news
Programming Leftovers
-
Sandor Dargo ☛ Variadic class template arguments
Let’s talk about class templates and variadic parameters. How to use them in combination?
-
[Old] Dr Joshua Laughner ☛ What Julia can and can't replace about Fortran
Julia is a great language to use for a project which demands heavy computation, but is small enough that losing strong, ahead-of-time type checking isn't a major drawback. Often this means that it's something that really won't be distributed outside of one group. But if you're developing a community project, one that will be used by people outside your group, having that extra type checking in Fortran or C is still valuable. Julia isn't a catch-all replacement for Fortran or C; it's best for tackling those intermediate projects that are too hefty to do efficiently in Python or Matlab, but small enough to benefit from flexibility more than be hurt by it.
-
LWN ☛ Finding locking bugs with Smatch
Smatch is a GPL-licensed static-analysis tool for C that has a lot of specialized checks for the kernel. Smatch has been used in the kernel for more than 20 years; Dan Carpenter, its primary author, decided last year that some details of its plugin system were due for a rewrite. He spoke at Linaro Connect 2025 about his work on Smatch, the changes to its implementation, and how those changes enabled him to easily add additional checks for locking bugs in the kernel.
Video of the talk is available, and Carpenter's slides can be found on Linaro's website. Carpenter began by apologizing for the relative complexity of this talk, compared to some of his presentations about Smatch in prior years. ""We're running out of easy checks to write,"" he explained. Smatch is designed to permit writing project-specific checks; over the years, a large number of kernel-specific checks have been added to the code, so the latest work has moved on to more complicated topics, such as locking.
One of the things that sets Smatch apart from other static-analysis tools, Carpenter said, is its support for control-flow analysis and cross-function analysis. He frequently uses both of these features to understand new subsystems; Smatch can ""tell you where a variable is set, where callers of a function are, and what a function can return,"" among other things. For example, Smatch might show that a particular function has three callers, all of which hold a particular lock when they call it. From that, the programmer can infer the implicit locking requirements of the function.
-
Golang
-
Trail of Bits ☛ Unexpected security footguns in Go's parsers
In Go applications, parsing untrusted data creates a dangerous attack surface that’s routinely exploited in the wild. During our security assessments, we’ve repeatedly exploited unexpected behaviors in Go’s JSON, XML, and YAML parsers to bypass authentication, circumvent authorization controls, and exfiltrate sensitive data from production systems.
-
-
R / R-Script
-
Rlang ☛ Oh Leave it Out
Sometimes we want to repeatedly do things with all but one row of a data frame, where we systematically drop each row in turn and do the thing. For example, jacknife cross-validation is a kind of very basic bootstrap technique. (It is computationally simpler than and predates the bootstrap.) Or in some areas “leave-one-out” summary statistics are often calculated as a quick robustness check. Sometimes we want to do this within groups, perhaps especially when the groups may be small.
-