Even the White House wants you to abandon C and C++, It’s time to focus on C++ safety and join the Bjarne initiative.

The C and C++ languages are no longer favored by the highest American authorities. Indeed, the White House wishes for developers to use memory-safe languages. In this report published on Monday, the Office of the National Cyber Director (ONCD) of the White House invites developers to reduce the risk of cyberattacks by using languages without memory vulnerabilities. IT companies “can prevent the introduction of multiple vulnerabilities into the digital ecosystem by adopting secure languages,” the presidency said in a statement. It refers to those that are protected against buffer overflow, out-of-bounds reads, and memory leaks.

Continue reading “Even the White House wants you to abandon C and C++, It’s time to focus on C++ safety and join the Bjarne initiative.”

CppDepend 2024.1 has been released! And, it’s available for free for personal use.

CppDepend 2024.1 has just been released and it’s completely free for personal use!

Our development team at CppDepend has been diligently working to incorporate incredible features, further enhancing CppDepend’s capabilities as a tool for understanding, reviewing, and improving your code base.

Check out the new features included in this significant release, version 2024.1:

Continue reading “CppDepend 2024.1 has been released! And, it’s available for free for personal use.”

The Must-Have Solution for C, C++, and Java Developers

CppDepend for C/C++ and JArchitect for Java are powerful software tools that offer a wide range of features to help C, C++, and Java developers create high-quality code.

Don’t wait – take advantage of these valuable tools and start improving your code base today!

Continue reading “The Must-Have Solution for C, C++, and Java Developers”

Code Complexity Analysis with CppDepend Tool

CppDepend is a powerful and versatile tool for analyzing code dependencies in C++. It is designed to help developers, architects, and project managers get a better understanding of the structure of their code and how different components depend on each other. With CppDepend, it is possible to visualize the relationships between different classes, methods, and other components, as well as to identify potential problems, such as tight coupling, circular dependencies, and other issues that can lead to code fragility and reduced maintainability.

Continue reading “Code Complexity Analysis with CppDepend Tool”

Discover CPPDepend 2023.1: New Features & Enhancements

CppDepend, the leading code analysis tool for C/C++ developers, announces the release of its latest version 2023.1, with exciting new features aimed at improving code quality and maintenance.

The latest version includes a Maintainability Index, which helps developers assess the maintainability of their code. The index is calculated using various metrics, including code complexity and design, and provides a single, easy-to-understand score that gives developers a quick understanding of the state of their codebase.

Continue reading “Discover CPPDepend 2023.1: New Features & Enhancements”

Explore a flexible C/C++ SonarQube plugin based on CppDepend.

Both CppDepend and SonarQube are static analyzers that offer a rule-based system to detect problems in C/C++ code. However, the CppDepend default Rules-Set has very few overlaps with the SonarQube rules

Basically, the SonarQube rules are good at analyzing what is happening inside a method, the code flow while the CppDepend code model, on which the CppDepend rules are based, is optimized for a 360 view of particular higher-scale areas including OOP, dependencies, metrics, breaking changes, mutability, naming…
Continue reading “Explore a flexible C/C++ SonarQube plugin based on CppDepend.”

Exploring Modern C++ Design: MemCache++ Case Study

MemCache++ is a light-weight, type-safe, simple to use and full-featured Memcache client. It was developed by Dean Michael Berris who is a C++ fanatic and currently works at Google Australia. He also is part of the Google delegation to the ISO C++ Committee.

Studying the well-designed libraries is recommended to elevate your  C++ design and implementation skills, and the goal of this article is to discover some memcache++ design choices that make it easy to understand and use. Continue reading “Exploring Modern C++ Design: MemCache++ Case Study”

Visualizing C/C++ Projects: The Power of Pictures

A picture is worth a thousand words” is an English idiom. It refers to the notion that a complex idea can be conveyed with just a single still image or that an image of a subject conveys its meaning or essence more effectively than a description does.

This idiom could also be applied in software programming. Indeed you can easilly understand a mini project when exploring its source code. However a big project become complex and not easy to understand.  In such cases it’s better to visualize the source code using graphs and diagrams to assist the developers understanding the source code. Continue reading “Visualizing C/C++ Projects: The Power of Pictures”

Learn basic “C” coding rules from open source projects

Every project has its own style guide: a set of conventions about how to write code for that project. Some managers choose a basic coding rules, others prefer very advanced ones and for many projects there is no coding rules, and each developer uses his own style.

It is much easier to understand a large codebase when all the source code is in a consistent style.

Many resources exist talking about the better coding rules to adopt, we can learn good coding rules from:

  • Reading a book or a magazine.
  • Web sites.
  • From a collegue.
  • Doing a training.

Another more interesting approach is to study a known and mature open source project to discover how developers implement their source code. In the “C” World, the Linux kernel could be a good candidate.

For the beginner or even the intermediate C developers, the Linux kernel is maybe not easy to go inside, however the goal is not necessarily to contribute to its source code but to explore how it’s implemented.

Let’ take as example a function implementation from the Linux source code

linux11

The code looks very clean, indeed the function

  • Has only few lines of code.
  • The signature is well defined.
  • It’s well commented.
  • It’s well indented.
  • The variable names are very clear.

The same  function could be implemented by another developer like this

linux12

The coding style has a big impact in the source code readability, investing some hours to train developers, and doing periodically a code review is always good to make the code easy to maintain and evolve.

Let’s go inside the linux kernel source code using CppDepend and discover some basic coding rules adopted by their developers.

Modularity

Modularity is a software design technique that increases the extent to which software is composed from separate parts , you can manage and maintain modular code easily.

For procedural language like C where no logical artifacts like namespace, component or class does not exist, we can modularize by using directories and files.

Here are some possible scenarios :

  • Put all the souce files in one directory
  • Isolate files related to a module or a sub module  into a specific directory.

In case of the Linux kernel, directories and sub directories are used to modularize the kernel source code.

linux15

Encapsulation

Encapsulation  is the hiding of functions and data which are internal to an implementation.  In C, encapsulation is performed by using the key word static . These entities are called file-scope functions and variables.

Let’s search for all static functions by executing the following CQLinq query

linux17

We can use the Metric view to have a good idea how many functions are concerned. In the Metric View, the code base is represented through a Treemap. Treemapping is a method for displaying tree-structured data by using nested rectangles. The tree structure used in a CppDepend treemap is the usual code hierarchy:

  • Projects contains directories.
  • Directories contains files.
  • Files contains struects, functions and variables.

The treemap view provides a useful way to represent the result of a CQLinq request, so we can visually see the types concerned by the request.

linux2

As we can observe many functions are declared as static.

Let’s search now for the static fields:

linux3

The same remark as functions, many variables are declared as static.

In the Linux kernel source code the encapsulation is used whenever the functions and variables must be private to the file scope.

Use structs to store your data model

In C programing the functions uses variables to acheive their treatments, theses variables could be:

  • Static variables.
  • Global variables.
  • Local variables
  • Variables from structs.

Each project has it’s data model which could be used by many source files, using global variables is a solution but not the good one, using structs to group data is more recommended.

Let’s search for global variables with a primitive type:

linux4

only very few variables are concerned, and maybe we can group some of them into structs, like (elfcorehdr_addr and elfcorehdr_size) or (pm_freezing and pm_nosig_freezing).

Let function be short and sweet

Here’s from the linux coding style web page, an advice about the length of functions:

Functions should be short and sweet, and do just one thing.  They should
fit on one or two screenfuls of text (the ISO/ANSI screen size is 80x24,
as we all know), and do one thing and do that well.

The maximum length of a function is inversely proportional to the
complexity and indentation level of that function.  So, if you have a
conceptually simple function that is just one long (but simple)
case-statement, where you have to do lots of small things for a lot of
different cases, it's OK to have a longer function.

 Let’s search for functions where the number of lines of code is more than 30

linux14

Only few methods has more than 30 lines of code.

Function Number of parameters

Functions where NbParameters > 8 might be painful to call  and might degrade performance. Another alternative is to provide  a structure dedicated to handle arguments passing.

linux7

only 2 methods has more than 8 parameters.

Number of local variables

Methods where NbVariables is higher than 8 are hard to understand and maintain. Methods where NbVariables is higher than 15 are extremely complex and should be split in smaller methods (except if they are automatically generated by a tool).

linux9

only 5 functions has more than 15 local variables.

Avoid defining complex functions

Many metrics exist to detect complex functions, NBLinesOfCode,Number of parameters and number of local variables are the basic ones.

There are other interesting metrics to detect complex functions:

  • Cyclomatic complexity is a popular procedural software metric equal to the number of decisions that can be taken in a procedure.
  • Nesting Depth is a metric defined on methods that is relative to the maximum depth of the more nested scope in a method body.
  • Max Nested loop is equals the maximum level of loop nesting in a function.

The max value tolerated for these metrics depends more on the team choices, there’s no standard values.

Let’s search for functions candidate to be refactored:

linux8

only very few functions could be considered as complex.

Naming convention

There’s no standard for the naming convention, each project managers could choose what they think it’s better, however what’s very important is to respect the chosen convention to have an homegenous naming.

For example in case of Linux, the structs must began with a lower case, and we can check if it’s true for the whole kernel source code, let’s execute the following query:

linux5

 

Only 4 structs began with “_” instead of a lower case letter.

 Indentation

The indentation is very useful to make the code easy to read, here’s from the linux coding style web page  the motivations behind the indentation:

Rationale: The whole idea behind indentation is to clearly define where
a block of control starts and ends.  Especially when you've been looking
at your screen for 20 straight hours, you'll find it a lot easier to see
how the indentation works if you have large indentations.

Now, some people will claim that having 8-character indentations makes
the code move too far to the right, and makes it hard to read on a
80-character terminal screen.  The answer to that is that if you need
more than 3 levels of indentation, you're screwed anyway, and should fix
your program.

 Conclusion

Exploring some known open source projects is always good to elevate your programming skills, no need to download and build the project, you can just discover the code from GitHub for example.