 will actually be converted to an instance of CString, via the conversion constructor taking a TCHAR argument!
Obviously this is not desirable, particularly not for a diagnotic logging library! As of 1.0.1 beta 210, there are compile-time constraints in the application layer function templates - log(), log_DEBUG(), etc. - that cause a compile error if any argument is of fundamental type.
Friday, January 7, 2011
Pantheios::Extras::DiagUtil 0.1.1 (alpha 1)
I've just released the first publicly available version - 0.1.1 (alpha 1) - of Pantheios::Extras::DiagUtil; details here.
It allows a user to replace code such as:
with:
or, if your program is written in C, with:
The immediate advantate is clear: substantially improved transparency in your application code. There are three secondary advantages:
More memory-tracing functionality will appear in forthcoming releases.
It allows a user to replace code such as:
#if defined(_MSC_VER) && \
defined(_DEBUG)
# include <crtdbg.h>
#endif
int main(int argc, char** argv)
{
#if defined(_MSC_VER) && \
defined(_DEBUG)
_CrtMemState memState;
_CrtMemCheckpoint(&memState);
#endif
int result;
. . . // main program logic (which must assign to result)
#if defined(_MSC_VER) && \
defined(_DEBUG)
_CrtMemDumpAllObjectsSince(&memState);
#endif
return result;
}
with:
#include <pantheios/extras/diagutil.hpp>
int program(int argc, char** argv)
{
. . . // main program logic
return EXIT_SUCCESS;
}
int main(int argc, char** argv)
{
return pantheios::extras::diagutil::
main_leak_trace::invoke(argc, argv, program);
}
or, if your program is written in C, with:
#include <pantheios/extras/diagutil.h>
int program(int argc, char** argv)
{
. . . // main program logic
return EXIT_SUCCESS;
}
int main(int argc, char** argv)
{
return pantheios_extras_diagutil_main_leak_trace_invoke(
argc, argv, program);
}
The immediate advantate is clear: substantially improved transparency in your application code. There are three secondary advantages:
- you do not need to explicitly conditionally include crtdbg.h
- the library can be enhanced in the future to work with other compiler-extensions, without requiring any changes to your code
- you do not have to avoid the use of
returnstatements in your main program logic, and to remember to assign toresult
More memory-tracing functionality will appear in forthcoming releases.
Thursday, January 6, 2011
Pantheios::Extras::Main 0.1.1 (alpha 1) released
I've just released the first publicly available version - 0.1.1 (alpha 1) - of Pantheios::Extras::Main; details here.
It allows a user to replace code such as:
with:
As discussed in the sixth instalment of Quality Matters, Exceptions for Practically-Unrecoverable Conditions, without an exhaustive top-level try-catch statement, program robustness cannot be averred. Pantheios::Extras::Main let's you achieve that in a single statement.
It allows a user to replace code such as:
char const PROGRAM_NAME[] = "myprogram";
int main(int argc, char** argv)
{
try
{
. . . // program logic
return EXIT_SUCCESS;
}
catch(std::bad_alloc&)
{
pantheios::logputs(pantheios::alert, "out of memory");
fprintf(stderr, "%s: out of memory\n", PROGRAM_NAME);
}
catch(std::exception& x)
{
pantheios::log_CRITICAL(x);
fprintf(stderr, "%s: %s\n", PROGRAM_NAME, x.what());
}
catch(...)
{
pantheios::logputs(pantheios::emergency,
"unexpected unknown failure");
fprintf(stderr,
"%s: unexpected unknown failure\n",
PROGRAM_NAME);
}
return EXIT_FAILURE;
}
with:
char const PROGRAM_NAME[] = "myprogram";
int program(int argc, char** argv)
{
. . . // program logic
return EXIT_SUCCESS;
}
int main(int argc, char** argv)
{
return pantheios::extras::main::invoke(argc, argv,
program, PROGRAM_NAME);
}
As discussed in the sixth instalment of Quality Matters, Exceptions for Practically-Unrecoverable Conditions, without an exhaustive top-level try-catch statement, program robustness cannot be averred. Pantheios::Extras::Main let's you achieve that in a single statement.
Tuesday, January 4, 2011
pantheios_be_file_flush()
The newly released Pantheios 1.0.1 beta 208 contains an enhancement to be.file: the addition of a new API function pantheios_be_file_flush().
int pantheios_be_file_flush(int backEndId);
The function takes a single int argument, backEndId, representing the identifier of the specific be.file back-end instance to be flushed, or PANTHEIOS_BEID_ALL, to apply to all be.file back-end instances.
The function returns 0 on success, or a status code representing failure in one or more be.file back-end instances.
int pantheios_be_file_flush(int backEndId);
The function takes a single int argument, backEndId, representing the identifier of the specific be.file back-end instance to be flushed, or PANTHEIOS_BEID_ALL, to apply to all be.file back-end instances.
The function returns 0 on success, or a status code representing failure in one or more be.file back-end instances.
Pantheios 1.0.1 beta 208 released
Pantheios 1.0.1 beta 208 is released. It contains:
- addition of new API function, pantheios_be_file_flush(), to be.file.
- fix of defect in be.file, whereby interpretation of date/time format specifiers in its file path - a feature added in 1.0.1 beta 197 - failed to add 1900 to year and 1 to month in be.file's
- changes in names of status codes, removing word ERROR, and replacing with FAILURE.
- removal of all remaining vestigial uses of magic numbers - principally -1 and -2 - from exception-catch clauses in core and several back-ends, and replacement with suitable status codes (e.g. PANTHEIOS_INIT_RC_UNSPECIFIED_FAILURE).
- non-functional enhancements to be.N, in preparation for new functionality in a forthcoming release
- added a new FAQ item (#19), which explains how to use get Pantheios to compile the libraries when using Microsoft Visual C++'s -Zc:wchar_t- flag.
- removed -D_CRT_SECURE_NO_DEPRECATE from all Visual C++ (8+) makefiles, since all Pantheios (and supporting STLSoft) files are now compatible with Microsoft's "safe string" library.
- added a new example, example.cpp.util.strdup, illustrating use of utility functions pantheios::util::strdup_throw() and pantheios::util::strdup_nothrow().
- removed all include/pantheios/extras/* files, which will (re-)appear in separate package distributions henceforth.
Monday, November 8, 2010
Wide String Shims for std::exception
The new release of STLSoft supports seamless use of exceptions with Pantheios (and FastFormat) in wide-string builds; described on this post on the STLSoft project blog.
Subscribe to:
Posts (Atom)
Posts
