Masterclass on templates and template metaprogramming in C++.

Abstract

C++ is a multi-paradigm programming language. This means it lends itself to solve a specific problem in various forms or styles. One of those forms or styles is object-oriented programming, with which C++ is often identified. Another strong suit of C++ is the support for generic programming and template metaprogramming. In this session we are going to look at modern-day C++ templates, and how we can use them effectively. Template programming sometimes has the reputation of being hard to understand and adopt, which surely may be the case for highly advanced usage. However, we will see that templates can be used for a myriad of purposes, which often have a low barrier to entry. Command of templates will greatly improve your efficiency and productivity as a C++ programmer. The topics we are going to cover include: generic programming, metaprogramming, type traits, static/compile-time polymorphism, variadic templates, and much more. Not only will we look at the state of templates in C++17, we will also address what C++20 and the future has to offer. Join me in this session exploring the wonderful and interesting world of C++ templates, and improve or refresh your knowledge.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++. However, the underlying ideas of generic programming, metaprogramming and type traits do apply to many other languages. Are you a beginner or novice in C++? This session will introduce you to many topics related to template programming, as well as showing in-depth subtleties. The extensive list of resources accompanying the session will point you in the right direction to go about exploring yourself. Are you an advanced, experienced C++ engineer? Join me in this session to refresh your knowledge and perhaps discover new details or perspectives on the matter. There’s something here for everyone!

Topic listing

These are the main topics addressed in the talk:

1. Introduction

• The C++ ecosystem
• History of C++ and templates
• What are templates?
• Compile-time programming
• Generic programming
• Class templates
• Function templates
• Variable templates
• Alias templates
• Concepts
• Template parameters
• Variadic templates

2. Templates in practice

• Type and function templates
• Template specialization

3. Taming templates

• Polymorphism in C++
• Compile-time polymorphism
• Constraining templated entities
• Static assertions
• Type traits
• C++20 Concepts

4. Template metaprogramming

• SFINAE

Conferences

A slimmed-down version of this session was presented at the C++ Italy Conference 2021, see here for the recording.

Here’s an overview of some of my articles that were published:

2022

• The state of C++, Bits&Chips
• Challenging C++, Bits&Chips
• C++ and Rust, Bits&Chips

2024

• A deep dive in C++20, Bits&Chips (interview, redacted by Koen Vervloesem)
• Understanding the benefits of Rust, Bits&Chips (interview, redacted by Koen Vervloesem)

2025

• Revisiting C++, Bits&Chips
• Revisiting Rust, Bits&Chips
• AI and the future of systems programming, Bits&Chips

Training for beginners/intermediates on C++ to build a solid base of understanding.

Intro

The C++ fundamentals training aims to build a solid understanding of the C++ programming language, from basic to advanced engineering requirements. The knowledge is build from the ground up, covering fundamental techniques such as function and operator overloading up until more advanced topics such as template programming. Throughout the training we will maintain a focus on a safe, modern style of programming in C++, covering language features up to those part of C++20. Next to interactive lectures, large part of the training will be hands-on exercises to apply knowledge in practice.

Depending on the group skill level and preferences, the training can be adapted to emphasize specific subjects and exercises.

Objective

• Build a solid understanding of modern C++,
• Focus on a safe, modern style of programming,
• Learn language features up to C++20,
• Directly apply knowledge during hands-on exercises,
• Learn about resources for further professional development.

Audience

Software engineers with basic programming experience (any language will do).

Program

This course is provided in two time two consecutive training days within two weeks (i.e. four days total).

Day 1

Introduction to C++, variables and initialization, control structures. At the end of the day, the attendees will able to explain what C++ is, how its compilation model works, and what it can be used for. They will also be able to read and write basic applications comprising of data structures and general control structures.

Day 2

Functions, classes and inheritance. At the end of the day, attendees will be able to read and write more advanced applications using data and control structures, and functions. They will be able to properly organize their code using functions and object-oriented data structures such as classes.

Day 3

Memory organization and management, error handling and exceptions, generic programming and templates. At the end of the day, attendees will understand the basic mechanics and important implications of memory management in C++. They will be able to employ exceptions as a means for structured error handling. Also, they will be able to use templates to create type-generic, compile-time instantiated code.

Day 4

The standard library, algorithms and iterators, operators and operator overloading. Optional topics (on request): constant expressions, the C++ tooling and information ecosystem. At the end of the day, attendees will have good sense of the C++ toolbox: the standard library. They will be able to employ algorithms and iterators, some of the most important parts of the standard library. Also, they will be able to use operator overloading to fully integrate their custom data structures into the language vocabulary. When leaving the course, they are left with handles to sources for further professional development in C++.

Large homework exercises

For those who are interested, there are a couple of larger homework exercises to choose from. Each of the exercises build up to a fully functional application in a number of smaller steps. These exercises are accompanied with explanation slides, solution code and extensive descriptions of the solution steps.

The large homework exercises are publicly available and can be found via this link.

High Tech Institute

This training is provided through High Tech Institute, more information here.

Introduction course to the Rust programming language for experienced software engineers.

Intro

The Rust programming language offers guaranteed memory safety: a tremendous benefit in security-critical or concurrency-heavy software systems. Still, Rust is a compiled language without garbage collection, and it offers zero-overhead abstractions as well as top-tier performance optimization possibilities. And if that is not enough in and of itself, Rust features an expressive, modern syntax and an excellent tooling ecosystem.

Even though the Rust programming language is relatively young, it has been stirring up the software engineering community for some years now. But is Rust fit for production? Can it be applied in any software engineering field? Is Rust hard to learn? Can Rust interact with my existing code base or hardware? Despite its age, Rust is being widely adopted in production environments, in small and large tech companies alike. Rust is definitely fit for production, and can be applied in a plethora of use cases, from embedded environments, systems programming environments up to web applications. Furthermore, there are plenty of possibilities to have Rust interact with other programming languages or hardware devices. Even though there’s excellent documentation on Rust and many related topics, a good preparation is recommended, as the learning curve for Rust can be quite steep.

As a software engineering business, it may be challenging to adopt a new tool like Rust. Preparing for such a process is important, and will determine the success of the adoption as a whole. In this intense, two half-days introductory training course, experienced software engineers will learn about the benefits the Rust programming language can offer, and how to proceed for successful adoption of the language.

Objective

• Showcase the strengths of the Rust programming language,
• Build a basic understanding of the Rust programming language,
• Build an understanding of the application domains for Rust,
• Learn how Rust compares to some of the prevailing programming languages in systems programming,
• Identify potential obstacles when adopting Rust, and how to overcome them,
• Provide the necessary knowledge to build a strong value judgment of the Rust language for production.

Audience

Experienced software engineers (any language will do). The focus of the course is the field of systems programming, so experience in this field is highly beneficial.

Program

This course is provided in two afternoon sessions within two weeks (i.e. approximately 9 hours total).

Part 0

Course introduction: trainer and trainee introductions, learn about the layout and premise of the training.

Part 1

Introduction to Rust: in this part we will build an overview understanding of the Rust programming language; what are the main features and semantics, what are the application domains, and we introduce the tooling ecosystem around the language itself.

Part 2

Functional programming primer: as Rust firmly builds on concepts from function programming, it may sometimes alienate programmers that are unfamiliar with these concepts. In this (optional) part, we will make sure all trainees have a base understanding of the most common functional programming concepts.

Part 3

In-depth look at Rust: in this part we will dig deeper into the language. Using the overview understanding of the language acquired in the previous parts, we will be able to grasp the details of mechanisms like control flow structures, result and error handling, traits and generics, concurrency at large and unsafe Rust.

Part 4

The Rust tooling ecosystem: compared to other existing languages in systems programming, Rust has a very tightly integrated and rich tooling system to aid developers in their work. We will focus on the base tools, package ecosystem and standard library, as well as possibilities for augmenting the tool box with custom tools.

Part 5

Course recap and look forward: adopting Rust can be challenging, and is best approached strategically. In this part we will look at adoption strategies, potential hurdles and how to overcome them for successful adoption. Of course, we will also provide handles for further learning and development.

Large homework exercises

For those who are interested, there are a couple of larger homework exercises to choose from. Each of the exercises build up to a fully functional application in a number of smaller steps. These exercises are accompanied with explanation slides, solution code and extensive descriptions of the solution steps.

The large homework exercises are publicly available and can be found via this link.

High Tech Institute

This training is provided through High Tech Institute, more information here.

Masterclass on functional-style C++.

Abstract

More often than not, C++ code is written in an imperative, object-oriented programming (OOP) style. In OOP, we encapsulate data state in abstractions, called objects, exposing an API to the outside world. The imperative style essentially means the code explicitly dictates the computer how a program must operate. However, frequently it makes sense to express what the program should accomplish, without specifying exactly how. This so-called declarative style generally results in code that is shorter, easier to reason about, and therefore less prone to bugs. Functional programming is a declarative programming style and has seen a strong increase in popularity over the last decades, even though it has been used in programming since the 1950s. C++ also caters for functional programming, especially so since the latest releases of the language. Join me in this journey of functional-style programming, and learn about higher-order functions, function purity, currying, algebraic data types, ranges and more. Being able to wield multiple programming paradigms effectively will definitely improve your productivity and the quality of your code.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++. The focus of the content will be on the concepts in functional programming, applied to C++. Even if you can only read C++, there will be benefit from learning how the functional programming techniques are applied.

Topic listing

These are the main topics addressed in the talk:

1. Introduction

• Paradigms in the C++ ecosystem
• Comparing OOP and FP
• Imperative vs. declarative paradigms
• Imperative vs. declarative C++
• Main concepts in FP

2. Higher-order functions and function objects

• What is a higher-order function?
• Function objects in C++
• Implementing function objects
• Passing functions as arguments
• Partial function application
• Currying

3. Immutability and pure functions

• Reasoning about code
• Function purity
• Pure functions and concurrency
• Immutability in C++

4. Lazy evaluation and ranges

• Lazy evaluation
• Ranges
• Algorithms, views, actions

5. Functional data structures and types

• Functional data structures
• Algebraic data types (ADTs)
• Domain modeling with ADTs

Masterclass on Leading Edge C++, a roundup of C++20 and C++23.

Abstract

In C++ land, it’s Christmas every three years, when the committee comes up with a new version of the language. Each present contains a new language- or library-related feature, and the presents are plentiful. This all sounds quite merry and optimistic, but in reality, in the industry, we are often forced to stick with the presents of yesteryear. Hardware-related tool chains, standardization processes, or company policy dictate what we can or cannot use – often preventing us from using the very latest C++ version in production. However, that’s not to say we shouldn’t keep up-to-date! In fact, it can be hugely beneficial to be prepared for what’s coming in the next versions as it enhances our ability to plan ahead and adapt when the time comes to update. Join me in this session where we will look into the many great features C++20 offers, like concepts and the ranges library. With slightly less attention to detail, we will delve into C++23 which is soon to be finalized. So let’s be prepared and redefine what “modern C++” really is: an ever-evolving ecosystem of a great programming language.

Audience

Professionals in software engineering, level beginner to advanced, interested in learning about C++.

Topic listing

These are the main topics addressed in the talk:

1. Leading Edge C++

• How C++ is cooked up
• C++20 – not just any update
• Compiler support for C++20/23

2. C++20: Modules

• The problem modules solve
• The simplest ever module

3. C++20: Concurrency

• The joining thread jthread
• New synchronization primitives

4. C++20: Compile-time validation with concepts

• What concepts are about
• Imposing type constraints
• Constraining (member-)functions
• Defining custom concepts
• requires expressions

5. C++20: Coroutines

• What are coroutines?
• Associated type promise_type

6. C++20: Improving algorithms using ranges

• Ranges
• Range pipelines and views
• Ranges, views and projections
• The Range-v3 library

7. C++20: More notable stuff

• Array view type std::span
• String formatter std::format
• Default comparisons and operator<=>

8. An outlook to C++23

• C++23 in one slide
• Multidimensional array view mdspan
• Result type std::expected
• Coroutine generator std::generator
• Range extensions

Masterclass on the C++ standard library.

Abstract

The standard library is the most valuable resource of building blocks for any C++ programmer. It’s an extensive toolbox packed with containers, algorithms and other utilities. Aside from the productivity gains from using the standard library, you will also build on the correctness of its implementation, which is often overseen. But exactly how well do you know your toolbox? Do you know the difference between std::accumulate and std::reduce? Can you distinguish between the algebraic data types std::variant and std::optional? Do you know there is such a thing as the erase-remove idiom? And why it is there? The standard library is such a vast collection of useful tools, a strategy for navigating and internalizing it is helpful. In this session, I will categorically handle the various sets of items in the standard library, such that we can build an overview understanding of it. With this knowledge, you will be able to effectively use it to choose the right tools for the job, and be a more productive C++ programmer.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++.

Because the C++ standard library is part of the standard specification, each full implementation of the language will have one. Knowing what’s in the standard library and knowing how and where to find it is an essential skill for every C++ programmer.

Topic listing

These are the main topics addressed in the talk:

1. Library overview

• Library overview

2. Iterators and containers

• Iterators
• Ranges
• Operations on iterators
• Containers
• Types of containers
• Choosing the right container
• Sequence containers
• Ordered associative containers
• Unordered associative containers
• Container adaptors
• Allocators

3. Algorithms

• Algorithm categories
• Non-modifying sequence operations
• Modifying sequence operations
• Partitioning operations
• Sorting operations
• Binary search operations (on sorted ranges)
• Set operations (on sorted ranges)
• Heap operations
• Minimum/maximum operations
• Comparison operations
• Permutation operations
• Operations on uninitialized memory
• Numeric operations

4. Miscellaneous examples

• Various practical applications of standard library utilities

Masterclass on Rust for C++ developers.

Abstract

Correct memory handling and avoiding undefined behavior is required for software to be reliable and secure. In C++, we deal with this by the compiler, experience, best practices, design rules, helper types, static analyzers, etc. However, memory errors are still one of the major sources of bugs in software. One of the main claims to fame for the programming language Rust is that it guarantees memory safety, even in concurrent contexts. This is a bold claim, which comes at the cost of restrictions enforced at compile-time. Still, Rust is very expressive, and in most ways it offers flexibility and performance similar to C++. Another attractive aspect of Rust is its ecosystem: the build system, standard library, tooling and package management. Rust is a relatively young language in the systems development realm, yet it sees a lot of adoption, even in production environments. As engineers, we must use the right tool for the job; perhaps for the next job this tool is Rust. In this presentation, I’m going to show what Rust is about, from the perspective of a C++ developer. Learning another programming language can be tough, but it will advance your programming, even in the languages you already know.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++ and Rust.

We will look at Rust by looking through C++ glasses, so a prerequisite is that you know C++ at least at a basic level.

Topic listing

These are the main topics addressed in the talk:

1. Introduction

• Why learn Rust?
• What are the benefits of learning another programming language?

2. A Rust primer

• The promises of Rust
• What is undefined behavior?
• How the promises are met (borrow checker, lifetime parameters, etc.)
• Other language highlights
• The Rust ecosystem (libraries and tooling)

4. An in-depth look

• Default language semantics (e.g. move, rebinding references and explicitness)
• Expressions in Rust
• Result types: (Option and Result)
• Error handling
• Traits
• Generic programming
• Concurrent programming
• Asynchronous programming
• Unsafe Rust

5. Where to go from here?

• Is Rust ready for production?
• Hints to get started with Rust
• Pointers to resources and websites

Masterclass on special member functions C++.

Abstract

All class types in C++ have a set of non-static special member functions. Among them are the constructor, destructor, copy constructor and copy assignment operator. In C++11, move semantics were introduced, and the move constructor and move assignment operator were added. Special member functions, when not defined explicitly, may be automatically defined by the compiler. But this is not always the case. Exactly when are they defined, and when not? What is the rule of all or zero? And is it any good? Did you know there are about eight different forms of constructors? And when it comes to copy/move operations, do you know when you need to implement them yourself? And how? In this session, I will guide you through the wonderful world of special member functions. We will look into definition rules, constructor forms, copy/move operations, design patterns, testing and more. As a C++ software engineer equipped with a clear understanding of special member functions, you will be more confident and effective.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++. Are you a beginner or novice in C++? This session will show you the basics, as well as many in-depth subtleties, and of course point you in the right direction to go about exploring yourself. Are you an advanced, experienced C++ engineer? Use this session to refresh your knowledge and acquire new details or perspectives. There’s something here for everyone!

Topic listing

These are the main topics addressed in the talk:

1. Special Member Function (SMF) fundamentals

• SMF: constructors
• SMF: destructors
• SMF: copy operations
• SMF: move operations
• SMFs and composition
• SMFs and inheritance
• SMF declaration rules
• Copy vs move and fallback
• Porting legacy code
• Rules for defining SMFs

2. Implementation guidelines

• Constructor guidelines
• Destructor guidelines
• Copy operations
• Move operations

3. Tooling and best practices

• SMFs in design patterns
• SMFs and testing

Informative talk, digging into a major cybersecurity incident.

Abstract

Over the Easter weekend of 2024, the cybersecurity community exploded with uproar over CVE-2024-3094, a software supply chain attack also known as the XZ Utils backdoor. The CVE carries a maximum CVSS score of 10.0, signifying its critical severity. Security vulnerabilities with the maximum severity score are rare, but critical-level vulnerabilities are quite abundant. What sets the XZ Utils backdoor apart is the scope of the attack and the massive potential fallout it could have generated if it would have succeeded. Beyond the statistics for this vulnerability, the discovery process, the intricate engineering and social engineering aspects are wildly interesting. Let’s find out what relates a developer at Microsoft, a fundamental open-source project and a set of sock-puppet accounts on GitHub controlled by an advanced threat actor. Brace yourself for an exciting tour past exotic POSIX function control mechanisms, ELF linking symbols, ED448 keys, APTs and just plain coincidence!

Audience

This session is for anyone interested in software engineering, open-source software, cybersecurity and software governance.

We will take a forensic look at how a sophisticated backdoor was added to a critical open-source software project, and how technically worked.

Free for public events

I will provide this talk for free if the event at which it takes place is publicly accessible.

Talk layout

The talk is split up in four parts:

• Introduction and incident timeline,
• Technical interpretation and details,
• Incident attribution (who might have done it),
• Possible learning opportunities.

Goals

• Provide a good idea of what the XZ-backdoor is.
• Provide a detailed timeline of events.
• Provide general knowledge on cybersecurity concepts.
• Provide more in-depth knowledge about the technical details of the backdoor.
• Show some of the lessons we can learn from this incident.

Technical topics

• The CVE index and CVSS scores.
• The XZ utils and liblzma.
• Systemd and OpenSSH.
• Glibc IFUNCs.
• GNU autoconf, m4, make, bash and other build tools.
• ED448-Goldilocks elliptic curve.
• Social engineering and sock puppetry.