SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The std::abort(), std::quick_exit(), and std::_Exit() functions are used to terminate the program in an immediate fashion. They do so without calling exit handlers registered with std::atexit() and without executing destructors for objects with automatic, thread, or static storage duration. How a system manages open streams when a program ends is implementation-defined [ISO/IEC 9899:1999]. Open streams with unwritten buffered data may or may not be flushed, open streams may or may not be closed, and temporary files may or may not be removed. Because these functions can leave external resources, such as files and network communications, in an indeterminate state, they should be called explicitly only in direct response to a critical error in the application. (See ERR50-CPP-EX1 for more information.)

...

Do not explicitly or implicitly call std::quick_exit(),  std::abort(), or std::_Exit(). When the default terminate_handler is installed or the current terminate_handler responds by calling std::abort() or std::_Exit(), do not explicitly or implicitly call std::terminate()Abnormal process termination is the typical vector for denial-of-service attacks.

The std::exit() function is more complex. The C++ Standard, [basic.start.main], paragraph 4, states:

Terminating the program without leaving the current block (e.g., by calling the function std::exit(int) (17.5)) does not destroy any objects with automatic storage duration (11.4.6). If std::exit is called to end a program during the destruction of an object with static or thread storage duration, the program has undefined behavior.

You may call It is acceptable to call a termination function that safely executes destructors and properly cleans up resources, such as std::exit() only in a program that has not yet initialized any objects with automatic storage duration.

Noncompliant Code Example

...

Allowing the application to abnormally terminate can lead to resources not being freed, closed, and so on. It is frequently a vector for denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR50-CPP

Low

Probable

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

stdlib-use
Partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.ABORT
BADFUNC.EXIT

Use of abort
Use of exit

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++5014
Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.TERMINATE
CERT.ERR.ABRUPT_TERM
LDRA tool suite
Include Page
LDRA_V
LDRA_V

122 S

Enhanced Enforcement

PRQA QA-
Parasoft C/C++test

Include Page

PRQA QA-C++_VPRQA QA-C++_V

4037, 4038, 4636, 4637

 

Parasoft_V
Parasoft_V

CERT_CPP-ERR50-a
CERT_CPP-ERR50-b
CERT_CPP-ERR50-c
CERT_CPP-ERR50-d
CERT_CPP-ERR50-e
CERT_CPP-ERR50-f
CERT_CPP-ERR50-g
CERT_CPP-ERR50-h
CERT_CPP-ERR50-i
CERT_CPP-ERR50-j
CERT_CPP-ERR50-k
CERT_CPP-ERR50-l
CERT_CPP-ERR50-m
CERT_CPP-ERR50-n

The execution of a function registered with 'std::atexit()' or 'std::at_quick_exit()' should not exit via an exception
Never allow an exception to be thrown from a destructor, deallocation, and swap
Do not throw from within destructor
There should be at least one exception handler to catch all otherwise unhandled exceptions
An empty throw (throw;) shall only be used in the compound-statement of a catch handler
Exceptions shall be raised only after start-up and before termination of the program
Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point
Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s)
Function called in global or namespace scope shall not throw unhandled exceptions
Always catch exceptions
Properly define exit handlers
The 'abort()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
Avoid throwing exceptions from functions that are declared not to throw
The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: ERR50-CPPChecks for implicit call to terminate() function (rule partially covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V667, V2014
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
stdlib-use
Partially checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

ERR51-CPP. Handle all exceptions
ERR55-CPP. Honor exception specifications
DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions

MITRE CWECWE-754, Improper Check for Unusual or Exceptional Conditions

Bibliography

[ISO/IEC 9899-2011]Subclause 7.20.4.1, "The abort Function"
Subclause 7.20.4.4, "The _Exit Function"
[ISO/IEC 14882-2014]

Subclause 15.5.1, "The std::terminate() Function"
Subclause 18.5, "Start and Termination" 

[MISRA
08
2008]Rule 15-3-2 (Advisory)
Rule 15-3-4 (Required)

...


...

Image Modified Image Modified Image Modified