Placement new operator in a driver

Hence one of my favorite quotes:

“I program in the same language no matter what the compiler is.”

• Peter Denning

Ken

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, April 28, 2006 12:38 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Placement new operator in a driver

Don Burn wrote:

I hate to say it: there is very little new in the computing space.

This has way more truth than many would like to admit. The fact is that
much (most?) of the fundamental research in computing was done in the
1950s and 1960s. C# is really little more than a different spelling of
Algol. Direct3D implements fundamental algorithms that were developed
in the 1960s. For graphics, especially, I think many people would be
very surprised to learn how much of what we know came out of the Jim
Blinns and Alvy Ray Smiths and Ivan Sutherlands of a third of a century ago.

We do a side business in patent work (lawyers always pay their bills on
time). It has led me to understand that much of the innovation of today
is just microscopic tweaking of great ideas from long, long ago.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> This is how langs and compilers evolve.

This is the dead end way. Lack of such things - in favour of function calls -
is why we use C and C++.

Function (provided by the OS, and not by language itself) is better then such
things. More flexible. The only drawback is portability.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Pavel A. wrote:

Actually, Mark, this only confirms my statement.
You designed and coded it in C++ but could not expose C++ in public interface. Why?

That one, at least, is trivial to answer and has nothing to do with the
advantages or disadvantages of C vs. C++. There are at least 2 reasons:

1. Microsoft still likes to preserve the *illusion* that you could use a
   3rd party compiler, and C++ exports don’t play nice because of name
   mangling. Of course, at the same time they tell you never to use
   anything but the DDK compiler, so I have to wonder about that (ok, I
   think they’re paranoid that their compiler teams might change the name
   mangling in a later release since it’s not part of the spec, but that
   strikes me as unlikely in the extreme).

2. Good or bad, a lot of kernel code is still written in C. It’s a *lot*
   easier for a C++ program to wrap a C interface than it is for a C
   program to use a C++ interface. It’s a “lowest common denominator” thing.
   –
   Ray

All it really takes is continuous and consistent code reviews and a
sharp and experienced (and sane) system architect in charge of them.

Given that very small concession to practicality, in my experience
maintaining a huge complicated driver for the last 10 years, C++ is
vastly more maintainable than C.

We were able to port our NT4 driver to Win2k and then to KMDF changing
only about 10% of the files in our driver. While that can be done with
C, it takes *much* more discipline, and a much smarter and more
consistent team. Clearly defined polymorphic interfaces are just plain
the only way to obtain long-term maintainability and portability. You
can of course do that in C too, but it’s a huge pain.

Maxim S. Shatskih wrote:

> from scratch. But kernel program based on C++ is more
> maintainable and a
> little robust(This factor depends much on developer’s

C is always more maintanable then C++. Only the very, very great developer
experience can make this not true.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

–
Ray

Maxim S. Shatskih wrote:

But note: - in C, DoSomething(f) tells you for sure that the object will not be
changed!

"f" might not change, but it is a pointer or a structure that includes a
pointer, you still can change the referenced object.

And anything complicated is always passed by pointer, especially in the
kernel, so what again is the point?

Ray

I suggest we settle this at winhec with a beer drinking contest. Then
again I stopped drinking many years ago.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, May 01, 2006 2:33 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Placement new operator in a driver

Maxim S. Shatskih wrote:

But note: - in C, DoSomething(f) tells you for sure that the object
will not be
changed!

"f" might not change, but it is a pointer or a structure that includes a

pointer, you still can change the referenced object.

And anything complicated is always passed by pointer, especially in the
kernel, so what again is the point?

Ray

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at

Continous and consistent code reviews require resources (time, money and
people) that many real companies that product legitimate products simply
do not have in sufficient quantities so as to be able to plan on this.
When something has to give, and it comes down to code review or getting
more done immediately, the short term view always wins, in my
experience. This is so for reasons that are, while not sexy,
unavoidably cogent.

I say this only because, while I was one of the early proposers, in
this context, of using C++ in some limited circumstances, I
categorically disagree with your reasons as a general statement, if that
makes any sense. C++ is harder. It required more experienced
developers. However competent any one person is in C++, he or she is,
essentially by definition, minimally, equally as fluent in C. It’s
pretty hard to get around that one. I think the benefits of C++ are
easily worth it in some cases, but they are definitely not free.

>> xxxxx@synaptics.spamblock.com 2006-05-01 14:28:36 >>>
All it really takes is continuous and consistent code reviews and a
sharp and experienced (and sane) system architect in charge of them.

Given that very small concession to practicality, in my experience
maintaining a huge complicated driver for the last 10 years, C++ is
vastly more maintainable than C.

We were able to port our NT4 driver to Win2k and then to KMDF changing

only about 10% of the files in our driver. While that can be done with

C, it takes *much* more discipline, and a much smarter and more
consistent team. Clearly defined polymorphic interfaces are just plain

the only way to obtain long-term maintainability and portability. You
can of course do that in C too, but it’s a huge pain.

Maxim S. Shatskih wrote:

> from scratch. But kernel program based on C++ is more
> maintainable and a
> little robust(This factor depends much on developer’s

C is always more maintanable then C++. Only the very, very great
developer
experience can make this not true.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

–
Ray

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> categorically disagree with your reasons as a general statement, if that

makes any sense. C++ is harder. It required more experienced
developers. However competent any one person is in C++, he or she is,
essentially by definition, minimally, equally as fluent in C. It’s
pretty hard to get around that one. I think the benefits of C++ are
easily worth it in some cases, but they are definitely not free.

Note: MS’s Doron described that C++ usage guidelines in the kernel team in MS.
This can be a good idea to listen to him thoroughly.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Then, as someone who likes winning and doesn't care what language you
use, I'd like to be on the OTHER team

Maybe OSR can get a keg for their lounge this year

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Monday, May 01, 2006 12:03 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Placement new operator in a driver

I suggest we settle this at winhec with a beer drinking contest. Then
again I stopped drinking many years ago.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, May 01, 2006 2:33 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Placement new operator in a driver

Maxim S. Shatskih wrote:

But note: - in C, DoSomething(f) tells you for sure that the object
will not be
changed!

"f" might not change, but it is a pointer or a structure that includes a

pointer, you still can change the referenced object.

And anything complicated is always passed by pointer, especially in the
kernel, so what again is the point?

Ray

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at

Doron Holan wrote [speaking of the evils of references]:

Because you can't tell what the hell is going on by looking at the
calling code (vs the impl).

The converse is true of pointers: you can't tell what the hell is going
on in the *function*, because the compiler makes absolutely no
guarantees that the pointer actually points to anything real and of the
correct type, and worse, there are no checks that you can put into the
function itself that will guarantee anything other than that the pointer
is non-NULL (possibly short of the horrible RTTI kludge).

The thing about references isn't the syntactic sugar (that's just there
to make the real advantage clear to the reader of the function). It's
that you know the variable points to something that the compiler
guarantees is *really really really* a variable of that type and can't
be something else (references to dangerously-recast pointers being sole
exception that merely proves this rule).

Call it a personal preference, but if I want to know for sure what is
going on in a program, I'd much rather be forced to look in a single
location that I'm guaranteed to have have access to (the declaration,
where the reference parameter is explicit) than in a myriad of
locations, some of which are probably in opaque code (all the callers,
where the pointer has to be passed in correctly).

And with any reasonably modern IDE, you can easily look at that
declaration without even leaving the file you're reading.

This is purely a coding convention, it has nothing to do with the
compiler.

If it's *just* a coding convention, and you *really* want to have this
(false) sense of security without the trivial effort of hovering your
pointer over the function call, make your coding convention this:

#define REFERENCE
CFoo f;
DoSomething(REFERENCE f);

I'll also point out that in your example if CFoo were declared as:

class CFoo
{
public:
CBar* m_pBar;
}

Then you wouldn't *really* know anything any more, though you could
easily be tricked into thinking that you did. It's best to assume that
passing any parameter more complicated than an integer can have side
effects. And even with the int it's not 100% safe (int pfoo; pfoo =
(int)&pfoo; DoSomethingArbitraryWithAnIntPassedByValue(pfoo); :-)).

Ray

MAXIM:

I wasn’t responding to Doron.

>> xxxxx@storagecraft.com 2006-05-01 16:10 >>>
categorically disagree with your reasons as a general statement, if
that
makes any sense. C++ is harder. It required more experienced
developers. However competent any one person is in C++, he or she
is,
essentially by definition, minimally, equally as fluent in C. It’s
pretty hard to get around that one. I think the benefits of C++ are
easily worth it in some cases, but they are definitely not free.

Note: MS’s Doron described that C++ usage guidelines in the kernel team
in MS.
This can be a good idea to listen to him thoroughly.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Fair enough, but any company that doesn’t have continuous and consistent
code reviews has already decided that they don’t care *at all* about the
maintainability of their code, no matter what language they are writing
it in.

At which point they might as well use either language at their whim.

Continuous code reviews are the only way to keep more than one person up
on the code in the long run, and they’re also the only way to train your
inexperienced programmers to actually write good code. Those are the two
most absolute minimum requirements for having maintainable code in the
long run.

Martin O’Brien wrote:

Continous and consistent code reviews require resources (time, money and
people) that many real companies that product legitimate products simply
do not have in sufficient quantities so as to be able to plan on this.
When something has to give, and it comes down to code review or getting
more done immediately, the short term view always wins, in my
experience. This is so for reasons that are, while not sexy,
unavoidably cogent.

I say this only because, while I was one of the early proposers, in
this context, of using C++ in some limited circumstances, I
categorically disagree with your reasons as a general statement, if that
makes any sense. C++ is harder. It required more experienced
developers. However competent any one person is in C++, he or she is,
essentially by definition, minimally, equally as fluent in C. It’s
pretty hard to get around that one. I think the benefits of C++ are
easily worth it in some cases, but they are definitely not free.

>>> xxxxx@synaptics.spamblock.com 2006-05-01 14:28:36 >>>
All it really takes is continuous and consistent code reviews and a
sharp and experienced (and sane) system architect in charge of them.

Given that very small concession to practicality, in my experience
maintaining a huge complicated driver for the last 10 years, C++ is
vastly more maintainable than C.

We were able to port our NT4 driver to Win2k and then to KMDF changing

only about 10% of the files in our driver. While that can be done with

C, it takes *much* more discipline, and a much smarter and more
consistent team. Clearly defined polymorphic interfaces are just plain

the only way to obtain long-term maintainability and portability. You
can of course do that in C too, but it’s a huge pain.

Maxim S. Shatskih wrote:
>> from scratch. But kernel program based on C++ is more
>> maintainable and a
>> little robust(This factor depends much on developer’s
> C is always more maintanable then C++. Only the very, very great
developer
> experience can make this not true.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>

–
Ray

> Maybe OSR can get a keg for their lounge this year

I’ll make sure Dan gets notified and makes all the proper arrangements (cuz,
like, he really listens to me when it comes to this stuff).

All that’s left is to decide if it should be imported or domestic. I vote
domestic because it’s less complicated and more maintainable.

-scott

–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
Then, as someone who likes winning and doesn’t care what language you
use, I’d like to be on the OTHER team

Maybe OSR can get a keg for their lounge this year

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Monday, May 01, 2006 12:03 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Placement new operator in a driver

I suggest we settle this at winhec with a beer drinking contest. Then
again I stopped drinking many years ago.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, May 01, 2006 2:33 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Placement new operator in a driver

Maxim S. Shatskih wrote:
> But note: - in C, DoSomething(f) tells you for sure that the object
will not be
> changed!

“f” might not change, but it is a pointer or a structure that includes a

pointer, you still can change the referenced object.

And anything complicated is always passed by pointer, especially in the
kernel, so what again is the point?
–
Ray

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Make it simpler, have two trash cans for beer bottles from the expo hall in
your booth, one marked C++ forever and the marked C forever, people can vote
with their empties.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Remove StopSpam from the email to reply

“Scott Noone” wrote in message news:xxxxx@ntdev…
>> Maybe OSR can get a keg for their lounge this year
>
> I’ll make sure Dan gets notified and makes all the proper arrangements
> (cuz, like, he really listens to me when it comes to this stuff).
>
> All that’s left is to decide if it should be imported or domestic. I vote
> domestic because it’s less complicated and more maintainable.
>
> -scott
>
> –
> Scott Noone
> Software Engineer
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
> “Peter Wieland” wrote in message
> news:xxxxx@ntdev…
> Then, as someone who likes winning and doesn’t care what language you
> use, I’d like to be on the OTHER team
>
> Maybe OSR can get a keg for their lounge this year
>
> -p
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
> Sent: Monday, May 01, 2006 12:03 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Placement new operator in a driver
>
> I suggest we settle this at winhec with a beer drinking contest. Then
> again I stopped drinking many years ago.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
> Sent: Monday, May 01, 2006 2:33 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Placement new operator in a driver
>
> Maxim S. Shatskih wrote:
>> But note: - in C, DoSomething(f) tells you for sure that the object
> will not be
>> changed!
>
> “f” might not change, but it is a pointer or a structure that includes a
>
> pointer, you still can change the referenced object.
>
> And anything complicated is always passed by pointer, especially in the
> kernel, so what again is the point?
> –
> Ray
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
>

> Call it a personal preference, but if I want to know for sure what is

going on in a program, I’d much rather be forced to look in a single
location that I’m guaranteed to have have access to (the declaration,
where the reference parameter is explicit) than in a myriad of locations,
some of which are probably in opaque code (all the callers, where the
pointer has to be passed in correctly).

That’s a huge problem in C# that does not have const. You can’t be sure an
object won’t change until you manually checked all possible code paths,
assuming you have the source code.

–

“Ray Trent” wrote in message
news:xxxxx@ntdev…
> Doron Holan wrote [speaking of the evils of references]:
>> Because you can’t tell what the hell is going on by looking at the
>> calling code (vs the impl).
>
> The converse is true of pointers: you can’t tell what the hell is going on
> in the function, because the compiler makes absolutely no guarantees
> that the pointer actually points to anything real and of the correct type,
> and worse, there are no checks that you can put into the function itself
> that will guarantee anything other than that the pointer is non-NULL
> (possibly short of the horrible RTTI kludge).
>
> The thing about references isn’t the syntactic sugar (that’s just there to
> make the real advantage clear to the reader of the function). It’s that
> you know the variable points to something that the compiler guarantees is
> really really really a variable of that type and can’t be something else
> (references to dangerously-recast pointers being sole exception that
> merely proves this rule).
>
> Call it a personal preference, but if I want to know for sure what is
> going on in a program, I’d much rather be forced to look in a single
> location that I’m guaranteed to have have access to (the declaration,
> where the reference parameter is explicit) than in a myriad of locations,
> some of which are probably in opaque code (all the callers, where the
> pointer has to be passed in correctly).
>
> And with any reasonably modern IDE, you can easily look at that
> declaration without even leaving the file you’re reading.
>
>> This is purely a coding convention, it has nothing to do with the
>> compiler.
>
> If it’s just a coding convention, and you really want to have this
> (false) sense of security without the trivial effort of hovering your
> pointer over the function call, make your coding convention this:
>
> #define REFERENCE
> CFoo f;
> DoSomething(REFERENCE f);
>
> I’ll also point out that in your example if CFoo were declared as:
>
> class CFoo
> {
> public:
> CBar* m_pBar;
> }
>
> Then you wouldn’t really know anything any more, though you could easily
> be tricked into thinking that you did. It’s best to assume that passing
> any parameter more complicated than an integer can have side effects. And
> even with the int it’s not 100% safe (int pfoo; pfoo = (int)&pfoo;
> DoSomethingArbitraryWithAnIntPassedByValue(pfoo); :-)).
> –
> Ray
>

Very nice work and point well taken.

>> xxxxx@osr.com 2006-05-01 16:42 >>>
Maybe OSR can get a keg for their lounge this year

I’ll make sure Dan gets notified and makes all the proper arrangements
(cuz,
like, he really listens to me when it comes to this stuff).

All that’s left is to decide if it should be imported or domestic. I
vote
domestic because it’s less complicated and more maintainable.

-scott

–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
Then, as someone who likes winning and doesn’t care what language you
use, I’d like to be on the OTHER team

Maybe OSR can get a keg for their lounge this year

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Monday, May 01, 2006 12:03 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Placement new operator in a driver

I suggest we settle this at winhec with a beer drinking contest. Then
again I stopped drinking many years ago.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Monday, May 01, 2006 2:33 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Placement new operator in a driver

Maxim S. Shatskih wrote:
> But note: - in C, DoSomething(f) tells you for sure that the object
will not be
> changed!

“f” might not change, but it is a pointer or a structure that includes
a

pointer, you still can change the referenced object.

And anything complicated is always passed by pointer, especially in
the
kernel, so what again is the point?
–
Ray

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer