C++ Design-Time Breaking Changes
| Short Description | Pointer-to-members now require qualified name and &;. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This is Standard C++. Conformance demands that in order to create a pointer to a member function, the address-of operator (&;) is used with the fully qualified name of the method. | ||||
|
|
|||||
| User Scenario | Code written for previous versions of the compiler that just use the method name will give an error | ||||
|
|
|||||
| Work Around | Customer should fully qualify his method name and use the address-of operator (&) in order to create a pointer to a member function. | ||||
| Short Description | Compiler disallows forward declaration of a managed enum | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This used to compile in VC7.0 and VC7.1, but was not guaranteed to work correctly. The problem is the compiler can't correctly identify the underlying type of the enum. | ||||
|
|
|||||
| User Scenario | Declaring and not defining a managed enum (/clr or /clr:oldSyntax) will give a compiler error. Code written for the VC7.0 and VC7.1 compilers will break. | ||||
|
|
|||||
| Work Around | Customer should always define his managed enums at declaration. | ||||
| Short Description | Switch removal: /YX | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | We have other switches that the user can use to add pre-compiled headers support that are better. | ||||
|
|
|||||
| User Scenario | Users used this switch to generate automatic pre-compiled headers support for their code. It was used by default from the IDE. | ||||
|
|
|||||
| Work Around | Customer can use /Yc and /Yu for pre compiled headers support. | ||||
| Short Description | Switch removal: Optimizations /Oa, /Op and /Ow | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | These switches are both replaced by others or not needed anymore | ||||
|
|
|||||
| User Scenario | Users will need to remove these from their projects. | ||||
|
|
|||||
| Work Around | Customer can use the /fp switches for floating point optimizations. | ||||
| Short Description | Switch removal: /ML and /MLd | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | There is no single threaded CRT anymore | ||||
|
|
|||||
| User Scenario | Users that depended on statically linking to the single threaded CRT. | ||||
|
|
|||||
| Work Around | Customer can just use /MT and /MTd respectively | ||||
| Short Description | Switch removal: /G3 - /G7, /GB, /Gf, /GD, /GM | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The processor specific optimization switches can be replaced by our /OX family of switches. | ||||
|
|
|||||
| User Scenario | Users will need to remove these from their projects. | ||||
|
|
|||||
| Work Around | Customer can achieve the same functionality using our /OX family of optimization switches. | ||||
| Short Description | Switch change: /GS turned on by default. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This is a good thing. If you are getting errors with this switch it is very likely that the user code has a security flaw. | ||||
|
|
|||||
| User Scenario | Users now get buffer overflow checks by default in their code. | ||||
|
|
|||||
| Work Around | Customer can turn the option of with /GS- | ||||
| Short Description | In mixed mode, native constructors are called before managed constructors | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | For a single executable, the constructors of all native global objects will be called before the constructor of any managed global object regardless of whether the native and managed objects exist in the same compilation unit. | ||||
|
|
|||||
| User Scenario | Applications which rely on managed constructors to be called before native constructors may begin to function in an incorrect manner. | ||||
|
|
|||||
| Work Around | Users should ensure that if there are dependencies between global objects, that they are only dependencies from managed objects to native objects. The best way of ensuring that an object is managed or native is to put it into a compilation unit that is bu | ||||
| Short Description | Many new asserts added to debug CRT | ||||
| Affected APIs | Many CRT functions | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | New asserts were added to the debug CRT to aid in run-time errorchecking. | ||||
|
|
|||||
| User Scenario | Applications which use CRT methods incorrectly may begin to display asserts at run time. | ||||
|
|
|||||
| Work Around | Asserts indicate a likely bug in the code which the user should fix. | ||||
| Short Description | Many existing functions now validate their parameters and will call the invalid_parameter_handler when an invalid parameter is passed | ||||
| Affected APIs | Many | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Many of the preexisting functions validate their parameters. This could include checking pointers for NULL, checking that integers fall into a valid range, or checking that enumeration values are valid. When an invalid parameter is found, the invalid_para | ||||
|
|
|||||
| User Scenario | If application code passes invalid parameters to these functions, it results in a call to the invalid_param_handler set through _set_invalid_parameter_handler. If no handler is provided, a default handler is used which invokes Watson. | ||||
|
|
|||||
| Work Around | None Available | ||||
| Short Description | Switch change: /Zc:wchar_t and Zc:forScope are turned on by default | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This is Standard C++ behavior: A wchar_t variable will default to a built-in type instead of a short unsigned integer. | ||||
|
|
|||||
| User Scenario | This will break binary compatibilty when client code is linked with libraries that were compiled without Zc:wchar_t | ||||
|
|
|||||
| Work Around | Customer can use newly introduced compiler switches /Zc:wchar_t- and /Zc:forScope- to revert to the old non-standard behavior. | ||||
| Short Description | uuid attribute can no longer target managed types | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | We used to map the uuid attribute to the BCL's GuidAttribute when we parsed it on managed type targets. | ||||
|
|
|||||
| User Scenario | Old syntax code that uses the uuid attribute on managed targets | ||||
|
|
|||||
| Work Around | Customer should use the BCL's GuidAttribute attribute when targeting managed types | ||||
| Short Description | The compiler now enforces types on named arguments passed to the attribute constructor | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Previously all compiler attributes were parsed as strings, hence either [threading("apartment")] and [threading(apartment)] worked because the compiler will put in the missing quotes. In passing named arguments to attributes, the type is enforced always. | ||||
|
|
|||||
| User Scenario | User code that passes named attributes to the attribute constructor in quotes when type is not a string and without quotes when type is a string will stop compiling | ||||
|
|
|||||
| Work Around | The compiler displays a hint that you should try the quoted or unquoted version of the parameter in this scenario. User will need to fix their code. | ||||
| Short Description | The use of the /clr switch will now compile new syntax C++ code and not Managed Extensions for C++ syntax. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | We changed the meaning of the /clr switch to now default to our new C++ syntax to target the CLR instead of the old one shipped with previous versions of the compiler. | ||||
|
|
|||||
| User Scenario | Code written for Managed Extensions for C++ that is harnessed to compile with the /clr switch. | ||||
|
|
|||||
| Work Around | Change /clr to /clr:oldSyntax to compile code written with Managed Extensions for C++. | ||||
| Short Description | The compiler will only find an attribute name without the Attribute suffix inside an attribute block. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Compiler will only consider the name without its suffix inside an attribute code block. Elsewhere the class name should follow normal C++ look up rules and should be referenced with its full name. | ||||
|
|
|||||
| User Scenario | Code that referenced the attribute name without the suffix outside an attribute block will fail to compile. | ||||
|
|
|||||
| Work Around | Users need to append the Attribute suffix to their references and conform to C++ look up rules to fix their code. | ||||
| Short Description | Native types are private by default in a managed comp | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The compiler will assume private on native types that did not specify a class accessibility modifier. In 7.0 it would behave the same way. The 7.1 compiler would assume public which led to some unexpected and negative side effects. | ||||
|
|
|||||
| User Scenario | Users that depended on these being public by default. | ||||
|
|
|||||
| Work Around | User will have to explicitly put a public accessibility specifier in the native class declaration if they want it to be public. | ||||
| Short Description | Secure SCL - Checked Iterators | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Iterators have been modified to check for in-valid uses. | ||||
|
|
|||||
| User Scenario | Incorrectly indexing or iterating through containers may cause application to terminate. | ||||
|
|
|||||
| Work Around | _SECURE_SCL = 0 | ||||
| Short Description | The swprintf functions has been changed to be conformant. | ||||
| Affected APIs | swprintf(wchar_t *buffer, const wchar_t *format [, argument]...) | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The form of swprintf without a size parameter has been deprecated | ||||
|
|
|||||
| User Scenario | C++ code which explicitly uses the listed form of swprintf without a size argument will emit a warning (C4996). C code which explicitly uses the list form of swprintf without a size argument will emit an error (C2198). | ||||
|
|
|||||
| Work Around | The best solution is to use the secure form of swprintf, which includes the buffer size. It is possible to disable the deprecation warning/error by defining _CRT_NON_CONFORMING_SWPRINTFS | ||||
| Short Description | Existing less secure versions of many functions have been deprecated. | ||||
| Affected APIs | _cgets, _cgetws, _chsize, _controlfp, _cprintf, _creat, _cscanf, _ctime32, _ctime64, _cwprintf, _cwscanf, _ecvt, _fcvt, _ftime32, _ftime64, _gcvt, _getenv_nolock, _getws, _gmtime32, _gmtime64, _i64toa, _i64tow, _itoa, _lfind, _localtime32, _localtime64, _ | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Secure versions of several functions have been added. These functions handle errors in a better way and enforce stricter controls on buffers to help avoid common security flaws. The new secure versions are identified by the _s suffix. | ||||
|
|
|||||
| User Scenario | Code using these functions will give deprecation warnings (C4996). | ||||
|
|
|||||
| Work Around | To disable the deprecation warnings, define _CRT_SECURE_NO_DEPRECATE. | ||||
| Short Description | Switch change: C compilands are not supported with /clr | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The C language does not support the CLR. | ||||
|
|
|||||
| User Scenario | Users that compiled files with .c extension or with command line options /TC or /Tc with any switch from the /clr family will see an error. | ||||
|
|
|||||
| Work Around | User can change the file extension to .cpp|.cxx or compile with the /TP or /Tp command line options | ||||
| Short Description | Compiler no longer allows const_cast to down cast in the old syntax. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This is incorrect code. By definition const_cast can only be used to remove/add a cv qualifier. Any other use of it is incorrect. | ||||
|
|
|||||
| User Scenario | Users were incorrectly allowed to use const_cast to down cast (cast down the hierarchy to a more derived class type) with our 7.0 and 7.1 compilers. User code like this will now hit compiler error C2440. | ||||
|
|
|||||
| Work Around | Customer workaround it to concatenate use of const_cast with one of our other casts that can down cast (dynamic_cast, static_cast or __try_cast). | ||||
| Short Description | Switch conflict: /clr and /MT | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | There is no support in the CRT for statically linking managed applications. | ||||
|
|
|||||
| User Scenario | Users will need to replace /MT with /MD for their code targeting .NET | ||||
|
|
|||||
| Work Around | Customer needs to change /MT to /MD and link dynamically to the CRT. | ||||
| Short Description | CArchive global operators now member operators | ||||
| Affected APIs | template< typename BaseType, class StringTraits > CArchive& AFXAPI operator<<(CArchive& ar, const ATL::CStringT<BaseType, StringTraits>& str) template< typename BaseType, class StringTraits > CArchive& AFXAPI operator>>(CArchive& ar, ATL::CStringT<BaseType, StringTraits>& str) | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | CArchive operators and >> that were global in afxstr.h have been moved to be a member operator in CArchive | ||||
|
|
|||||
| User Scenario | This change breaks user code in the following scenarios Existing code that already specializes the global operator , so specialization doesn't have the primary template anymore. Existing code that calls ::operator (ar,str); (instead of using the | ||||
|
|
|||||
| Work Around | None available. Application Code must overload the member operator . | ||||
| Short Description | Explicit specialization not allowed as a copy constructor/copy assignment operator | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Standard C++ prohibits this so we changed it to be conformant. Users will need to update their code. | ||||
|
|
|||||
| User Scenario | Users that depended on an explicit template specialization for a copy constructor or copy assignment operator in their code will now get compiler error C2299. | ||||
|
|
|||||
| Work Around | Customer workaround is to stop making the copy constructor/copy asignment operator a template function and just make it a regular function that takes a class type with the desired template arguments. Any code that calls the copy constructor/copy assignment | ||||
| Short Description | The overload of pow, double pow(int, int) was removed | ||||
| Affected APIs | double pow(int, int) | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The overload of pow, double pow(int, int), was removed to better conform with the standard | ||||
|
|
|||||
| User Scenario | If application code uses this overload, the compiler may emit C2668. | ||||
|
|
|||||
| Work Around | To avoid this problem, cast the first parameter to double, float, or long double. | ||||
| Short Description | RTC now supports unicode file names, variable names, etc. | ||||
| Affected APIs | _CRT_RTC_INIT | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | RTC by default now uses wide characters. This change allows RTC to handle unicode file names, variable names, etc. | ||||
|
|
|||||
| User Scenario | Users who use RTC (linked with RunTmChk.lib) and who do not use the CRT (/NODEFAULTLIB) will need to make a small modification to their code. | ||||
|
|
|||||
| Work Around | Users should replace _RTC_CRT_INIT with _RTC_CRT_INITW | ||||
| Short Description | The file descriptor value -2 is now used to indicate that stdout and stderr are not available for output, as for example in a Windows application that has no console window. The previous value used was -1. | ||||
| Affected APIs | CRT: stdout and stderr, _fileno | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | If stdout or stderr is not associated with an output stream, for example in a Windows application without a console window, the file descriptor returned is -2. In previous versions, the file descriptor returned was -1. | ||||
|
|
|||||
| User Scenario | User code which specifically checks for a -1 if a console is not available may break since the return value is now -2. | ||||
|
|
|||||
| Work Around | None Available. Check for -2 to verify console is not available. | ||||
| Short Description | CUrl::CrackUrl input flag ATL_URL_DECODE now functions exactly like ATL_URL_ESCAPE | ||||
| Affected APIs | BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | ATL_URL_DECODE previously decoded the given URL before cracking it. This was vulnerable to spoofing in which CrackUrl would misidentify the host name of the URL. ATL_URL_DECODE is now synonymous with ATL_URL_ESCAPE, cracking a URL and then decoding it. | ||||
|
|
|||||
| User Scenario | Applications which use the ATL_URL_DECODE switch may parse URL's differently. | ||||
|
|
|||||
| Work Around | None Available. Users should re-validate any calls to CrackUrl which pass the ATL_URL_DECODE switch. | ||||
| Short Description | Floating-point control word support functions have been deprecated for applications compiled with /CLR or /CLR:PURE | ||||
| Affected APIs | _clear87, _clearfp, _control87, _controlfp, _fpreset, _status87, _statusfp | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The behavior of the floating-point control word support functions is unpredictable when used in managed code. The functions are by definition platform-specific and should not be used in managed code. Deprecation warnings were added to alert users of thi | ||||
|
|
|||||
| User Scenario | Managed code using these functions will emit deprecation warnings (C4996). | ||||
|
|
|||||
| Work Around | Users should remove these functions from managed code. Users may disable the deprecation warning with _CRT_MANAGED_FP_NO_DEPRECATE, but the use of these functions in managed code is unpredictable and unsupported. | ||||
| Short Description | The _spawn family of functions does not reset errno to zero on success, as it did in previous versions. | ||||
| Affected APIs | spawn family of functions | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | Introduces a breaking change in the _spawn functions. In the past, some of these functions set errno to zero on success; the new behavior is to leave errno untouched on success, as specified by the C standard. | ||||
|
|
|||||
| User Scenario | Application code may break if it checked for errno == 0 to verify if spawn was successful. Spawn functions no longer reset errno to zero on success. | ||||
|
|
|||||
| Work Around | If you need to emulate the old behavior, set errno to zero just before calling these functions. | ||||
| Short Description | Compiler will not inject a default type int in declarations missing a type | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The compiler should not be assuming a default type of int in any declaration: whether a function or a variable. | ||||
|
|
|||||
| User Scenario | Code out there that was missing the type in a declaration will no longer default to int and will err. | ||||
|
|
|||||
| Work Around | Customer should fix his code or disable the warning that is treated as an error by default (C4430) | ||||
| Short Description | _set_security_error_handler has been deprecated and will be removed in the near future. | ||||
| Affected APIs | _set_security_error_handler | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | _set_security_error_handler was identified as a fundamentally unsafe method. Support for this function will be completely removed in the near future. | ||||
|
|
|||||
| User Scenario | Code using this function will give deprecation warning (C4996). | ||||
|
|
|||||
| Work Around | Users should remove custom security error handlers and any calls to _set_security_error_handler. The default handler is a much safer way of dealing with security errors. | ||||
| Short Description | Unspecialized class template can't be used as a template argument. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | It is illegal to use an unspecialized template class name as a template parameter in a base class list. Elsewhere inside the class, the compiler injects the unspecialized type parameter. | ||||
|
|
|||||
| User Scenario | Users that use an unspecialized template class name in the base class list for a the class' definition will see a compiler error. | ||||
|
|
|||||
| Work Around | User needs to explicitly add the template type parameters to the template class name when using it as a template parameter in a base class list. | ||||
| Short Description | The syntax changed for passing CLI arrays to custom attributes. | ||||
| Affected APIs | None | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | The type of the array is not deduced anymore from the aggregate initialization list. We now need to specify the type along with the initializer list. | ||||
|
|
|||||
| User Scenario | Old syntax code that uses user defined custom attributes that take CLI arrays in the constructor needs to be updated. | ||||
|
|
|||||
| Work Around | Customer needs to explicitly specify the type of the array with the aggregate initialization like so: [Attr(new String*[] {"a", "B"}] | ||||
| Short Description | Intrinsic forms of insecure functions have been deprecated | ||||
| Affected APIs | Intrinsic forms of strcpy, strcat, _strset | Severity | Low | Compat Switch Available | No |
|
|
|||||
| Description | This is not a new change. The library routines of these functions have already been deprecated as insecure. This deprecation warning was not being issued for the intrinsic forms. The bug is fixed with this change and the intrinsic functions also issue the same warning. | ||||
|
|
|||||
| User Scenario | Code using these intrinsic functions will issue deprecation warning (C4996). If the code is compiled /W4 /WX this will result in compilation errors. | ||||
|
|
|||||
| Work Around | The recommended fix is to use the secure _s versions of these functions. The workaround is to define _CRT_SECURE_NO_DEPRECATE. This results in no warnings being issued for using any insecure CRT functions. This can also be disabled using the compiler switch /wd4996 or to compile using /WX- | ||||
| Short Description | MC++ applications that did not redistribute msvcr7x.dll along with their app will fail when run on the v2.0 .NET Framework. | ||||
| Affected APIs | none | Severity | Medium | Compat Switch Available | No |
|
|
|||||
| Description | All managed C++ applications have a dependency on the c-runtime dll (msvcr70.dll/msvcr71.dll). Some of these applications did not redistribute the dll with their app and their applicaiton were only able to find it because they happened to be run on a version of the CLR that loads the same dll. When run on a version of the CLR that is dependant on the later version of the c runtime, the apps fail to find their version and fail. | ||||
|
|
|||||
| User Scenario | 7.x mc++ apps running on 2.0 NetFX | ||||
|
|
|||||
| Work Around | Install the required dll to the app dir. | ||||