Masterclass on special member functions C++.

Abstract

All class types in C++ have a set of non-static special member functions. Among them are the constructor, destructor, copy constructor and copy assignment operator. In C++11, move semantics were introduced, and the move constructor and move assignment operator were added. Special member functions, when not defined explicitly, may be automatically defined by the compiler. But this is not always the case. Exactly when are they defined, and when not? What is the rule of all or zero? And is it any good? Did you know there are about eight different forms of constructors? And when it comes to copy/move operations, do you know when you need to implement them yourself? And how? In this session, I will guide you through the wonderful world of special member functions. We will look into definition rules, constructor forms, copy/move operations, design patterns, testing and more. As a C++ software engineer equipped with a clear understanding of special member functions, you will be more confident and effective.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++. Are you a beginner or novice in C++? This session will show you the basics, as well as many in-depth subtleties, and of course point you in the right direction to go about exploring yourself. Are you an advanced, experienced C++ engineer? Use this session to refresh your knowledge and acquire new details or perspectives. There’s something here for everyone!

Topic listing

These are the main topics addressed in the talk:

1. Special Member Function (SMF) fundamentals

• SMF: constructors
• SMF: destructors
• SMF: copy operations
• SMF: move operations
• SMFs and composition
• SMFs and inheritance
• SMF declaration rules
• Copy vs move and fallback
• Porting legacy code
• Rules for defining SMFs

2. Implementation guidelines

• Constructor guidelines
• Destructor guidelines
• Copy operations
• Move operations

3. Tooling and best practices

• SMFs in design patterns
• SMFs and testing

Informative talk, digging into a major cybersecurity incident.

Abstract

Over the Easter weekend of 2024, the cybersecurity community exploded with uproar over CVE-2024-3094, a software supply chain attack also known as the XZ Utils backdoor. The CVE carries a maximum CVSS score of 10.0, signifying its critical severity. Security vulnerabilities with the maximum severity score are rare, but critical-level vulnerabilities are quite abundant. What sets the XZ Utils backdoor apart is the scope of the attack and the massive potential fallout it could have generated if it would have succeeded. Beyond the statistics for this vulnerability, the discovery process, the intricate engineering and social engineering aspects are wildly interesting. Let’s find out what relates a developer at Microsoft, a fundamental open-source project and a set of sock-puppet accounts on GitHub controlled by an advanced threat actor. Brace yourself for an exciting tour past exotic POSIX function control mechanisms, ELF linking symbols, ED448 keys, APTs and just plain coincidence!

Audience

This session is for anyone interested in software engineering, open-source software, cybersecurity and software governance.

We will take a forensic look at how a sophisticated backdoor was added to a critical open-source software project, and how technically worked.

Free for public events

I will provide this talk for free if the event at which it takes place is publicly accessible.

Talk layout

The talk is split up in four parts:

• Introduction and incident timeline,
• Technical interpretation and details,
• Incident attribution (who might have done it),
• Possible learning opportunities.

Goals

• Provide a good idea of what the XZ-backdoor is.
• Provide a detailed timeline of events.
• Provide general knowledge on cybersecurity concepts.
• Provide more in-depth knowledge about the technical details of the backdoor.
• Show some of the lessons we can learn from this incident.

Technical topics

• The CVE index and CVSS scores.
• The XZ utils and liblzma.
• Systemd and OpenSSH.
• Glibc IFUNCs.
• GNU autoconf, m4, make, bash and other build tools.
• ED448-Goldilocks elliptic curve.
• Social engineering and sock puppetry.

Masterclass on value categories in C++.

Abstract

In C++ today, do you know what an xvalue is? Or a prvalue? Why would you want to know? Because it matters! In C++, each expression is characterized by a value category. These value categories are used to describe parts of the C++ standard, and are often used in books and articles. You might have heard of terms like ’lvalue’ or ‘rvalue’, which are the most commonly known ones. Over the years, changes to the C++ language changed the meaning of value categories. This means a lot of information about value categories is outdated or just plain wrong. In this talk, I will explain what expression value categories are in today’s C++ standard. It turns out that knowledge about value categories can really be beneficial. Not only will it enrich your understanding of C++ in general, it will deepen your understanding of mechanisms like move semantics. Also, it can help you to make better choices about code. These choices can then leverage language rules to enable compilers to generate efficient code without redundant copies. Other, related topics that will be covered: copy elision, return value optimization, temporary materialization.

Audience

This session is for professionals in software engineering, level novice to advanced, interested in C++. In-depth knowledge of value categories in C++ is an enabler for further advanced development (e.g. on move semantics).

Topic listing

These are the main topics addressed in the talk:

1. What are value categories?

• Expressions in C++
• The value categories in C++
• History of value categories

2. Value categories in the wild

• Copy elision
• Guaranteed copy elision
• Temporary materialization
• Copy/move elision since C++17
• Return value optimization (RVO)
• Function call mechanics

Conferences

A slimmed-down version of this session was presented at C++ Day 2020, of the Italian C++ community, see here for the recording.