
CppCMS – High Performance C++ Web Framework - viana007
http://cppcms.com/wikipp/en/page/main
======
benjamincburns
Some of the negative comments here really anger me, and I feel a need to speak
up.

Who gives a flying _fuck_ if this tool is the right one for whatever is your
individual definition of web development? The fact is that someone had a need
for a particular solution and they were kind enough to build it, document it,
and show it off here for _free_. Turning your nose up at this based on
language choice just makes you a close-minded fool.

Applications for this do in fact exist, and I'm quite pleased that the author
was kind enough to post this.

On a past project I've had to write my own asynchronous web framework in C
based on the wonderful libmicrohttpd. I decided on C because this was a
resource limited device on which I was already using every available CPU cycle
on a realtime computer vision algorithm and it all was just barely performing
within acceptable limits. I needed as tiny a footprint as I could get.

I'm in the early stages of a different project which will probably face a
similar situation, except on this massive concurrency will be key. I will
absolutely be looking into CppCMS when the time comes.

~~~
j_baker
You know, every time I see one of these types of frameworks the first thing
that comes to mind is "Some people are just determined to make C++ look cool
again". I mean sure, sometimes you run into a case where you are running
computer vision algorithms on an embedded device and have to choose C or C++.

But how common are those use-cases _really_? And why on earth would you want
to worry about buffer overflows and memory leaks when you're already worrying
about XSS and CSRF attacks?

As fast as modern Java is, it just seems unnecessary.

~~~
yati
> And why on earth would you want to worry about buffer overflows and memory
> leaks

Have you written a line of code in modern C++? Know what RAII is? If you use C
arrays and char*s in C++, that's your problem - the language provides idioms
that are "as safe as" Java.

~~~
Skinney
RAII doesn't save you from buffer overflows, or memory leaks when you need an
object to live beyond the current scope.

C arrays and pointers can still be used on the stack, and are sometimes simply
the right tool for the job.

While RAII greatly reduces memory leaks and enhances resource-management, it
doesn't save you in all cases, which means there still is an overhead and you
will still have to worry about it.

Java doesn't have Undefined Behaviour, buffer overflows, or memory leaks (not
completely true, I'm not counting space leaks here but I hear it's possible to
introduce a memory leak by writing a faulty class loader).

While C++ does provide idioms for writing safe code, C++ can't remove them,
which means you will always have to worry about it. Sometimes the problem
isn't actually your code, but the library you're using, which is the case at
my job, which again made me miss a safer language :(

~~~
eatitraw
> RAII doesn't save you from buffer overflows

How do other languages solve this problem?

> or memory leaks when you need an object to live beyond the current scope.

Have you ever heard about smart pointers? They take most pain from dealing
with pointers. Managing circular references remains a bit complex though.

~~~
Skinney
> How do other languages solve this problem?

Reading or writing past the allocated parts of a buffer is treated as a
runtime error, wheras in C/C++ you just end up with corrupted memory.

> Have you ever heard about smart pointers?

Ahh, completely forgot about these. You're right, they're great.

------
lsh123
Disclaimer: I used to write Web apps in C++ in late 90s/early 00s for the
largest web company of the time.

1) DB is often a bottleneck for web apps. Not always. But often. Very often.
Optimizing pages rendering will improve the performance for pages that are
already rendered pretty fast. It will do nothing for pages that are loaded
slow due to DB access. A better/smarter cache will give you much bigger bang
for the buck.

2) For the annual salary of a _good_ C++ programmer (i.e. one who can write
safe and _readable_ code with STL and Boost), I can run 50 large AWS instances
for a year.

3) Writing safe C++ code is hard. Even with STL and Boost you still have to
understand the little details of objects ownership (see
boost::shared_from_this<> as an example).

Overall, I would invest in distributed system with smart and efficient caching
instead of trying to optimize single server performance. At the end, you will
run out of the single box solution (if you are successful). Going from 1
server to 2 servers is really hard. Going from 10 to 100 is not too bad.

~~~
danielparks
Disclaimer: I’m not a C++ guy; I generally write in Ruby and PHP.

I agree with your overall point — C++ may not be a good fit for web
development, and there’s a lot to be said for being able to scale across
multiple servers (and choice of platform will determine how quickly you have
to solve that problem).

That said, my experience is that for most projects the performance bottleneck
is the framework, not the DB. On big PHP projects, loading lots of code on
every page load takes a huge amount of time, and many frameworks do things
like parse multiple XML files on every request.

Similarly, Rails is slow… just take a look at how much time is spent outside
of the database for a typical request. It’s crazy how long it takes,
considering that most requests boil down to a DB query and then some string
concatenation.

Another angle on his is the common pattern of having a bunch of app servers
and just a few DB servers. That implies that the DB is not the main
bottleneck.

Again, I agree with your overall thesis, I just have to disagree with the
common wisdom that is point 1.

~~~
lsh123
In my statement I kind of assumed that all the "cheap" optimizations in the
framework are already done (e.g. PHP APC cache is enabled, lazy
classes/configs loading is implemented, etc.) so we compare "apples-to-
apples": a highly optimized C++ framework to a highly optimized, say, PHP
framework (can't comment about Ruby - didn't have experience building/running
large-scale apps on it). And of course, it all depends on the application
itself. Fetching single "narrow" rows by primary key is obviously cheap and
nobody cares. However, you have to dig through a table larger than 500G with
multiple indexes is not so cheap.

And the reason why you don't see a lot of DB servers is that it is HARD to
scale DB by just adding servers (I am ignoring for a second non-SQL servers
w/o joins as well as high-end Oracle and new MySQL-Galera solutions). An ACID
compliant SQL DB is a single-server affair unless you invest heavily into the
DB itself since it is really hard to run DB cluster even from pure operational
standpoint.

~~~
krakensden
> In my statement I kind of assumed that all the "cheap" optimizations in the
> framework are already done (e.g. PHP APC cache is enabled, lazy
> classes/configs loading is implemented, etc.) so we compare "apples-to-
> apples": a highly optimized C++ framework to a highly optimized, say, PHP
> framework

I'm kind of skeptical, to be honest. I suspect a simple, unoptimized C++
application wouldn't have a lot of problems keeping up with a highly optimized
PHP framework. Interpreters do so much extra work.

Not that I would use C++ for web stuff- that's 99% string munging, and string
munging in C++ is how you wind up with your desperate last words mockingly
quoted on seclists.org.

~~~
lsh123
Assume your DB query takes 10 secs. It's irrelevant if C++ code takes 0.01 sec
when your PHP code takes 0.1 sec.

~~~
ehsanu1
Now why would I assume that? There are times when you need to generate a big
report, and just the SQL can take that long or more. But typical web requests
for typical applications are not like that. DB queries shouldn't take more
than a couple hundred milliseconds for "typical" application requests.

Even counting that, the comparison is also not necessarily correct. In some
cases, perhaps the C++ code would have taken 0.1s, where the ruby code takes
5s. In fact, 50x is about the slowdown you used to see for ruby in the
programming languages shootout, and it is still pretty bad. [1]

[1]
[http://benchmarksgame.alioth.debian.org/u32/benchmark.php?te...](http://benchmarksgame.alioth.debian.org/u32/benchmark.php?test=all&lang=yarv&lang2=gpp&data=u32)

------
daeken
I must say, I made a beeline for the security page and was not disappointed.
While I think they underplay the risk of memory corruption flaws (namely by
emphasizing backups to be critical, rather than isolating user data to
minimize compromise in the case of the site being owned), they otherwise do a
fantastic job. I can nitpick a bit (and will probably send some
recommendations to improve the guide a little) but I really have to commend
them on that.

~~~
pcwalton
I knew I would find a statement like this in the security page: "So using
modern language techniques programming in C++ is not more dangerous then
programming in Java, Python or Ruby."

This is a belief that many C++ programmers have, and having spent much of my
life in the past few years finding ways to break a C++-like memory model
(Rust) I cannot emphasize enough how dangerously wrong it is. Safer than C,
sure. As safe as a memory-safe language like Java, absolutely not.

~~~
dakimov
What are you talking about?

The safety you mentioned comes from only two things: type safety and runtime
array boundary checks.

There is no problem in implementing runtime boundary check in C++.

What else in C++ is less safe than in Java? Is there some kind of magic?

~~~
pcwalton
Iterator invalidation, returning references that outlive their referent,
storing references in data structures that outlive their referent,
invalidation of the "this" pointer, etc.

~~~
dakimov
Basically those are examples of bare pointer manipulations (as references are
essentially syntactically sugared bare pointers).

Although it can be mitigated with specially written collections (incompatible
with the standard collections) and strict coding guidelines, I have to agree
with you that the C++ memory model itself is insanely dangerous.

------
bhauer
I would like to see an implementation of our test suite [1] for CppCMS in
order to see the CppCMS vs CPoll-Cppsp cage match. Any C++ experts who would
be so kind to send us a pull request? :)

[1]
[http://www.techempower.com/benchmarks/](http://www.techempower.com/benchmarks/)

~~~
onedognight
I love that the code for the fastest database backed web server[0] found in
this test suite, beating golang by 40% and node.js by 13x comes from a
repository[1] that is filled with "all the code i've ever written since grade
11; also includes some forward-ported code from grades 8 and 9." including
random class projects and a netcat replacement.

[0]
[http://www.techempower.com/benchmarks/#test=query](http://www.techempower.com/benchmarks/#test=query)

[1]
[https://github.com/xaxaxa/workspace/](https://github.com/xaxaxa/workspace/)

~~~
bhauer
Yeah. I've considered adding a popularity attribute of some sort to use in the
filters. E.g., "mainstream," "challenger," and "fringe." But to date, I've not
put a whole lot of thought into how exactly I could objectively measure
popularity. Perhaps Google search hits for "[name] web application framework."

~~~
feniv
That would be biased towards the frameworks named as some common word (like
"go") being mistakenly marked as more popular than they are.

~~~
bhauer
Indeed. I'm not really sold on the idea, and addressing this is not a
priority.

I just wanted to point out that I'm aware that it's a little funny to see
fringe frameworks compared head-to-head with mainstreamers. But the charts are
but one data point to consider in evaluating options. :)

------
jokoon
Haha, I feel like there is a language bubble, everyone is using their
interpreted/bytecode language, but people never realize how performance can be
and is still always an issue. Even with the fastest computer, or cloud, or
cluster, computer resources are always finite, and it's easier to reach that
limit than anything else.

People relying too much on inteepreted or bytecode languages end up making
abstraction on what happens on the metal, forget the basics of good enough
performance, and bam, even the fastest server looks like a piece of garbage.

I'll always be conservative regarding language choices, because if a language
makes things easier, it should also be taken with a grain of salt.

------
CCs
CppCMS license is LGPLv3 - not too company friendly.

CppDB on the other hand is MIT or Boost. It is the best DB library I found so
far for C++.

~~~
nly
> CppDB on the other hand is MIT or Boost. It is the best DB library I found
> so far for C++.

Have you evaluated Code Synthesis's ODB?

~~~
muyuu
Are these key-value DBs like LevelDB / BerkeleyDB / etc? or maybe something
more sophisticated?

~~~
CCs
Both CppDB and ODB are abstraction layers between your code and SQL (Postgres,
mySQL etc). ODB is somewhat closer to ORM.

CppDB uses MIT or BSD license (you pick), ODB is under LGPL or commercial
license.

------
IzzyMurad
"CppCMS is a Free High Performance Web Development Framework (not a CMS)"

This is so dumb. Why it is called CppCMS then?

~~~
sce
[http://cppcms.com/wikipp/en/page/faq#If.CppCMS.is.not.a.CMS....](http://cppcms.com/wikipp/en/page/faq#If.CppCMS.is.not.a.CMS..where.does.this.name.come.from).

Quote from that page:

The original idea was: "Write your own CMS in C++".

The lead developer asked in 2008 for a better name but didn't get any
suggestions, so the name stuck.

It was decided later to keep this name as it was already well known name and
all the software around used cppcms as the namespace.

------
unabridged
I looked into CppCMS a few months ago, I would love to use it but the lack of
SSL/HTTPS is a huge detriment. If I have to stick nginx in front of it for SSL
I may as well keep using fastcgi.

------
marc0
I would be interested in how this perfoms compared to the web server
implemented in Go

~~~
Bjoern
Or Erlang.

------
krakensden
They've got translations in their example:
[http://cppcms.svn.sourceforge.net/viewvc/cppcms/blog/trunk/p...](http://cppcms.svn.sourceforge.net/viewvc/cppcms/blog/trunk/po/)

Something more web frameworks should do.

------
ricardobeat
If the only benchmark is going to be against PHP + Wordpress, you might as
well just say it's better than zero.

------
n00b101
It seems there's no documentation?

~~~
dewey
[http://cppcms.com/wikipp/en/page/cppcms_1x](http://cppcms.com/wikipp/en/page/cppcms_1x)

------
solox3
Odd wiki. Unlike Wikipedia, the front page is completely open to public
editing.

------
ExpiredLink
C++ isn't suitable for Web programming.

~~~
PommeDeTerre
You do realize that the most widely used Ruby, PHP, Python, Perl, JavaScript
and Java implementations all rely very heavily on C and/or C++ in one way or
another, right?

Even when using JRuby, for example, it's still running on a JVM that's very
likely implemented using one or both of C and C++.

Don't forget that the major web servers and web browsers are all implemented
in C and/or C++, or in one of the many scripting language or other runtime
implementations implemented using C and/or C++.

And that's ignoring all of the other infrastructure, like server operating
systems, router software, and so forth that's implemented using C, or C++, or
both.

Every line of code executing in your non-C or non-C++ web development language
of choice likely depends on many thousands of lines of C and C++ code, even as
you malign them here.

~~~
nikic
Yes, of course in the end everything runs on machine code. That does not imply
though that it is reasonable to write your web applications in machine code or
assembly or C or C++.

I'm not arguing whether or not C++ is actually suitable for web development, I
just don't think your line of argumentation makes sense.

~~~
PommeDeTerre
The majority of that C and C++ code is hand-written, and not just the output
of a compiler or an assembler. They have directly been used to craft some of
the most important, and often most difficult to implement, parts of the web
application stack.

It's absurd to claim that C and C++ aren't suitable for web development when a
huge part of basically every web app today is written in one or both of them.
They aren't just suitable for web development; they are critical for it.

~~~
akiselev
You're arguing semantics so let me continue the pattern.

In any non-trivial (jobs/money are on the line), web development != web
programming. C/C++ is suitable for web programming, sure, but web DEVELOPMENT
is an entirely different matter and is highly dependent on the availability of
support, both community and professional, staff, and the competency threshold
(or "learning curve") which is the knowledge you need to contribute
meaningfully. The latter is one of the most important, especially since the
vast majority of C/C++ programmers are not web developers, and doing something
wrong in C++ is a lot easier than in memory managed, interpreted languages.

------
pothibo
1997 called. They want their framework back.

~~~
pothibo
While I still stand by what I said, I want to add a clarification. Some
languages are good at some things while others are good at some other.

C/C++/etc are good for job intensive stuff that doesn't need fast maintenance
cycle.

Dynamic language are good as web server because of their flexibility and their
fast response time (In term of maintenance)

I wouldn't run an OS on Javascript and I wouldn't use C++ as a Javascript
replacement in the browser.

~~~
dakimov
Don't you think that first off you need to be an expert in all those
languages, in web-technologies, have vast experience and up to date knowledge
in all of that, to make such claims?

I'm pretty sure you just have wrong impression of C++, or to put it simply,
you don't know C++.

In what way does C++ have worse response time in terms of maintenance? What do
you mean exactly?

In general, statically typed compiled languages are better at refactoring than
dynamically typed interpreted ones. Changing programs in the latter without
fair test coverage means teetering on the brink of a catastrophe. Just
recently I have seen an article on HN claiming unmaintainability of dynamic
languages.

The truth is that every general purpose language is general purpose, and the
claim about language suitability is a commonplace and an overgeneralization.
You can do 3D games in JavaScript and client web apps in C++. Different
languages have different drawbacks and that _may_ limit their applications,
but C++ is _not_ targeted for OS development, and JavaScript is _not_ targeted
for web development, both are just general purpose languages.

Speaking of "low-levelness" of C++, with all the modern features and libraries
it is as high level as other languages, and in some aspects is even more high
level, e.g. JavaScript or Python have no corresponding means as the template
metaprogramming which is the high high level. C++ just _allows_ you to do low-
level manipulations, you are not required to.

There are many myths and prejudices against C++ caused by ignorance and
frustration of those who have not cracked it at a time.

~~~
gordaco
Exactly! C++, well used, is largely a _vertical_ language, not a low-level or
high-level one. That's why it's easy to create a fairly big system entirely in
C++. And having worked with such a system, I can say that it's quite
comfortable, in some ways that most so-called "higher-level" languages don't
offer. For example, your comment about refactoring is absolutely spot-on.

Most criticisms of C++ rely on outdated prejudices. Some people still think
that modern C++ code is rife with pointers to void and reinterpret_casts.

~~~
greyfade
To be fair, bad code still is, and it's more common than most of us would like
to admit.

------
mariusmg
What's next ? A OS written in Ruby ? _snark_

~~~
abhinavk
It's not a Content Management System. Read the article.

