SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 69 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d67187b-75e9-4831-9a01-99abd760de03"><ac:parameter ac:name="">Abrahams 10</ac:parameter></ac:structured-macro>[Abrahams 2010] Abrahams, David. Boost Library Error Handling Guidelines, #7, 2001-2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e2c43fe-135f-4b9c-a448-0c25c584f03b"><ac:parameter ac:name="">Barney 10</ac:parameter></ac:structured-macro>[Barney 2010] Barney, Blaise. POSIX Threads Programming, Lawrence Livermore National Security, LLC, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f899644e-2d16-42a5-9472-ab403ec1347b"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1a5f4acf-5ef4-4135-a196-3545b903896d"><ac:parameter ac:name="">Becker 09</ac:parameter></ac:structured-macro>[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++, September 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e0693981-0171-4ba8-8483-bac5037d4476"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>[Black 2007] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94bd6723-6597-42c4-b91b-95a610e6d55e"><ac:parameter ac:name="">Cline 09</ac:parameter></ac:structured-macro>[Cline 2009] Cline, Marshall. C++ FAQ Lite - Frequently Asked Questions 1991-2009

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1226613c-b373-46d7-bfad-a55c8e67e52a"><ac:parameter ac:name="">CWE</ac:parameter></ac:structured-macro> [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53c862f9-33c6-42fa-810f-548a5580bf30"><ac:parameter ac:name="">Dewhurst 03</ac:parameter></ac:structured-macro>[Dewhurst 2003] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2b2ecb4e-e1d0-4dda-b80e-b37083239d1d"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0151c76d-9868-4f2a-b612-02dda26734d6"><ac:parameter ac:name="">Dowd 07</ac:parameter></ac:structured-macro>[Dowd 2007] Dowd, McDonald & Schuh. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e01a9314-7de6-4190-a542-69d44b05ac9d"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4032d699-a7b4-498e-ada4-0ccfae679d56"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>[FSF 2005] Free Software Foundation. GCC online documentation. (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6131a4ff-d9fe-4526-b523-fe9fa7b10d5e"><ac:parameter ac:name="">Gamma 95</ac:parameter></ac:structured-macro>[Gamma 1995] Gamma, Helm, Vlissides, and Johnson. Design Patterns Elements of Reusable Object Oriented Software. Addison Wesley, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aebc6402-eb81-4f3a-9718-dd94c9d5e771"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb76823a-4aa5-449f-9a9c-61420d7ec2cb"><ac:parameter ac:name="">Graff 03</ac:parameter></ac:structured-macro>[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef4278e5-3160-4c88-9829-79833691d55c"><ac:parameter ac:name="">Henricson 97</ac:parameter></ac:structured-macro>[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4904316a-dd11-40d7-a4a5-0e3a37fd8cb3"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d7652236-7d26-4574-8558-142195c46f46"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="514c0b30-3d37-4f66-9fbe-37d3c03fab89"><ac:parameter ac:name="">ISO/IEC 14882-1998</ac:parameter></ac:structured-macro>[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5de0a6f0-55c7-43a3-a90d-3b707d647559"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f397d4b8-57b2-4291-86c6-89ee6d557c0d"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>[ISO/IEC DTR 24772] ISO/IEC DTR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="13df57e7-1598-4996-96a6-a13ac99cf838"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cae93e41-b6a7-45a4-90ab-051bbc9949d7"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>[Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3f3ce9fa-87b7-44ee-a327-d4ef8358d985"><ac:parameter ac:name="">Meyers 95</ac:parameter></ac:structured-macro>[Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="679869b1-6a93-40ec-8687-e25bf3638a81"><ac:parameter ac:name="">Meyers 96</ac:parameter></ac:structured-macro>[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fb5ab5cb-49ef-47be-be07-ad45db746ca9"><ac:parameter ac:name="">Meyers 97</ac:parameter></ac:structured-macro>[Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="29837439-e983-4fb0-98fb-d7a68c797a11"><ac:parameter ac:name="">Meyers 01</ac:parameter></ac:structured-macro>[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f424ede-8b64-4529-9de9-458a45753977"><ac:parameter ac:name="">Meyers 05</ac:parameter></ac:structured-macro>[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4240f8a1-c21a-4068-be12-2b9702ba026c"><ac:parameter ac:name="">Microsoft 10</ac:parameter></ac:structured-macro>[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f661ac04-4bc1-40b8-a863-90e7e3c32c2d"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>[MISRA 2004] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e2852a59-d07c-4cfb-8552-718c1c5a4639"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>[MISRA 2008] MIRA Limited. "MISRA C++: 2008 "Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b742b5db-13c0-4c78-b430-dd045bbdffdf"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea3e75f7-5647-4260-bf69-b8abbd4452ff"><ac:parameter ac:name="">MITRE 08a</ac:parameter></ac:structured-macro>[MITRE 2008a] MITRE. CWE ID 327, "Use of a Broken or Risky Cryptographic Algorithm," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ffd7f578-0798-42de-ac6b-c535f15fb654"><ac:parameter ac:name="">MITRE 08b</ac:parameter></ac:structured-macro>[MITRE 2008b] MITRE. CWE ID 330, "Use of Insufficiently Random Values," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1cd2cd04-faec-4247-9254-1ee168047dfb"><ac:parameter ac:name="">MSDN 10</ac:parameter></ac:structured-macro>[MSDN 2010] MSDN. "CryptGenRandom Function."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d580fab4-1277-4270-8326-32dc7141c7db"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>[NIST 2006] NIST. SAMATE Reference Dataset, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="821e8ffb-cd76-4303-9577-a22a6a3d621f"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5711c5dc-5d7a-4470-9621-1d2fa33a6c51"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9166a077-32f0-45ce-aa1a-9673489f3aaf"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2408bf0d-a5a9-4a0e-b6ad-0212aaffe313"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="970a7f0b-bbec-4ad9-ab61-8ed38949c0f9"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b056149-a2fc-4346-8441-47afd2811c10"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eb58193b-763f-4dd5-91e1-3476b19b549f"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro> <ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="90798f47-e54c-4e03-8288-cb22cfaed023"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="041054f3-f9fb-4d77-a028-395a9941f9aa"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., November 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6d4d7c1f-d5fe-433a-a991-3a1d1dd1f530"><ac:parameter ac:name="">Quinlan 06</ac:parameter></ac:structured-macro>[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," 27-35. NIST Special Publication 500-262, Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0d59a33b-110e-4495-a16f-a59ab2580fdf"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>[Saks 1999] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c086907c-e454-4db5-9c57-164737c464e7"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>[Saks 2007] Saks, Dan. "Sequence Points" Embedded Systems Design, 07/01/02.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="94117bac-5d71-4c90-b32b-46b4bd162296"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro>[Seacord 2005] Seacord, R. Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, 2006 (ISBN 0321335724).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="54bd69fa-9da5-430a-b9f5-d340df3a7e11"><ac:parameter ac:name="">Sebor 04</ac:parameter></ac:structured-macro>[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68, Issue 475, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e366a816-5a4d-4bc6-a3ba-13bf0b455b2b"><ac:parameter ac:name="">SGI 06</ac:parameter></ac:structured-macro>[SGI 2006] Silicon Graphics, Inc. "basic_string<charT, traits, Alloc>." Standard Template Library Programmer's Guide, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="b82833ad-7cdc-4f7b-96d2-d46c0eae4726"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>[Steele 1977] Steele, G. L. 1977. Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="89139d42-6b67-4d4b-89b8-de650d657c9e"><ac:parameter ac:name="">Stroustrup 97</ac:parameter></ac:structured-macro>[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0201889544).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="5c87002c-be8c-4abe-99ef-27eb6c46f465"><ac:parameter ac:name="">Stroustrup 06</ac:parameter></ac:structured-macro>[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="31ff7a0c-25a8-4ff3-88e3-3bd2c7e91c04"><ac:parameter ac:name="">Stroustrup 01</ac:parameter></ac:structured-macro>[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques (2001).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8e2a599c-1699-4f4f-9540-28ae356d9833"><ac:parameter ac:name="">Sun 93</ac:parameter></ac:structured-macro>[Sun 1993] Sun Security Bulletin #00122, 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ef93b1ab-4481-4b5e-ba3a-0b7dc4a94d94"><ac:parameter ac:name="">Sutter 00</ac:parameter></ac:structured-macro>[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2000 (ISBN 0201615622).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="53ef6247-cfde-4d6b-b34b-c7fdb2930e73"><ac:parameter ac:name="">Sutter 01</ac:parameter></ac:structured-macro>[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2001 (ISBN 020170434).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3567432d-7947-462b-97a2-100cd67b68a6"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6a946855-06d7-4536-94de-cdb7538f9e01"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="4603e0c4-eb3b-4890-bdc4-6ee4d9e0b485"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>[Warren 2002] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="efee62b8-14ff-4f19-b3a5-2dd3a911e2c8"><ac:parameter ac:name="">Williams 10</ac:parameter></ac:structured-macro>[Williams 2010] Williams, Anthony. Simpler Multithreading in C++0x, Internet.com, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e8c34a17-80ae-487d-a63f-c5b53a79c2c9"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>[xorl 2009] xorl. xorl %eax, %eax.

  • No labels