Noexcept? Enabling Testing of Contract Checks Pablo Halpern and Timur Doumler This work by Pablo Halpern & Timur Doumler is licensed under a Creative Commons Attribution 4.0 International License contracts require good enforcement. • Contract checks help catch bugs early in the process. • Observation: Good enforcement requires good oversight. • Contract checks should themselves be tested. 4-Oct-23 Pablo slower • Only works on some specific platforms TakeawaysAgenda 2 – Let's Go Deeper • Contract checks and testing in depth • noexcept in depth • Best practices • A proposed noexcept alternative without

intended Documented ReviewsReliability Efficiency Security Maintainability SizeHigh quality software is cheaper to produce! –Developer FrustrationFrustration Points Major % Managing libraries NULL pointers, part 1: https://lwn.net/Articles/342330/Why code analysis – ● Improve software quality ● Lower developer frustration ● Avoid UBLanguageLanguage helps! – ● Lifetime safety: http://wg21 version Set of checks is defined by compiler vendor Custom checks are possible Standard to everyone Depends on the toolToolingWhat do you use for guideline enforcement or other code quality/analysis? –Code

looking to improve their code, whether to modernize it or to find hidden bugs with its built-in checks. Static analysis is great, but you also get tons of false positives. Now that you’re hooked Core Guidelines Checker docs.microsoft.com/en-us/cpp/code-quality/quick-start-code-analysis-for-c-cpp docs.microsoft.com/en-us/cpp/code-quality/code-analysis-for-cpp-corecheck devblogs.microsoft.com/ Victor Ciura | @ciura_victor - 2020: The Year of Sanitizers? docs.microsoft.com/en-us/cpp/code-quality/code-analysis-for-cpp-corecheck ...17 2020 Victor Ciura | @ciura_victor - 2020: The Year of

everywhere at run time” is not an acceptable answer • Hygiene rules + Static analysis + Run-time checks Stroustrup - C++ safety -CppCon - October 2023 36 Not discussed in this talkUninitialized variables p) { if (p) *p = 7; } // OK • void f2(not_null p) { *p = 7; } // OK (not_null constructor checks) • void f3(span s) { s[2] = 2; } // OK (for checked span) • Except in the implementation of • Serious design constraint • There are billions of lines of C++ • Much critical • Much high quality • Gradual adoption is essential • Partial adoption is essential (“safety critical code only”) •

creates symbolic links in /usr/bin to the a shell script (/opt/VirtualBox/VBox) which does some sanity checks and dispatches to the actual executables, VirtualBox, VBoxSDL, VBoxVRDP, VBoxHeadless and VBoxManage methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained bitmap compression methods. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectan- gular

creates symbolic links in /usr/bin to the a shell script (/opt/VirtualBox/VBox) which does some sanity checks and dispatches to the actual executables, VirtualBox, VBoxSDL, VBoxVRDP, VBoxHeadless and VBoxManage might prefer krdc, the KDE RDP viewer. The command line would look like this: krdc --window --high-quality rdp:/1.2.3.4[:3389] Again, replace “1.2.3.4” with the host IP address, and 3389 with a different methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained

Non-linear/indirect interactions between components or systems ❖ Demand for complex systems outpaces quality standards ❖ Perhaps less restrictive than automative and avionic Think Safety Is Good Enough, 0.0 Enable run-time checks for stack-based buffer overflows. Can impact performance. -fno-delete-null-pointer-checks GCC 3.0.0, Clang 7.0.0 Force retention of null pointer checks -fno-strict-overflow Enable implicit conversion warnings -fstack-clash-protection GCC 8.0.0, Clang 11.0.0 Enable run-time checks for variable-size stack allocation validityCompiler Hardening 32 Prioritize Memory and type safety

creates symbolic links in /usr/bin to the a shell script (/opt/VirtualBox/VBox) which does some sanity checks and dispatches to the actual executables, VirtualBox, VBoxSDL, VBoxVRDP, VBoxHeadless and VBoxManage methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained bitmap compression methods. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectan- gular

creates symbolic links in /usr/bin to the a shell script (/opt/VirtualBox/VBox) which does some sanity checks and dispatches to the actual executables, VirtualBox, VBoxSDL, VBoxVRDP, VBoxHeadless and VBoxManage methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained bitmap compression methods. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectan- gular

creates symbolic links in /usr/bin to the a shell script (/opt/VirtualBox/VBox) which does some sanity checks and dispatches to the actual executables, VirtualBox, VBoxSDL, VBoxVRDP, VBoxHeadless and VBoxManage methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained bitmap compression methods. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectan- gular