abnormal termination [Open Group 08]
Abnormal termination occurs when requested by the abort()
function or when some signals are received. See also normal termination.
application binary interface
An interface between two independently compiled modules of a program. An Application Binary Interface document specifies a set of conventions such as the order and location of function arguments that compilers must adhere to in order to achieve interoperability between such modules.
asynchronous-safe [GNU Pth]
A function is asynchronous-safe, or asynchronous-signal safe, if it can be called safely and without side effects from within a signal handler context. That is, it must be able to be interrupted at any point and run linearly out of sequence without causing an inconsistent state. It must also function properly when global data might itself be in an inconsistent state. Some asynchronous-safe operations are listed here:
- Call the
signal()
function to reinstall a signal handler - Unconditionally modify a
volatile sig_atomic_t
variable (as modification to this type is atomic) - Call the
_Exit()
function to immediately terminate program execution - Invoke an asynchronous-safe function, as specified by your implementation
Few functions are asynchronous-safe. If a function performs any other operations, it is probably not asynchronous-safe.
availability [IEEE Std 610.12 1990]
The degree to which a system or component is operational and accessible when required for use. Often expressed as a probability.
basic exception safety [Stroustrup 01], [Sutter 00]
The basic exception safety guarantee is a property of an operation such that, if the operation terminates by raising an exception, it preserves program state invariants and prevents resource leaks. See also exception safety, strong exception safety, and no-throw guarantee.
condition predicate
An expression constructed from the variables of a function that must be true for a thread to be allowed to continue execution.
clang
An open source C and C++ compiler. More information can be found at http://clang.llvm.org/.
critical sections
Code that accesses shared data, and that would otherwise be protected from data races.
cv-qualify
A type that is qualified by either const
or volatile
.
data race [ISO/IEC N3000]
The execution of a program contains a data race if it contains two conflicting actions in different threads, at least one of which is not atomic, and neither happens before the other. Any such data race results in undefined behavior.
deadlock
A condition where one or more threads is unable to continue execution because it is blocked waiting for some thread (including itself) to satisfy some condition.
denial-of-service attack
An attempt to make a computer resource unavailable to its intended users.
diagnostic message [ISO/IEC 14882-2014]
A diagnostic message is a message belonging to an implementation-defined subset of the implementation’s message output. A diagnostic message may indicate a constraint violation or a valid but questionable language construct. Messages typically include the file name and line number pointing to the offending code construct. In addition, implementations also often indicate the severity of the problem. Although the C++ Standard does not specify any such requirement, the most severe problems often cause implementations to fail to fully translate a translation unit. Diagnostics output in such cases are termed errors. Other problems may cause implementations simply to issue a warning message and continue translating the rest of the program. See error message and warning message.
error message
A diagnostic message generated when source code is encountered that prevents an implementation from translating a translation unit. See diagnostic message and warning message.
error tolerance [IEEE Std 610.12 1990]
The ability of a system or component to continue normal operation despite the presence of erroneous inputs.
exception safety [Stroustrup 01]
An operation on an object is said to be exception safe if that operation leaves the object in a valid state when the operation is terminated by throwing an exception. See also basic exception safety, strong exception safety, and no-throw guarantee.
exploit [Seacord 05a]
An exploit is a piece of software or technique that takes advantage of a security vulnerability to violate an explicit or implicit security policy.
fail safe [IEEE Std 610.12 1990]
Pertaining to a system or component that automatically places itself in a safe operating mode in the event of a failure; for example, a traffic light that reverts to blinking red in all directions when normal operation fails.
fail soft [IEEE Std 610.12 1990]
Pertaining to a system or component that continues to provide partial operational capability in the event of certain failures; for example, a traffic light that continues to alternate between red and green if the yellow light fails.
fatal diagnostic
A diagnostic message which causes an implementation not to perform the translation.
fault tolerance [IEEE Std 610.12 1990]
The ability of a system or component to continue normal operation despite the presence of hardware or software faults.
free store [ISO/IEC 14882-2003]
Storage managed by the C++ allocation and deallocation functions ::operator new(std::size_t)
, ::operator delete(void*)
, their array forms ::operator new[](std::size_t)
, ::operator delete[](void*)
, overloads of said functions on std::nothrow_t
, any user-defined replacements for said functions, as well as any such functions defined as a member of a class. Storage in the free store is distinct from storage managed by the C functions calloc
, free
, malloc
, and realloc
.
freestanding implementation [ISO/IEC 14882-2003]
A freestanding implementation is one in which execution may take place without the benefit of an operating system, and has an implementation-defined set of libraries that includes certain language-support libraries. Also referred to as freestanding environment.
gcc
An open source C and C++ compiler. More information can be found at https://gcc.gnu.org/.
hosted implementation [ISO/IEC 14882-2003]
An implementation that is not freestanding. Program startup occurs at main()
, complex types are implemented, and all C++ standard library facilities are available. Also referred to as hosted environment.
ill-formed program [ISO/IEC 14882-2003]
A C++ program that is not well-formed, that is a program not constructed according to the syntax rules, diagnosable semantic rules, and the one-definition rule.
implementation [ISO/IEC 9899-1999]
Particular set of software, running in a particular translation environment under particular control options, that performs translation of programs for, and supports execution of functions in, a particular execution environment.
implementation-defined behavior [ISO/IEC 14882-2003]
Behavior, for a well-formed program construct and correct data, that depends on the implementation and that each implementation shall document.
incomplete type [ISO/IEC 14882-2003]
A type that describes objects but lacks information needed to determine their sizes.
indeterminate value [ISO/IEC 9899-1999]
Either an unspecified value or a trap representation.
invalid pointer
A pointer that is not a valid pointer.
libc++
An open source Standard Template Library (STL) implementation. More information can be found at http://libcxx.llvm.org/.
libstdc++
An open source Standard Template Library (STL) implementation. More information can be found at https://gcc.gnu.org/onlinedocs/libstdc++/.
liveness
Every operation or method invocation executes to completion without interruptions, even if it goes against safety.
locale-specific behavior [ISO/IEC 14882-2003]
Behavior that depends on local conventions of nationality, culture, and language that each implementation documents.
lvalue [ISO/IEC 9899-1999]
An lvalue is an expression with an object type or an incomplete type other than void
. The name lvalue comes originally from the assignment expression E1 = E2
in which the left operand E1
is required to be a (modifiable) lvalue. It is perhaps better considered as representing an object "locator value."
Microsoft Visual Studio
A commercial C and C++ compiler. More information can be found at https://www.visualstudio.com/.
Microsoft Visual Studio STL
A commercial Standard Template Library (STL) implementation. More information can be found at https://msdn.microsoft.com/en-us/library/cscc687y.aspx
mitigation [Seacord 05a]
Mitigations are methods, techniques, processes, tools, or runtime libraries that can prevent or limit exploits against vulnerabilities.
normal termination [Open Group 08]
Normal termination occurs by a return from main()
, when requested with the exit()
, _exit()
, or _Exit()
functions; or when the last thread in the process terminates by returning from its start function, by calling the pthread_exit()
function, or through cancellation. See also abnormal termination.
no-throw guarantee [Sutter 00]
The no-throw guarantee is a property of an operation such that it is guaranteed to complete successfully without raising or propagating an exception. See also exception safety, basic exception safety, and strong exception safety.
one-definition rule (ODR) [ISO/IEC 14882-2014]
A fundamental C++ rule that states that no translation unit shall contain more than one definition of any variable, function, class type, enumeration type or template, and that every program shall contain exactly one definition of every non-inline function or variable. Some definitions may be duplicated in multiple translation units, subject to strict rules.
ODR-use [ISO/IEC 14882-2014]
A function or object is ODR-used if the address of the entity is taken, the function is called, or a reference is bound to the object. When a function or object is ODR-used, its definition must exist within the program or else the program is ill-formed.
RAII (Resource Acquisition Is Initialization)
An acronym that stands for: Resource Acquisition Is Initialization. Holding a resource is a class invariant where the allocation of the resource (acquisition) is inseparable from the initialization of the object during its construction. Further, deallocation of the resource is performed during the destruction of the object. Thus, the resource is held when initialization completes and remains held until finalization begins, ensuring there are no resource leaks unless the object owning the resource is also leaked.
reentrant [Dowd 06]
A function is reentrant if multiple instances of the same function can run in the same address space concurrently without creating the potential for inconsistent states.
reliability [IEEE Std 610.12 1990]
The ability of a system or component to perform its required functions under stated conditions for a specified period of time.
restricted sink [ISO/IEC 9899:2011]
Operands and arguments whose domain is a subset of the domain described by their types.
robustness [IEEE Std 610.12 1990]
The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.
rvalue [ISO/IEC 9899-1999]
Value of an expression.
sanitize [ISO/IEC TS 17961:2013]
Assure by testing or replacement that a tainted or other value conforms to the constraints imposed by one or more restricted sinks into which it may flow.
NOTE
If the value does not conform, either the path is diverted to avoid using the value or a different, known-conforming value is substituted—for example, adding a null character to the end of a buffer before passing it as an argument to the strlen
function.
security flaw [Seacord 05a]
A security flaw is a software defect that poses a potential security risk.
security policy [Internet Society 00]
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
strong exception safety [Stroustrup 01], [Sutter 00]
The strong exception safety guarantee is a property of an operation such that, in addition to satisfying the basic exception safety guarantee, if the operation terminates by raising an exception it has no observable effects on program state. See also exception safety, basic exception safety, and no-throw guarantee.
SFINAE (Substitution Failure is Not An Error) (SFINAE)
A language rule applied by the compiler during overload resolution involving templates. In some contexts, when substituting a template type parameter fails, the specialization is discarded from the overload set instead of causing a compile error. This feature is used in template metaprogramming.
tainted source [ISO/IEC TS 17961:2013]
External source of untrusted data.
NOTE
Tainted sources include
- parameters to the
main()
function - the returned values from
localeconv()
,fgetc()
,getc
,getchar
,()
fgetwc
,()
getwc
, and()
getwchar
()
- the strings produced by
getenv
,()
fscanf
,()
vfscanf
()
,vscanf
,()
fgets
()
,fread
,()
fwscanf
()
,vfwscanf
,()
vwscanf
,()
wscanf
, and()
fgetws
()
- parameters to the
tainted value [ISO/IEC TS 17961:2013]
Value derived from a tainted source that has not been sanitized.
trap representation [ISO/IEC 9899-1999]
Object representation that does not represent a value of the object type. Attempting to read the value of an object that has a trap representation other than by an expression that has a character type is undefined. Producing such a representation by a side effect that modifies all or any part of the object other than by an expression that has a character type is undefined.
trust boundary
A boundary between a trusted execution context (or trusted data source) in which all sub-execution contexts (or data sources) are trusted by the system and a nontrusted execution context (or nontrusted data sink).
undefined behavior [ISO/IEC 14882-2003]
Behavior, such as might arise upon use of an erroneous program construct or erroneous data, for which the C++ Standard imposes no requirements. Undefined behavior may also be expected when the C++ Standard omits the description of any explicit definition of behavior, or defines the behavior to be ill-formed, with no diagnostic required.
unspecified behavior [ISO/IEC 14882-2003]
Behavior, for a well-formed program construct and correct data, that depends on the implementation. The implementation is not required to document which behavior occurs.
unspecified value [ISO/IEC 9899-1999]
A valid value of the relevant type where the C++ Standard imposes no requirements on which value is chosen in any instance. An unspecified value cannot be a trap representation.
valid pointer
A pointer that refers to an element within an array or one past the last element of an array. For the purposes of this definition, a pointer to an object that is not an element of an array behaves the same as a pointer to the first element of an array of length one with the type of the object as its element type. (Cf 6.5.8p3)
For the purposes of this definition, an object can be considered to be an array of a certain number of bytes; that number is the size of the object, as produced by the sizeof
operator.
validation [IEC 61508-4]
Confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use are fulfilled.
verification [IEC 61508-4]
Confirmation by examination and provision of objective evidence that the requirements have been fulfilled.
vtable
A common implementation technique to support dynamic method dispatch where a class object instance includes a hidden data member that is a pointer to an array of function pointers used to resolve virtual function calls at runtime.
vulnerability [Seacord 05a]
A vulnerability is a set of conditions that allows an attacker to violate an explicit or implicit security policy.
warning message
A diagnostic message generated when source code is encountered that does not prevent an implementation from translating a translation unit. See diagnostic message and error message.
well-formed program [ISO/IEC 14882-2003]
A C++ program constructed according to the syntax rules, diagnosable semantic rules, and the one-definition rule. See also ill-formed program.