wro.cpp wro.cpp
// reference

Toolset

A curated reference for working C++ developers in 2026. Premium open-source first. Hard OSS made easier. Runnable claims, freshness bar, methodology you can audit.

  1. Premium open-source / free first. Commercial only when no comparable OSS exists, with a one-line "why".
  2. Hard OSS made easier. Integration recipes turn 4-hour setups into 30 minutes.
  3. Cost transparency. Every entry shows "$0 self-hosted; $X/mo cloud-equivalent".
  4. Runnable claims. Compiler-support links to godbolt URLs we run; local-LLM recipes target hardware we own.
  5. Freshness bar. Every page shows when it was last reviewed and when the next review is due.

Safety

Memory, lifetime, bounds, type.

recipe /

C++26 Contracts -- four enforcement modes, one migration path

P2900R14 Contracts shipped in C++26: preconditions, postconditions, and contract_assert with four enforcement modes (ignore, observe, enforce, quick_enforce). GCC 16.1 implements them via -fcontracts. This page covers the syntax, the replaceable violation handler, practical patterns for module boundaries and serialization, contracts as fuzz oracles, and the migration path from observe-in-staging to enforce-in-production.

  • #safety
  • #contracts
  • #p2900
  • #gcc
curated /

Modern C++ Reading List 2026 -- the safety + security canon

The committee papers, talks, industry deployment reports, blog posts, and regulatory references that define the modern + secure + safe-by-default C++ conversation in 2026. Quarterly-refreshed. Companion piece to the May 2026 'C++ Safety State of the Union' essay.

  • #safety
  • #security
  • #profiles
  • #contracts
curated /

Testing for safety in 2026 -- the four coverage levels and the reflection-driven shortcut

Catch2 / doctest / GoogleTest / boost-ext.UT for the floor, RapidCheck for properties, libFuzzer + AFL++ for the ceiling, differential testing for the corners. Plus the C++26 reflection pattern that auto-generates per-field tests so the test suite grows with the schema. Plus the C++26 contracts + C++29 injection direction that turns specs into tests.

  • #safety
  • #testing
  • #fuzzing
  • #catch2
curated /

Lifetime safety in C++ 2026 -- lifetimebound, dangling-detection, and the schema-level borrow lint

Bounds and null are easy to talk about; lifetime is the hard one. C++ in 2026 ships [[clang::lifetimebound]], `-Wdangling-gsl`, the C++ Core Guidelines lifetime profile (P1179), `gsl::not_null`, and scope guards via `std::scope_exit`. Plus a reflection-driven schema lint that forces every non-owning view member to declare its borrow intent at the type level -- catching the structural dangle that escapes the per-call analyzer.

  • #safety
  • #lifetime
  • #lifetimebound
  • #dangling
curated /

Memory safety in C++26 and beyond -- what shipped, what's deferred to C++29, what to flip on today

C++26 shipped Hardened standard library + Contracts + Reflection. The [[profiles::enforce]] attribute (P3081 / P3589 / P3984) was deferred to C++29. This page covers what you can turn on TODAY for memory safety -- across libc++, libstdc++, MSVC, clang-tidy, the lifetime attributes, and a reflection-driven user-library check -- plus the C++29 profile direction the standard is now heading toward.

  • #safety
  • #memory-safety
  • #hardened-stdlib
  • #libc++
recipe /

Sanitizers in 2026 -- safety today, reflection tomorrow

ASan / UBSan / TSan / MSan / HWASan: when to use each, the CI pattern, the reflection-driven safe-by-construction alternative C++26 already enables, and the C++29-direction profile + injection that makes most sanitizer-found bugs uncompilable.

  • #safety
  • #sanitizers
  • #asan
  • #ubsan

Performance

Cache, SIMD, allocators, profiling.

curated /

SIMD in C++ 2026 -- std::simd, Highway, ISPC, and reflection-derived SoA

Picking a SIMD path in C++26: portable std::simd (P1928) for 80% of vectorisable kernels, Google Highway for cross-architecture dispatch, ISPC when you want shader-style SPMD, raw intrinsics when you absolutely need the last cycle. Plus the reflection-derived Structure-of-Arrays layout that turns any aggregate into auto-vectorisable storage without hand-writing the transform.

  • #performance
  • #simd
  • #std-simd
  • #highway
curated /

Profiling C++ in 2026 -- perf / Tracy / Perfetto, plus reflection-driven auto-tracing

When to reach for perf / Tracy / Perfetto / callgrind / VTune. The instrumentation tax each one costs. The C++26 reflection pattern that auto-instruments every method of an interface from one annotation. And the C++29 token-injection direction where the profiler IS the schema.

  • #performance
  • #profiling
  • #perf
  • #tracy

Security

Hardened stdlib, supply chain, secure coding.

curated /

C++ supply chain in 2026 -- vcpkg / Conan / SBOM / CVE feeds, plus reflection-driven SBOMs that cannot drift

C++ shipping in 2026 means a real package manager (vcpkg or Conan), a CycloneDX or SPDX SBOM emitted on every build, and CVE feeds (NIST NVD + GitHub Advisory) wired into CI. Plus the reflection-driven pattern that closes the gap conventional SBOM workflows leak: components encoded as P3394 annotations on the vendoring types, with a consteval lint that refuses to compile a vendored type missing its component metadata. The SBOM cannot drift from the source because there is no source for it to drift from.

  • #security
  • #supply-chain
  • #vcpkg
  • #conan
recipe /

Hardened stdlib in 2026 -- one CMake line, ~1000 production bugs caught

C++26 ratified the Hardened standard library (P3471) on top of Contracts (P2900). Flip one macro per implementation and vector::operator[], unique_ptr deref, and string overruns abort with a contract violation instead of silently corrupting memory. Google reports 0.3% perf cost across hundreds of millions of LOC, 1000+ bugs found. Plus the reflection-driven schema lint that catches the cases hardened-stdlib can't reach.

  • #security
  • #hardened-stdlib
  • #libcxx
  • #libstdcxx

Compliance

Functional safety, qualified tools, coding standards.

curated /

C++ coding standards in 2026 -- MISRA, SEI CERT, JSF AV side by side, plus reflection-driven composable rule bundles

MISRA C++:2023, SEI CERT C++, JSF AV C++. Three coding standards, three regulated industries, three analyzers in your CI. The pages compares scope and overlap, then shows the reflection-driven pattern that lets a single header opt into multiple standards at once: encode each rule as a consteval predicate over T's reflection, compose them with operator&&, fail at compile time. No analyzer-config matrix; rule violations become compile errors with the failing rule's name in the diagnostic.

  • #compliance
  • #misra
  • #sei-cert
  • #jsf-av
matrix /

Qualified C++ compilers in 2026 -- which toolchain ships in regulated industries

ISO 26262 (automotive), IEC 61508 (industrial), DO-178C (avionics), IEC 62304 (medical) all require a Software Tool Confidence Level (TCL) argument for the compiler. This page maps the 2026 vendor landscape -- GHS MULTI, IAR EWARM, LLVM Embedded Toolchain for Arm, Arm Compiler 6, GCC + GHS qualification kits, and the new TCL kits for the LLVM-based vendors -- across the four big standards. Plus a reflection-driven MISRA C++:2023 lint that shrinks your tool-qualification surface.

  • #compliance
  • #iso26262
  • #iec61508
  • #do178c

AI tooling

AI agents + local LLMs for C++ work.

curated /

AI coding agents for C++

Eight agents evaluated for C++ work. Premium open-source first. With AGENTS.md template, MCP servers worth wiring, and a decision tree.

  • #ai
  • #agents
  • #tooling
  • #cpp26
integration /

Local LLM for C++ developers

Open-weight coding models, runtime stack, and a working reference deployment (Jetson AGX Thor) wired to Continue.dev for a fully-private C++ workflow. Premium-OSS first; cloud only when you need the last 10%.

  • #ai
  • #agents
  • #local-inference
  • #ollama

Reflection

C++26 reflection: compiler support + library backends.

matrix /

C++26 compiler support

Per-feature, per-compiler support matrix derived from godbolt examples we actually run. Cells link to runnable Compiler Explorer URLs.

  • #cpp26
  • #compilers
  • #p2996
  • #reflection

How we test

Every claim on this site is either auto-generated from data we keep fresh, or based on hands-on use we can describe. Here is what that means per section kind:

  • Matrix sections read from src/data/godbolt-permalinks.yml , which the publish pipeline regenerates per post via the scripts/shorten-examples.py godbolt-API gate. A green cell means the example compiles AND runs cleanly under that compiler today.
  • Curated sections are opinionated link directories. Each tool we recommend has a one-line "why" and a verdict for C++ work specifically. Editorial bias: premium open-source first.
  • Recipe sections are scenario-driven walkthroughs by us (toolchain choices, project setup, sanitiser flags, decision trees). Working snippets, no marketing.
  • Integration sections are "hard OSS made easier" guides: install scripts, systemd units, config snippets pre-tuned for C++. When applicable, our reference hardware is a Jetson AGX Thor (126 GB unified LPDDR5X) running open-weight models behind Tailscale.

Every non-matrix page surfaces a Reviewed YYYY-MM-DD badge at the top, plus a Next review by date 90 days out. If a page is past its review date and still on the site, that is a bug — please open an issue.

For AI agents

Every toolset page also exposes a machine-readable companion at /toolset/<slug>/llms.txt, indexed at the site-root /llms.txt per the llmstxt.org convention. Point your coding agent at that path and it can fetch concise, actionable guidance directly — without scraping HTML.