Monday, January 10, 2011

Pantheios 1.0.1 beta 210 released: closing a vulnerability to badly written third-party libraries

The latest release of Pantheios - version 1.0.1 beta 210 - closes a vulnerability to implicit conversion of instances of fundamental types in the presence of badly-written third-party C++ libraries.

For reasons of robustness, Pantheios log statements do not accept instances of fundamental types - integers, floating-points, bool, char, and so on. Instead, users are advised to select from the set of stock inserter classes and functions provided with the library, or to define their own.

Consequently, and by design, statements such as the following will result in compilation errors:

  #include <pantheios/pantheios.hpp>

  pantheios::log_NOTICE("int: ", 10);

  pantheios::log_INFORMATIONAL("float: ", 1.23);

  pantheios::log_INFORMATIONAL("bool: ", true);

Instead, inserters should be used:

  #include <pantheios/pantheios.hpp>
  #include <pantheios/inserters/integer.hpp>
  #include <pantheios/inserters/real.hpp>
  #include <pantheios/inserters/boolean.hpp>

  pantheios::log_NOTICE("int: ", pantheios::integer(10));

  pantheios::log_INFORMATIONAL("float: ", pantheios::real(1.23));

  pantheios::log_INFORMATIONAL("bool: ", pantheios::boolean(true));

This can be expressed more succinctly by using namespace and inserter aliases:

  #include <pantheios/pan.hpp>
  #include <pantheios/inserters/i.hpp>
  #include <pantheios/inserters/real.hpp>
  #include <pantheios/inserters/b.hpp>

  pan::log_NOTICE("int: ", pan::i(10));

  pan::log_INFORMATIONAL("float: ", pan::real(1.23));

  pan::log_INFORMATIONAL("bool: ", pan::b(true));

Unfortunately, in the presence of ATL or MFC - or any other library that has conversion constructors and for which string access shims are defined - the former statements will compile and execute, but will not produce the expected output. Consider the following code:

#include <afx.h>
#include <pantheios/pan.hpp>

  pan::log_NOTICE("int: ", 10);

In a wide-string build in the presence of MFC, then rather than causing a compilation error, the 10 will actually be converted to an instance of CString, via the conversion constructor taking a TCHAR argument!

Obviously this is not desirable, particularly not for a diagnotic logging library! As of 1.0.1 beta 210, there are compile-time constraints in the application layer function templates - log(), log_DEBUG(), etc. - that cause a compile error if any argument is of fundamental type.

Friday, January 7, 2011

Pantheios::Extras::DiagUtil 0.1.1 (alpha 1)

I've just released the first publicly available version - 0.1.1 (alpha 1) - of Pantheios.Extras.DiagUtil; details here.


It allows a user to replace code such as:

 #if defined(_MSC_VER) && \
     defined(_DEBUG)
 # include <crtdbg.h>
 #endif

 int main(int argc, char** argv)
 {
 #if defined(_MSC_VER) && \
     defined(_DEBUG)
  _CrtMemState  memState;

  _CrtMemCheckpoint(&memState);
 #endif

  int result;

  . . .  // main program logic (which must assign to result)

 #if defined(_MSC_VER) && \
     defined(_DEBUG)

  _CrtMemDumpAllObjectsSince(&memState);
 #endif

  return result;
 }

with:

 #include <pantheios/extras/diagutil.hpp>

 int program(int argc, char** argv)
 {
  . . . // main program logic

  return EXIT_SUCCESS;
 }

 int main(int argc, char** argv)
 {
  return pantheios::extras::diagutil::
           main_leak_trace::invoke(argc, argv, program);
 }

or, if your program is written in C, with:

 #include <pantheios/extras/diagutil.h>

 int program(int argc, char** argv)
 {
  . . . // main program logic

  return EXIT_SUCCESS;
 }

 int main(int argc, char** argv)
 {
  return pantheios_extras_diagutil_main_leak_trace_invoke(
           argc, argv, program);
  }

The immediate advantate is clear: substantially improved transparency in your application code. There are three secondary advantages:
  • you do not need to explicitly conditionally include crtdbg.h
  • the library can be enhanced in the future to work with other compiler-extensions, without requiring any changes to your code
  • you do not have to avoid the use of return statements in your main program logic, and to remember to assign to result

More memory-tracing functionality will appear in forthcoming releases.

Thursday, January 6, 2011

Pantheios::Extras::Main 0.1.1 (alpha 1) released

I've just released the first publicly available version - 0.1.1 (alpha 1) - of Pantheios.Extras.Main; details here.


It allows a user to replace code such as:

char const PROGRAM_NAME[] = "myprogram";

  int main(int argc, char** argv)
  {
    try
    {
      . . . // program logic

      return EXIT_SUCCESS;
    }
    catch(std::bad_alloc&)
    {
      pantheios::logputs(pantheios::alert, "out of memory");
      fprintf(stderr, "%s: out of memory\n", PROGRAM_NAME);
    }
    catch(std::exception& x)
    {
      pantheios::log_CRITICAL(x);
      fprintf(stderr, "%s: %s\n", PROGRAM_NAME, x.what());
    }
    catch(...)
    {
      pantheios::logputs(pantheios::emergency,
        "unexpected unknown failure");
      fprintf(stderr,
        "%s: unexpected unknown failure\n",
        PROGRAM_NAME);
    }

    return EXIT_FAILURE;
  }

with:

char const PROGRAM_NAME[] = "myprogram";

  int program(int argc, char** argv)
  {
    . . . // program logic

    return EXIT_SUCCESS;
  }

  int main(int argc, char** argv)
  {
    return pantheios::extras::main::invoke(argc, argv,
      program, PROGRAM_NAME);
  }

As discussed in the sixth instalment of Quality Matters, Exceptions for Practically-Unrecoverable Conditions, without an exhaustive top-level try-catch statement, program robustness cannot be averred. Pantheios.Extras.Main let's you achieve that in a single statement.

Tuesday, January 4, 2011

pantheios_be_file_flush()

The newly released Pantheios 1.0.1 beta 208 contains an enhancement to be.file: the addition of a new API function pantheios_be_file_flush().

  int pantheios_be_file_flush(int backEndId);

The function takes a single int argument, backEndId, representing the identifier of the specific be.file back-end instance to be flushed, or PANTHEIOS_BEID_ALL, to apply to all be.file back-end instances.

The function returns 0 on success, or a status code representing failure in one or more be.file back-end instances.

Pantheios 1.0.1 beta 208 released

Pantheios 1.0.1 beta 208 is released. It contains:

  • addition of new API function, pantheios_be_file_flush(), to be.file.
  • fix of defect in be.file, whereby interpretation of date/time format specifiers in its file path - a feature added in 1.0.1 beta 197 - failed to add 1900 to year and 1 to month in be.file's
  • changes in names of status codes, removing word ERROR, and replacing with FAILURE.
  • removal of all remaining vestigial uses of magic numbers - principally -1 and -2 - from exception-catch clauses in core and several back-ends, and replacement with suitable status codes (e.g. PANTHEIOS_INIT_RC_UNSPECIFIED_FAILURE).
  • non-functional enhancements to be.N, in preparation for new functionality in a forthcoming release
  • added a new FAQ item (#19), which explains how to use get Pantheios to compile the libraries when using Microsoft Visual C++'s -Zc:wchar_t- flag.
  • removed -D_CRT_SECURE_NO_DEPRECATE from all Visual C++ (8+) makefiles, since all Pantheios (and supporting STLSoft) files are now compatible with Microsoft's "safe string" library.
  • added a new example, example.cpp.util.strdup, illustrating use of utility functions pantheios::util::strdup_throw() and pantheios::util::strdup_nothrow().
  • removed all include/pantheios/extras/* files, which will (re-)appear in separate package distributions henceforth.