Category Archives: C++ 0x

Code Analysis – Visual C++ 2011

Posted on by

Microsoft finally including code analysis to detect the problematic code that could lead to crash and create security woes.

•Fixing a bug early avoids wasted time debugging strange crashes or reliability issues later on.
•Fixing a bug early avoids resetting/repeating testing after a bug is fixed late in the development cycle.
•Fixing a bug early avoids the complexities associated with fixing it if it is exposed after the application ships.

The Security Science team with the Microsoft Security Engineering Centre (MSEC) worked closely with the Visual Studio Code Analysis team to ensure that the Visual Studio Developer Preview includes as many of the SDL mandatory C/C++ Code Analysis warnings as possible. These are the security-related warnings that Microsoft considers critical to fix for internal C/C++ software development.

This feature is included in Visual Studio 2011 Express as well.

read more

C++: How to clear the input stream?

Posted on by

What do you expect from the following program?

char x = 0;
std::cout << "Enter a character: " << std::endl;
std::cin >> x;
std::cout << "You entered " << x << std::endl;

int y;
std::cout << "Enter a number: " << std::endl;
std::cin >> y;
std::cout << "You entered " << y << std::endl;

If you enter multiple characters for first input (cin >> x), the stream will take the first character and make it not to prompt for the next input as the input buffer contains additional data. How to deal with such a situation?

There’s a high chance to misinterpret cin.clear() which is actually supposed to sets a new value for the error control state. Standard C/C++ input streams are buffered. The keypresses are buffered by operating system, not by the program. If you’re sure that unnecessary data is present in input stream. You can make use of istream::ignore function to extract and discard the remaining data in the input stream. (Alternatively, you can recursively call cin.get() to make sure that all the data in the buffer are consumed). See the snippet below

char x = 0;
std::cout << "Enter a character: " << std::endl;
std::cin >> x;
std::cout << "You entered " << x << std::endl;

// Clear the stream
std::cin.clear();
std::cin.ignore(std::numeric_limits<std::streamsize>::max(), '\n');
// alternative method
// while( !cin.eof() && cin.get() == '\n' );

int y;
std::cout << "Enter a number: " << std::endl;
std::cin >> y;
std::cout << "You entered " << y << std::endl;

2010-06-29 – 4:46 PM IST – Updated Angelo’s comment

C++: Is it safe to delete a NULL pointer?

Posted on by

Usually we’ve seen people writing source code which check against NULL and delete it.

if( ptr )
delete ptr;

As per the standard it’s safe to delete a NULL pointer because the operator delete function will simply return if the pointer is NULL. But this has the cost of calling operator delete function, comparison operation and stack unwinding and return. But these performance gains are actually negligible because

  • The performance gain only matters if you’re too much worried about the minute performance. This will be visible if frequent allocations and deallocations are made during the run time. But again, it’s not really a good design to make frequent allocations and de allocation because it may cause the fragmentation in memory and reduce the performance.
  • In usual programming scenarios memory will be freed when object is release/Application terminates. In that sense this super minute performance can be ignored.
  • Usually the memory will be allocated. It’s very rare that the pointer become NULL. In that case the additional comparison is an overhead.
  • Improves the readability of the code and avoid unnecessary checkings.
  • Reduce the code size especially there are too many delete code is there in the project.

But in some scenarios NULL pointer check is required to do the error logging for better troubleshooting. Also implement comparison if there’s really very high probability of NULL pointers (It’s usually rare in normal scenarios)