Developer Tools

Detecting String Truncation with GCC 8

Continuing in the effort to detect common programming errors, the just-released GCC 8 contains a number of new warnings as well as enhancements to existing checkers to help find non-obvious bugs in C and C++ code. This article focuses on those that deal with inadvertent string truncation and discusses some of the approaches for avoiding the underlying problems. If you haven’t read it, you might also want to read David Malcolm’s article Usability improvements in GCC 8.

Why Is String Truncation a Problem?

It is well-known why buffer overflow is dangerous: writing past the end of an object can overwrite data in adjacent storage, resulting in data corruption. In the most benign cases, the corruption can simply lead to incorrect behavior of the program. If the adjacent data is an address in the executable text segment, the corruption may be exploitable to gain control of the affected process, which can lead to a security vulnerability. (See CWE-119 for more on buffer overflow.)

Continue reading “Detecting String Truncation with GCC 8”

Share

Apache Camel URI completion: easy installation for Eclipse, VS Code, and OpenShift.io

Discoverability and ease of installation of Apache Camel tooling based on the Language Server Protocol has been improved. Manual download and installation of binaries is no longer necessary!  For the Eclipse desktop IDE and the VS Code environment you can now find and install the Camel tooling directly from the marketplaces for each development environment.

Camel Language Server is now also available in Red Hat OpenShift.io!

In this article, I will show you how you can install Camel tooling via the marketplaces for Eclipse and VS Code.  I will also show how to enable Camel tooling in your OpenShift.io workspace.

Continue reading “Apache Camel URI completion: easy installation for Eclipse, VS Code, and OpenShift.io”

Share

Making the Operation of Code More Transparent and Obvious

You can study source code and manually instrument functions as described in the “Use the dynamic tracing tools, Luke” blog article, but why not make it easier to find key points in the software by adding user-space markers to the application code? User-space markers have been available in Linux for quite some time (since 2009). The inactive user-space markers do not significantly slow down the code. Having them available allows you to get a more accurate picture of what the software is doing internally when unexpected issues occur. The diagnostic instrumentation can be more portable with the user-space markers, because the instrumentation does not need to rely on instrumenting particular function names or lines numbers in source code. The naming of the instrumentation points can also make clearer what event is associated with a particular instrumentation point.

For example, Ruby MRI on Red Hat Enterprise Linux 7 has a number of different instrumentation points made available as a SystemTap tapset. If SystemTap is installed on the system, as described by What is SystemTap and how to use it?, the installed Ruby MRI instrumentation points can be listed with the stap -L” command shown below. These events show the start and end of various operations in the Ruby runtime, such as the start and end of garbage collection (GC) marking and sweeping.

Continue reading “Making the Operation of Code More Transparent and Obvious”

Share

“Use the dynamic tracing tools, Luke”

A common refrain for tracking down issues on computer systems running open source software is “Use the source, Luke.” Reviewing the source code can be helpful in understanding how the code works, but the static view may not give you a complete picture of how things work (or are broken) in the code. The paths taken through code are heavily data dependent. Without knowledge about specific values at key locations in code, you can easily miss what is happening. Dynamic instrumentation tools, such as SystemTap, that trace and instrument the software can help provide a more complete understanding of what the code is actually doing

I have wanted to better understand how the Ruby interpreter works. This is an opportunity to use SystemTap to investigate Ruby MRI internals on Red Hat Enterprise Linux 7. The article What is SystemTap and how to use it? has more information about installing SystemTap. The x86_64 RHEL 7 machine has ruby-2.0.0648-33.el7_4.x86_64.rpm installed, so the matching debuginfo RPM is installed to provide SystemTap with information about function parameters and to provide me with human-readable source code. The debuginfo RPM is installed by running the following command as root:

Continue reading ““Use the dynamic tracing tools, Luke””

Share
A Red Hat Summit sign on the streets of San Francisco

Red Hat Summit: An introduction to OpenShift.io

Red Hat OpenShift.io is an innovative online service for development teams. Installing and configuring IDEs, libraries, and various tools is a major time sink. OpenShift.io is a cloud-native set of zero-install tools for editing and debugging code, agile planning, and managing CI/CD pipelines. It also features package analytics (an unbelievably cool feature we’ll discuss more in a minute), and has various quick starts for common frameworks. Because everyone on the team uses the exact same tools, “It works on my machine” becomes a thing of the past.

Product Manager Todd Mancini started the session with a brief overview of the product. There’s so much more here than just the ability to develop code online. Today’s best practices include complex deployment pipelines. With OpenShift.io, you get a Maven repository and a Jenkins pipeline automatically. You can select from several pipeline templates. If you need an approval stage, for example, that’s built in to the product. In short, all the tools you need to create a virtuous circle of analyze, plan, and create are here, with no installation or configuration needed.

Continue reading “Red Hat Summit: An introduction to OpenShift.io”

Share

From Localhost to the Cloud: Helping Organizations Develop Applications in a Hybrid World

For many developers, desktop tools are where they spend most of their time and feel most comfortable. We also recognize that developers are looking for new ways to build applications and new tools that are designed for these technologies. Developers are now using the cloud to host and manage their developer environment, and we see the tools that developers use moving to the cloud as well.

In the past year, we have taken steps to broaden our portfolio of developer tools. We acquired Codenvy to provide unique container-native offerings for our users, and we have been building Red Hat OpenShift.io, our SaaS offering for cloud-native development.

Today, we are announcing two more leaps toward a container- and cloud-native future:

Continue reading “From Localhost to the Cloud: Helping Organizations Develop Applications in a Hybrid World”

Share

Eclipse Che’s Plans for 2018

 

2018 has been a busy year already, and we’re not even halfway through.  Eclipse Che 6 brought team and enterprise features including multi-user and multi-tenancy as well as a large number of other great capabilities (you can read all about it in our Che 6 release post).

We followed Che 6 GA with already 4 minor releases and the community worked hard in order to add even more capabilities:

  • Helm chart for Kubernetes deployment
  • C/C++ intellisense with integration of ClangD
  • Recover capabilities for OpenShift/Kubernetes
  • And almost 150 bug fixes

Continue reading “Eclipse Che’s Plans for 2018”

Share

March 2018 ISO C++ Meeting Trip Report (SG1: Concurrency and Parallelism)

This year’s Winter ISO C++ Standard Committee meeting was held in March in Jacksonville, Florida. A number of larger features, for which there is substantial interest but which are also difficult to get right, were discussed:

  • Concepts, along with Concept types from the Ranges TS; see P0898 and n4685
  • Modules; see n4689
  • Coroutines; see n4723
  • Networking; see n4711
  • Executors; see p0443

Jason Merrill’s recently published trip report covers the core language topics. This report focuses on the topics of interest to the Concurrency and Parallelism Study Group (SG1).  The “big ticket” items discussed in SG1 during the week were:

Continue reading “March 2018 ISO C++ Meeting Trip Report (SG1: Concurrency and Parallelism)”

Share

Inside a Red Hat Open Innovation Labs Residency (Part 3)

This article is the final in a series taking readers on a journey to peek inside life in a Red Hat Open Innovation Labs residency.

This is the top-tier experience for any customer*, exposing them to open collaboration, open technologies, and fast agile application delivery methods.

This experience often escapes organizations attempting digital transformation, so through submersion in an Open Innovation Labs residency, Red Hat shares its experience in managing, developing, and delivering solutions with communities, open technologies, and open collaboration.

Join me as I share experiences from inside a real-life residency, watching Red Hat work intimately with a customer, exposing new ways of working, leveraging open technologies using fast, agile application delivery methods and open collaboration.

In the first part, I shared what’s in a Red Hat Open Innovation Labs residency. Then in part two, I looked at what I encountered as the residency progressed towards delivery. All that’s left now is to share the delivery week, known as Demo Day.

Continue reading “Inside a Red Hat Open Innovation Labs Residency (Part 3)”

Share