SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 52

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

Wiki Markup
ISO/IEC PDTR 24772 Section 6.47, "REU Termination strategy" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\], says

Wiki Markup
Expectations that a system will be dependable are based on the confidence that the system will operate as expected and not fail in normal use. The dependability of a system and its fault tolerance can be measured through the component part's reliability, [availability|BB. Definitions#availability], safety and security. Reliability is the ability of a system or component to perform its required functions under stated conditions for a specified period of time \[[IEEE Std 610.12 1990|AA. C References#IEEE Std 610.12 1990]\]. Availability is how timely and reliable the system is to its intended users. Both of these factors matter highly in systems used for safety and security. In spite of the best intentions, systems will encounter a failure, either from internally poorly written software or external forces such as power outages/variations, floods, or other natural disasters. The reaction to a fault can affect the performance of a system and in particular, the safety and security of the system and its users.

Wiki Markup
Effective error handling (which includes error reporting, report aggregation, analysis, response, and recovery) is a central aspect of the design, implementation, maintenance, and operation of systems that exhibit survivability under stress.  Survivability is the capability of a system to fulfill its mission, in a timely manner, despite an attack, accident, or other stress that is outside the bounds of normal operation \[[Lipson 00|AA. C References#Lipson 00]\].  If full services can't be maintained under a given stress, survivable systems degrade gracefully, continue to deliver essential services, and recover full services as conditions permit.

Wiki Markup
Error reporting and error handling play a central role in the engineering and operation of survivable systems.  Survivability is an emergent property of a system as a whole \[[Fisher 99|AA. C References#Fisher 99]\] and depends on the behavior of all of the system's components and the interactions among them.  From the viewpoint of error handling, every system component, down to the smallest routine, can be considered to be a sensor capable of reporting on some aspect of the health of the system.  Any error (i.e., anomaly) ignored, or improperly handled, can threaten delivery of essential system services and as a result put at risk the organizational or business mission that the system supports.

...

Wiki Markup
ISO/IEC PDTR 24772 Section 6.47, "REU Termination strategy"  \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\], describes the following mitigation strategies:

...

Wiki Markup
\[[Fisher 99|AA. C References#Fisher 99]\]
\[[Horton 90|AA. C References#Horton 90]\] Section 11, p. 168, and Section 14, p. 254
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Sections 7.1.4, 7.9.10.4, and 7.11.6.2
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "REU Termination strategy" and "NZN Returning error status"
\[[Koenig 89|AA. C References#Koenig 89]\] Section 5.4, p. 73
\[[Lipson 00|AA. C References#Lipson 00]\]
\[[Lipson 06|AA. C References#Lipson 06]\]
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 16.1
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 391|http://cwe.mitre.org/data/definitions/391.html], "Unchecked Error Condition," [CWE ID 544|http://cwe.mitre.org/data/definitions/544.html], "Missing Error Handling Mechanism"
\[[Summit 05|AA. C References#Summit 05]\] C-FAQ Question 20.4

...