SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 67 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c73dd102-0b5a-4d98-826f-c89b72f6d122"><ac:parameter ac:name="">Abrahams 10</ac:parameter></ac:structured-macro>[Abrahams 2010] Abrahams, David. Boost Library Error Handling Guidelines, #7, 2001-2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="38ba757a-78c2-40de-872f-8a29cb6f9b73"><ac:parameter ac:name="">Barney 10</ac:parameter></ac:structured-macro>[Barney 2010] Barney, Blaise. POSIX Threads Programming, Lawrence Livermore National Security, LLC, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bafed81f-0f1e-41b6-99cb-c111e729e59b"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c2826b9e-e78f-40a0-925f-aa7cd51287d5"><ac:parameter ac:name="">Becker 09</ac:parameter></ac:structured-macro>[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++, September 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ebbd55c9-81e3-417d-8c5e-264e4455dcf2"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>[Black 2007] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9fea7ae-bd9c-4e48-8cf0-359b2605b5f8"><ac:parameter ac:name="">Cline 09</ac:parameter></ac:structured-macro>[Cline 2009] Cline, Marshall. C++ FAQ Lite - Frequently Asked Questions 1991-2009

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="50908548-3c25-4be2-853e-869fddcfeddf"><ac:parameter ac:name="">CWE</ac:parameter></ac:structured-macro> [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63ff6732-5ce6-409a-97eb-e0f050b8e4b8"><ac:parameter ac:name="">Dewhurst 03</ac:parameter></ac:structured-macro>[Dewhurst 2003] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="56266f04-b251-4d33-bab9-56d8b66bf67a"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2d06d9d3-65a6-4e68-80b0-7ec73d74c317"><ac:parameter ac:name="">Dowd 07</ac:parameter></ac:structured-macro>[Dowd 2007] Dowd, McDonald & Schuh. The Art of Software Security Assessment - Attacking delete and delete[] in C++. (2007)

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e286378b-57d8-43a1-9190-b60d7a8b3901"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>[Fortify 06] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2862b001-f911-4a39-8aa8-9b6c533d1073"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>[FSF 2005] Free Software Foundation. GCC online documentation. (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="71e560e3-fd90-46d2-a9e5-35ac52780edb"><ac:parameter ac:name="">Gamma 95</ac:parameter></ac:structured-macro>[Gamma 1995] Gamma, Helm, Vlissides, and Johnson. Design Patterns Elements of Reusable Object Oriented Software. Addison Wesley, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="653d4fb9-c40f-4df7-a94e-0ce74df7f447"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="63eb226f-8baf-4e2c-95f2-a731156daaf5"><ac:parameter ac:name="">Graff 03</ac:parameter></ac:structured-macro>[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9554bf8-db82-4173-a1e1-c5c36a62595f"><ac:parameter ac:name="">Henricson 97</ac:parameter></ac:structured-macro>[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ae79fd20-0255-45c3-9104-a1ad8a8f3a29"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1bb5c2cc-f813-4200-8a94-54eaebd04812"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4c71f24c-16b7-445b-ae4f-93bfbe7affd5"><ac:parameter ac:name="">ISO/IEC 14882-1998</ac:parameter></ac:structured-macro>[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="083fee57-6242-42d5-88dc-a2a22ed47d52"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9b9adafa-46cd-4676-ad66-5bad1c9fe827"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>[ISO/IEC DTR 24772] ISO/IEC DTR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="693fa6f4-8e1e-4ee8-b362-0b0d283b10a1"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cb5879cf-9bd3-48f4-a79e-672a71d7990a"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>[Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4767aa9-372e-43e9-8c87-e28d39afe224"><ac:parameter ac:name="">Meyers 95</ac:parameter></ac:structured-macro>[Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="adce7e63-018b-4a19-9dc3-73833c3eaa04"><ac:parameter ac:name="">Meyers 96</ac:parameter></ac:structured-macro>[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f4cd88a3-83d9-4b83-8fcb-2baa95d00282"><ac:parameter ac:name="">Meyers 97</ac:parameter></ac:structured-macro>[Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f2cbd15a-e7f1-4e30-8ff3-917ae67b20cb"><ac:parameter ac:name="">Meyers 01</ac:parameter></ac:structured-macro>[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="07e3cddf-6ab6-4220-b544-eafc3b525ad3"><ac:parameter ac:name="">Meyers 05</ac:parameter></ac:structured-macro>[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7f2f05ff-6c89-4553-9eb1-722a52984c61"><ac:parameter ac:name="">Microsoft 10</ac:parameter></ac:structured-macro>[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21aab427-b3c0-4760-a6f2-18cdb3d81194"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>[MISRA 2004] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0243fac2-cd6a-4bbd-9534-7cee10146ae4"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>[MISRA 2008] MIRA Limited. "MISRA C++: 2008 "Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="49a0fce2-4487-41d8-8ce0-e6b4a01c9120"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5120d8b4-cadf-4ac9-9b58-e3a57b363a8c"><ac:parameter ac:name="">MITRE 08a</ac:parameter></ac:structured-macro>[MITRE 2008a] MITRE. CWE ID 327, "Use of a Broken or Risky Cryptographic Algorithm," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c8b876d-b3e3-478d-a74a-2e01bc11488c"><ac:parameter ac:name="">MITRE 08b</ac:parameter></ac:structured-macro>[MITRE 2008b] MITRE. CWE ID 330, "Use of Insufficiently Random Values," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b9b8cc28-a3c6-43bc-8e7a-4d87c304c516"><ac:parameter ac:name="">MSDN 10</ac:parameter></ac:structured-macro>[MSDN 2010] MSDN. "CryptGenRandom Function."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd3d3c98-30cc-4c8f-bf1f-9476ea669f6d"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>[NIST 2006] NIST. SAMATE Reference Dataset (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="69dfbe9e-9e1d-4a8d-a316-a19058dea604"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5ec7b356-e2d7-4847-b572-8595babe1bb0"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="faaf410e-4369-4f38-bc7c-e469136e109d"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53af0424-28e6-4264-8692-bc5c726870e3"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>[Open Group 2008] The Open Group. "The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition." (2008).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6ab8e16-b65d-42bd-aa3b-c3f1b63ae6fb"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e1d52781-0022-4b7d-b56c-01b1cd512238"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4e454940-c235-4f72-bf10-4a2f6e087142"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cd63b53a-fe60-4660-8745-101632869633"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>[Open Group 2004] The Open Group. "The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition." (2004).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="35ab0938-3d1b-4b64-a7f9-34479c586717"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., November 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d9832932-d5a2-4a93-88ca-8cdfd7234503"><ac:parameter ac:name="">Quinlan 06</ac:parameter></ac:structured-macro>[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," 27-35. NIST Special Publication 500-262, Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="adce0977-a71e-4cd3-bffd-9c04b2b4c2d8"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>[Saks 1999] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="50130de5-1c41-4357-b43d-f69d2e11359d"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>[Saks 2007] Saks, Dan. "Sequence Points" Embedded Systems Design, 07/01/02.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e9f9f00d-cdbc-4e08-9c97-ec49ca160b0f"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro>[Seacord 2005] Seacord, R. Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, 2006 (ISBN 0321335724).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf1e774a-e28b-4413-b243-d1272bf5a29a"><ac:parameter ac:name="">Sebor 04</ac:parameter></ac:structured-macro>[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68, Issue 475, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2cdafd28-7b50-44b0-92ce-178c5eef990e"><ac:parameter ac:name="">SGI 06</ac:parameter></ac:structured-macro>[SGI 2006] Silicon Graphics, Inc. "basic_string<charT, traits, Alloc>." Standard Template Library Programmer's Guide, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b43dd2ea-7afa-4a7d-a38e-4f47ecca89a7"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>[Steele 1977] Steele, G. L. 1977. Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8879a5b-2918-4f54-8834-0a989c72975d"><ac:parameter ac:name="">Stroustrup 97</ac:parameter></ac:structured-macro>[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0201889544).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c0f2bc48-c880-46d3-b0fb-76f771c424b1"><ac:parameter ac:name="">Stroustrup 06</ac:parameter></ac:structured-macro>[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="febcd4e4-b3f0-4c00-80bc-80d9990e6412"><ac:parameter ac:name="">Stroustrup 01</ac:parameter></ac:structured-macro>[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques (2001).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2458022c-65eb-4861-9915-bd3095235625"><ac:parameter ac:name="">Sun 93</ac:parameter></ac:structured-macro>[Sun 1993] Sun Security Bulletin #00122, 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29d3c15c-c3ed-4d3d-a0ac-8cef9e7e4728"><ac:parameter ac:name="">Sutter 00</ac:parameter></ac:structured-macro>[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2000 (ISBN 0201615622).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c37067d8-5e61-4a72-9c89-244a743cdab1"><ac:parameter ac:name="">Sutter 01</ac:parameter></ac:structured-macro>[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2001 (ISBN 020170434).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fedff654-f9eb-4cf8-8b7a-34dc630ce81e"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e7441f7-acc3-404b-9f0d-99a1dd15e2e3"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="377aa618-8db3-4699-b751-8b4c657efdc9"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>[Warren 2002] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4370591e-02f7-4716-b0a7-f79fd7c9e541"><ac:parameter ac:name="">Williams 10</ac:parameter></ac:structured-macro>[Williams 2010] Williams, Anthony. Simpler Multithreading in C++0x, Internet.com, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b76e8997-8634-452a-a4ff-f76b44b7a139"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>[xorl 2009] xorl. xorl %eax, %eax.

  • No labels