SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user David Keaton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Code Block
#include <threads.h>
#include <stdbool.h>
 
extern bool until_finish(void);
extern mtx_t lock;
extern cnd_t condition;
 
void func(void) {
  if (thrd_success != mtx_lock(&lock)) {
    /* Handle error */
  }

  while (until_finish()) {  /* Predicate does not hold */
    if (thrd_success != cnd_wait(&condition, &lock)) {
      /* Handle error */
    }
  }
 
  /* Resume when condition holds */

  if (thrd_success != mtx_unlock(&lock)) {
    /* Handle error */
  }
}

...

This thread pauses execution using cnd_wait() and resumes when notified, presumably when the list has elements to be consumed. It is possible for the thread to be notified even if the list is still empty, perhaps because the notifying thread used cnd_broadcast(), which notifies all threads. Notification using cnd_broadcast() is frequently preferred over using cnd_signal(). (see See CON38-C. Preserve thread safety and liveness when using condition variables for more information.).

Note that a condition A condition predicate is typically the negation of the condition expression in the loop. In this noncompliant code example, the condition predicate for removing an element from a linked list is (list->next != NULL), whereas the condition expression for the while loop condition is (list->next == NULL).

...

Failure to enclose calls to the cnd_wait() or cnd_timedwait() functions inside a while loop can lead to indefinite blocking and denial of service (DoS).

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

CON36-C

Low

Unlikely

Medium

Yes

No

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.ICOL
CONCURRENCY.BADFUNC.CNDWAIT

Inappropriate Call Outside Loop
Use of Condition Variable Wait

Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-con36-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2027
Klocwork
Include Page
Klocwork_V
Klocwork_V

CERT.CONC.WAKE_IN_LOOP_C


Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-CON36-a

Wrap functions that can spuriously wake up in a loop

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule CON36-CChecks for situations where functions that can spuriously wake up are not wrapped in loop (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT Oracle Secure Coding Standard for JavaTHI03-J. Always invoke wait() and await() methods inside a loop

Bibliography

...

Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

...

[Lea 2000]

1.3.2, "Liveness"
3.2.2, "Monitor Mechanics"

...


...

Image Modified Image Modified Image Modified