Date: Sun, 31 Aug 2025 13:47:23 -0700
> On Aug 31, 2025, at 1:01 PM, Levo D <levoplusplus_at_[hidden]> wrote:
>
> On Sun, Aug 31, 2025 at 02:43:32AM -0700, Oliver Hunt wrote:
>>
>>
>>> On Aug 31, 2025, at 2:31 AM, Levo D via Std-Proposals <std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]>> wrote:
>>>
>>> I wrote quite a bit, so I figure I should stop and take feedback before I accidentally double this size.
>>> I'd like to hear more about things I should consider (the end gives two examples).
>>> Let me know if you'd like to work on this proposal with me. I'll be able to cover the content, but I doubt I can attend any meetings.
>>> I personally have implemented the analysis below in my compiler, so I know it's pretty darn simple to implement (in my non-C++ compiler)
>>
>> It has finally been published, so I would recommend watching Geoff Garen’s talk at cppnow: https://www.youtube.com/watch?v=RLw13wLM5Ko
>
> Ha, I saw that min problem coming. It's already in the proposal
The weakptr->null->UB was the one I found most infuriating. It’s another example of behavior that should be ID being labelled UB instead, leading to bugs.
>> * Attributes For Containers:
>>
>> Static analysis does not guess - commercial analysers have explicitly included knowledge of every major API - C, C++, platform specific, common libraries, etc.
>
> AFAIK they don't do it for user containers? These attributes will enable that
They do it for non standard containers in large projects however
>> In C++26 there is the introduction of the concept of ‘“hardened” preconditions that make it more clear which preconditions are considered security critical, and C++26 introduces contracts that can be used to provide source level awareness of valid use to a static analyzer even without prior awareness.
Contracts are what allow developers to specify arbitrary rules, for containers or other arbitrary interfaces.
—Oliver
>
> On Sun, Aug 31, 2025 at 02:43:32AM -0700, Oliver Hunt wrote:
>>
>>
>>> On Aug 31, 2025, at 2:31 AM, Levo D via Std-Proposals <std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]>> wrote:
>>>
>>> I wrote quite a bit, so I figure I should stop and take feedback before I accidentally double this size.
>>> I'd like to hear more about things I should consider (the end gives two examples).
>>> Let me know if you'd like to work on this proposal with me. I'll be able to cover the content, but I doubt I can attend any meetings.
>>> I personally have implemented the analysis below in my compiler, so I know it's pretty darn simple to implement (in my non-C++ compiler)
>>
>> It has finally been published, so I would recommend watching Geoff Garen’s talk at cppnow: https://www.youtube.com/watch?v=RLw13wLM5Ko
>
> Ha, I saw that min problem coming. It's already in the proposal
The weakptr->null->UB was the one I found most infuriating. It’s another example of behavior that should be ID being labelled UB instead, leading to bugs.
>> * Attributes For Containers:
>>
>> Static analysis does not guess - commercial analysers have explicitly included knowledge of every major API - C, C++, platform specific, common libraries, etc.
>
> AFAIK they don't do it for user containers? These attributes will enable that
They do it for non standard containers in large projects however
>> In C++26 there is the introduction of the concept of ‘“hardened” preconditions that make it more clear which preconditions are considered security critical, and C++26 introduces contracts that can be used to provide source level awareness of valid use to a static analyzer even without prior awareness.
Contracts are what allow developers to specify arbitrary rules, for containers or other arbitrary interfaces.
—Oliver
Received on 2025-08-31 20:47:35