SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 122

changes.mady.by.user Valery

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

When multiple threads can read or modify the same data, use synchronization techniques to avoid software flaws that can lead to security vulnerabilities. Data races can often result in abnormal termination or denial of service, but it is possible for them to result in more serious vulnerabilities. The C Standard, section 5.1.2.45, paragraph 25 35 [ISO/IEC 9899:20112024], says:

The execution of a program contains a data race if it contains two conflicting actions in different threads, at least one of which is not atomic, and neither happens before the other. Any such data race results in undefined behavior.

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

CON43-C

Medium

Probable

No

HighNo

P4

L3

Automated Detection

1765, 1766, 1770, 1771

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

read_data_race

write_data_race

Supported by sound analysis (data race alarm)
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
CONCURRENCY.DATARACE
CONCURRENCY.MAA
Data race
Multiple Accesses of Atomic
Coverity
Include Page
Coverity_V
Coverity_V
MISSING_LOCK (partial)Implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1765, C1766, C1770, C1771

C++1765, C++1766, C++1770, C++1771


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-CON43-a

Do not use global variable with different locks set

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

457

Partially supported: access is detected at the object level (not at the field level)

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule CON43-C

Checks for data race (rule fully covered)

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_vEnforced by MTA

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V1088

...

Taxonomy

Taxonomy item

Relationship

CWE 2.11CWE-366, Race condition within a thread2017-07-07: CERT: Exact

Bibliography

[ISO/IEC 9899:20112024]5.1.2.45, "Multi-threaded Executions and Data Races"
7.17.2, "Initialization"
[C99 Rationale 2003]
[Dowd 2006]Chapter 13, "Synchronization and State"
[Plum 2012]
[Seacord 2013]Chapter 8, "File I/O"

...