Application Security Testing: An Integral Part of DevOps
Rather like the plaintive peasant in Monty Python & The Holy Grail, MFC 8 begs you to consider it viable for another development cycle. We do have comforting reassurances from Microsoft's own Steve Teixeira in an extremely brief whitepaper MFC: Visual Studio 2005 and Beyond. The subtext seems to be that MFC has been revved to meet the bare requirements feature-set of Visual Studio 2005 for now, but will be retrofitted in the future to meet the needs of Longhorn:
"After the release of Windows Longhorn, Microsoft intends to add MFC support for key Longhorn APIs and features. Microsoft also intends to support the Avalon user interface framework in MFC, providing MFC developers with a bridge to the future of platform user interface design. In essence, as the platform evolves, developers can look forward to seeing MFC updated to leverage the latest managed and native APIs and frameworks."
Now with Windows Forms!
The biggest single upgrade to MFC is the addition of Windows Forms support Windows Forms support. By using the MFC Windows Forms support classes, you can host Windows Forms controls within your MFC applications as ActiveX controls within MFC dialog boxes (CWinFormsControl) or views (CWinFormsView). In addition, Windows Forms forms can be hosted as MFC dialog boxes (see afxwinforms.h).
Steve told me that an exhaustive list of MFC fixes and improvements was not available at the time of this writing, so I took it upon myself to diff some of the key header files myself and report to you.
I figured on starting with the mother-of-all MFC headers, afxwin.h. One of the first things to notice is the use of the new "header annotations" that formalize what people used to only have available as wishful comments when doing design-by-contract specifications: __in means an input parameter, __out indicates an output parameter, and __inout means the value is both read and written by the underlying function. To avoid the dreaded buffer-overrun attack, the __bcount annotation puts a hard limit on access. When you enable Code Analysis in VS 2005, all these annotations are checked.
Other cool annotations you might want to use for your own code are: __checkReturn, which forces the caller to check the return value; and __nullterminated, which means the buffer may only be accessed up to and including the first null (0) character.
Improving const-correctness is one of the nice cleanups added to this version of MFC. For example, in CRgn the CombinRgn, CopyRgn, and EqualRgn methods finally have const applied correctly. Also, there are similar const fixes to CDC drawing methods.
CDC World Transforms
The venerable CDC object gets some new functionality in mapping functions:
// Graphics mode int SetGraphicsMode(int iMode); int GetGraphicsMode() const;
The only new mode is GM_ADVANCED, which allows the new transformation methods shown below to be incorporated into enhanced (in other words, Win32) metafiles. GM_ADVANCED mode also fixes a couple of longstanding bugs in world-to-device transformations: TrueType fonts can scale both width and height, rectangles now include the bottom-right coordinate, and arc control points always draw counterclockwise in the logical space. Though not guaranteed to reproduce exactly on Win98, MFC may still make a "best effort" to render the transforms.
// World transform BOOL SetWorldTransform(const XFORM* pXform); BOOL ModifyWorldTransform(const XFORM* pXform,DWORD iMode); BOOL GetWorldTransform(XFORM* pXform) const;
Anyone familiar with OpenGL will immediately recognize the value of these transforms and their traditional role of rotating, translating ("moving"), and scaling graphics. In the case of the GDI, these are merely 2-D transforms.
CWnd and CWinApp Additional Flags and Funcs
The purpose is less apparent of the two new CWnd::m_nFlags values WF_NOWIN32ISDIALOGMSG and WF_ISWINFORMSVIEWWND. The former seems to force GetNextDlgTabItem to continue on where it might normally stop looking for child windows. The latter affects whether COccManager::IsDialogMessage delegates to the Windows implementation as a last resort.
CWnd includes a new overload for special controls (WinForms) that require more than just a CLSID to initialize by passing a reference to a CControlCreationInfo object. To use this new overload, you must first call AfxEnableControlContainer in your InitInstance function.
The new EnsureParentFrame() and EnsureTopLevelParent() methods replace the previous GetParentFrame() and GetTopLevelParent() methods at least for internal use and feature heavily in wincore.cpp. These functions have the added benefit of throwing an exception rather than returning just giving up and returning NULL.
SetOccDialogInfo method now has a companion GetOccDialogInfo.
The virtual Create method was stripped from several controls including CEdit, CStatusBarCtrl, CListCtrl, CTreeCtrl, CToolbarCtrl, CReBarCtrl, and CRichEditCtrl, to achieve better binary compatibility (for example, CToolbarCtrl and CToolbar need to be compatible).
CWinApp has a new static method ShowAppMessageBox for message boxes which can work when no CWinApp objects can be found. This works in conjunction with another new static method is DoEnableModeless.
The new REPORT_EXCEPTION() macro provides a simple foolproof way of decoding a pException object and putting up an AfxMessageBox in DEBUG mode or a TRACE macro if in RELEASE mode. AFXIsValidAtom() provides validators for both atom handles and strings. AfxEnableMemoryLeakOverride() gives you precision control over whether the AfxEnableMemoryTracking() is allowed to prevail. Last, CArchive now includes << operator overrides for ATL::CStringT family of strings.
Book of the Month: Effective C++ 3rd Ed.
|Several new and notable books have crossed my desk in the past month. I was most happy to see Effective C++, 3rd Edition by Scott Meyers. This book, in past and current incarnations, has done more to define industry best practices than any other book. If you read only one book on C++ this year, make sure it is Effective C++, 3rd Edition. As someone whose 2nd Edition is well thumbed, I can attest that this is a complete makeover and well worth the upgrade. In this edition, templates and their uses informs all the discussions including a brand new chapter on templates and generic programming. Also interwoven through all items are new ways of working based on the standards committee Technical Report 1 ("TR1") changes to the standard library. Last, Meyers references matching Java concepts whenever possible to ease the transition for Java programmers to modern C++.|
About the Author
Victor Volkman has been writing for C/C++ Users Journal and other programming journals since the late 1980s. He is a graduate of Michigan Tech and a faculty advisor board member for Washtenaw Community College CIS department. Volkman is the editor of numerous books, including C/C++ Treasure Chest and is the owner of Loving Healing Press. He can help you in your quest for open source tools and libraries; just drop an e-mail to sysop@HAL9K.com.