CppCon 2015 has ended
Wednesday, September 23 • 3:15pm - 4:15pm
A few good types: Evolving array_view and string_view for safe C++ code

Log in to save this to your schedule, view media, leave feedback and see who's attending!

The Library Fundamentals TS already contains a string_view type, and possibly soon an array_view type. These are important and should be used pervasively as function parameters, especially instead of (pointer, length) pairs which are generally unsafe. They offer additional benefits in the form of decoupling: allowing functions to be specified in terms of high-level views rather than references to specific, concrete string and container types which bind both caller and callee to a specific implementation detail. As a specific example, using string_view in function signatures allows them to be called with any of the endless proliferation of string types that exist in codebases today (std::string, CStringT, char*, BSTR, HSTRING, MyString etc).

We can and should evolve these types further as a key part of achieving memory safety for C++ code.

This example-driven talk shares our experience with preventing defects in large-scale commercial C++ codebases by applying modestly evolved versions of the proposed array_view and string_view types, plus a small number of related types such as not_null. Adopting these types enables simpler and safer code that eliminates important classes of defects by construction. The types are carefully designed to have usually exactly zero space and time overhead over the current unsafe idioms they replace, so as to leave no valid performance reason against adopting them. Using these types enables high-quality static analysis, and is allowing Microsoft to fully replace non-standard and non-portable annotation systems for type and memory safety in our own code bases.

We believe this approach is generally applicable to code at all levels, from application code down to the most performance-sensitive systems code. An open source reference implementation of the types that supports all major compilers and platforms will be available on GitHub.

avatar for Neil MacIntosh

Neil MacIntosh

Principal Software Engineer, Microsoft
Neil is the lead for the C++ static analysis frameworks used widely within Microsoft, including PREfix, PREfast, and EspXtension, as well as the /analyze feature of the Microsoft C++ compiler. He is currently focused on making all these tools work better with portable C++14 code rather... Read More →

Wednesday September 23, 2015 3:15pm - 4:15pm PDT
Six (406) Meydenbauer Center

Attendees (0)