Building C++ Interfaces That Are Hard to Use Incorrectly - Andreas Weis - ACCU 2023
Вставка
- Опубліковано 26 сер 2024
- ACCU Membership: tinyurl.com/yd...
accu.org
www.accuconfer...
Building C++ Interfaces That Are Hard to Use Incorrectly - Andreas Weis - ACCU 2023
Slides: accu.org/conf-...
A collection of design techniques for hardening library interfaces against misuse and catching common user errors at compile time.
C++ is a language with many sharp edges. Besides the core language providing plenty of features that allow users to shoot themselves in the foot, higher-level library interfaces are also often designed with complex preconditions, the violation of which can again lead to undefined behavior and results that are just as unpredictable as what results from misuse of a lower level language feature. Fortunately, through clever use of the C++ type system we can design interfaces in a way that makes them much harder to misuse accidentally and drastically reduce the opportunities for bugs in user code.
In this talk, we will present a number of design techniques that allow library designers to reduce the possibilities of misuse by their users, by pushing the detection of precondition violations from run-time to compile-time. We will show how to distinguish different categories of preconditions and how we can use the C++ type system to prevent accidental violation of those preconditions at run-time. We will demonstrate with a number of code samples how the use of such type-based techniques prevents interface misuse in practice and take a look at the trade-offs that arise from such an approach.
---
Andreas Weis
Andreas has been working on automotive software for several years now and still has not grown tired of it. He is also one of the organizers of the Munich C++ User Group.
Andreas Weis has been writing C++ code in many different domains, from real-time graphics, to distributed applications, to embedded systems. As a library writer by nature, he enjoys writing portable code and exposing complex functionalities through simple, richly-typed interfaces. Both of which C++ allows him to do extensively. Andreas is also one of the co-organizers of the Munich C++ User Group, which allows him to share this passion with others on a regular basis.
He currently works for Woven Planet, where he focuses on building modern software for use in safety critical systems.
---
UA-cam Videos Filmed, Edited & Optimised by Digital Medium: events.digital...
#accuconf #programming #cpp - Наука та технологія
Note that the description of gsl:czstring is wrong here. It is not, in fact, a type that will "ensure at construction" this property. It's just documentation, it's actually the first case again, but as code, its own documentation notes: "It adds no checks whatsoever". You should reluctantly use such types to document that your unsafe C++ is supposed to have the desired behaviour and hope that anybody touching these types is at least reminded they ought to be zero terminated, but nothing is done to actually ensure that works at runtime, Andreas is wrong about that. As a result this is an interface that's really no harder to use incorrectly.