SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 71 Next »

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="df6cc115-b2a7-484e-9a45-00fd39e3114d"><ac:parameter ac:name="">Williams 10</ac:parameter></ac:structured-macro>[Williams 2010] Williams, Anthony. Boost Library Thread, 2007-2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="976894e6-809b-464d-9b6e-e6796b77c165"><ac:parameter ac:name="">Abrahams 10</ac:parameter></ac:structured-macro>[Abrahams 2010] Abrahams, David. Boost Library Error Handling Guidelines, #7, 2001-2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="40df3be5-2050-44fc-9cb3-55f37c7a0324"><ac:parameter ac:name="">Barney 10</ac:parameter></ac:structured-macro>[Barney 2010] Barney, Blaise. POSIX Threads Programming, Lawrence Livermore National Security, LLC, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="aa458e23-61d4-4e90-9023-fbd4c50f13a4"><ac:parameter ac:name="">Becker 08</ac:parameter></ac:structured-macro>[Becker 2008] Becker, Pete. Working Draft, Standard for Programming Language C++, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2f2b7969-cbd8-4b83-b692-1c4c5a9ee304"><ac:parameter ac:name="">Becker 09</ac:parameter></ac:structured-macro>[Becker 2009] Becker, Pete Working Draft, Standard for Programming Language C++, September 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="44005e3c-df59-4562-8cdb-0cdd94314285"><ac:parameter ac:name="">Black 07</ac:parameter></ac:structured-macro>[Black 2007] Paul E. Black, Michael Kass, Michael Koo. Source Code Security Analysis Tool Functional Specification Version 1.0. Special Publication 500-268. Information Technology Laboratory (ITL), Software Diagnostics and Conformance Testing Division, May 2007. http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8b3688bf-36d2-4e33-b363-cd154820eee9"><ac:parameter ac:name="">Cline 09</ac:parameter></ac:structured-macro>[Cline 2009] Cline, Marshall. C++ FAQ Lite - Frequently Asked Questions 1991-2009

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea5f267e-78e5-496c-af64-92e6950d1b4c"><ac:parameter ac:name="">CWE</ac:parameter></ac:structured-macro> [CWE] MITRE. Common Weakness Enumeration – A Community-Developed Dictionary of Software Weakness Types.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7b0aa256-d840-40d7-bc83-0c93fdec4077"><ac:parameter ac:name="">Dewhurst 03</ac:parameter></ac:structured-macro>[Dewhurst 2003] Dewhurst, Stephen C. C++ Gotchas: Avoiding Common Problems in Coding and Design. Boston, MA: Addison-Wesley Professional, 2002.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="450ecf22-712d-4b5e-a771-909dba731817"><ac:parameter ac:name="">Dewhurst 05</ac:parameter></ac:structured-macro>[Dewhurst 2005] Dewhurst, Stephen C. C++ Common Knowledge: Essential Intermediate Programming. Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9f05151d-4502-48d8-8275-d01b204803f1"><ac:parameter ac:name="">Dowd 07</ac:parameter></ac:structured-macro>[Dowd 2007] Dowd, McDonald & Schuh. The Art of Software Security Assessment - Attacking delete and delete[] in C++, 2007.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6384d731-b14a-42bd-aaf8-0e9ec32275d7"><ac:parameter ac:name="">Fortify 06</ac:parameter></ac:structured-macro>[Fortify 2006] Fortify Software Inc. Fortify Taxonomy: Software Security Errors, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="f9ffb55a-04ab-41cc-a843-7f2ac2448417"><ac:parameter ac:name="">FSF 05</ac:parameter></ac:structured-macro>[FSF 2005] Free Software Foundation. GCC online documentation. (2005).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="587b3e9b-e77d-414f-b5e1-1a0489297cfe"><ac:parameter ac:name="">Gamma 95</ac:parameter></ac:structured-macro>[Gamma 1995] Gamma, Helm, Vlissides, and Johnson. Design Patterns Elements of Reusable Object Oriented Software. Addison Wesley, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="3dd4b991-da70-4580-82bc-6427ae947f10"><ac:parameter ac:name="">Goldberg 91</ac:parameter></ac:structured-macro>[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic. Sun Microsystems, March 1991.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c3bf26f7-65dc-441d-9e43-535a6e5401be"><ac:parameter ac:name="">Graff 03</ac:parameter></ac:structured-macro>[Graff 2003] Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Cambridge, MA: O'Reilly, 2003 (ISBN 0596002424).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="add4f664-94db-42fb-acac-bef33b280b05"><ac:parameter ac:name="">Henricson 97</ac:parameter></ac:structured-macro>[Henricson 1997] Henricson, Mats & Nyquist, Erik. Industrial Strength C++. Upper Saddle River, NJ: Prentice Hall PTR, 1997 (ISBN 0-13-120965-5).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="21bafaf0-6cb0-4070-8241-b82b780d7d45"><ac:parameter ac:name="">IEC 60812 2006</ac:parameter></ac:structured-macro>[IEC 60812 2006] Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA), 2nd ed. (IEC 60812). IEC, January 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a61c703d-d7c9-4dc8-96fc-b865011f270b"><ac:parameter ac:name="">ISO/IEC 9899-1999</ac:parameter></ac:structured-macro>[ISO/IEC 9899-1999] ISO/IEC 9899-1999. Programming Languages — C, Second Edition, 1999.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="9842b306-d238-4a90-b289-82b638b35050"><ac:parameter ac:name="">ISO/IEC 14882-1998</ac:parameter></ac:structured-macro>[ISO/IEC 14882-1998] ISO/IEC 14882-1998. Programming Languages — C++, First Edition, 1998.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="234ac085-f40c-431a-b026-0b8edea51a8d"><ac:parameter ac:name="">ISO/IEC 14882-2003</ac:parameter></ac:structured-macro>[ISO/IEC 14882-2003] ISO/IEC 14882-2003. Programming Languages — C++, Second Edition, 2003.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e03ae94-fda5-4803-ae64-894ea0c63be8"><ac:parameter ac:name="">ISO/IEC DTR 24772</ac:parameter></ac:structured-macro>[ISO/IEC DTR 24772] ISO/IEC DTR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, November 2009.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0e509a86-b62e-4b56-b6a7-b1d6aa4d48c6"><ac:parameter ac:name="">Lions 96</ac:parameter></ac:structured-macro>[Lions 1996] Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c79d8697-0195-495a-a81b-d838d622ac69"><ac:parameter ac:name="">Lockheed Martin 05</ac:parameter></ac:structured-macro>[Lockheed Martin 2005] Lockheed Martin. "Joint Strike Fighter Air Vehicle C++ Coding Standards for the System Development and Demonstration Program." Document Number 2RDU00001 Rev C., December 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="47f62bc1-9321-484c-82cb-747a50a0666e"><ac:parameter ac:name="">Meyers 95</ac:parameter></ac:structured-macro>[Meyers 1995] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley Professional, 1995.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="abf85d27-98d3-45f5-9ccb-ed867c80ee74"><ac:parameter ac:name="">Meyers 96</ac:parameter></ac:structured-macro>[Meyers 1996] Meyers, Scott. More Effective C++: 35 New Ways to Improve Your Programs and Designs. Boston, MA: Addison-Wesley, 1996.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="eda39d7d-fbea-4702-a3b8-c71a403bd274"><ac:parameter ac:name="">Meyers 97</ac:parameter></ac:structured-macro>[Meyers 1997] Meyers, Scott. Effective C++ : 55 Specific Ways to Improve Your Programs and Designs, 3rd ed. Boston, MA: Addison-Wesley Professional, 1997.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6e21523c-02cc-4ac0-b4bb-23eb353ad0f7"><ac:parameter ac:name="">Meyers 01</ac:parameter></ac:structured-macro>[Meyers 2001] Meyers, Scott. Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library. Boston, MA: Addison-Wesley Professional, 2001.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ee15292c-3732-4f53-a02a-cc048faed1c2"><ac:parameter ac:name="">Meyers 05</ac:parameter></ac:structured-macro>[Meyers 2005] Meyers, Scott. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition). Boston, MA: Addison-Wesley Professional, 2005.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6982706-6d8e-4c4b-b08a-566e11ea91a9"><ac:parameter ac:name="">Microsoft 10</ac:parameter></ac:structured-macro>[Microsoft 2010] STL std::string class causes crashes and memory corruption on multi-processor machines

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bf09e4be-e98b-490e-87a2-7148880cc7de"><ac:parameter ac:name="">MISRA 04</ac:parameter></ac:structured-macro>[MISRA 2004] MIRA Limited. "MISRA C: 2004 Guidelines for the Use of the C Language in Critical Systems." Warwickshire, UK: MIRA Limited, October 2004 (ISBN 095241564X).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="8da9d8bc-561a-4892-85cd-e872ee9e2087"><ac:parameter ac:name="">MISRA 08</ac:parameter></ac:structured-macro>[MISRA 2008] MIRA Limited. "MISRA C++: 2008 "Guidelines for the Use of the C++ Language in Critical Systems", ISBN 978-906400-03-3 (paperback), ISBN 978-906400-04-0 (PDF), June 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c6b23010-54d3-48fe-a573-a4be25b788f6"><ac:parameter ac:name="">MITRE 07</ac:parameter></ac:structured-macro>[MITRE 2007] MITRE. Common Weakness Enumeration, Draft 9, April 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="cc378bbd-3316-4d5e-b5a2-cc20c0e174fb"><ac:parameter ac:name="">MITRE 08a</ac:parameter></ac:structured-macro>[MITRE 2008a] MITRE. CWE ID 327, "Use of a Broken or Risky Cryptographic Algorithm," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c5cafe4-2b52-4fd9-8142-ad4f64a00de6"><ac:parameter ac:name="">MITRE 08b</ac:parameter></ac:structured-macro>[MITRE 2008b] MITRE. CWE ID 330, "Use of Insufficiently Random Values," 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="01842f71-82a8-4758-803d-c327ee46cddd"><ac:parameter ac:name="">MSDN 10</ac:parameter></ac:structured-macro>[MSDN 2010] MSDN. "CryptGenRandom Function."

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fe242c96-fdef-44c4-8423-49dcc0797f2e"><ac:parameter ac:name="">NIST 06</ac:parameter></ac:structured-macro>[NIST 2006] NIST. SAMATE Reference Dataset, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7c0a3597-d816-4ee5-b97f-dddfab6bb13a"><ac:parameter ac:name="">POSIX.1-2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="acd93d89-0f19-45f2-83ba-266fdbe7642e"><ac:parameter ac:name="">IEEE Std 1003.1-2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="552f8cd9-780b-4883-8324-00036494c2e3"><ac:parameter ac:name="">ISO/IEC 9945:2008</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="093e9564-579f-4a52-91d6-c5e353119ea3"><ac:parameter ac:name="">Open Group 08</ac:parameter></ac:structured-macro>[Open Group 2008] The Open Group. The Open Group Base Specifications Issue 7, IEEE Std 1003.1, 2008 Edition, 2008.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="fd63aafe-1770-496a-be63-2f77101560da"><ac:parameter ac:name="">POSIX.1-2004</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0198db96-6de0-49ab-aabe-c1a009ce4531"><ac:parameter ac:name="">IEEE Std 1003.1-2004</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="92d6f084-c11b-49d2-961f-4ca9cb0e5ac7"><ac:parameter ac:name="">ISO/IEC 9945:2003</ac:parameter></ac:structured-macro><ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a6a3a2e2-fd1d-4803-94ab-5c8a73f007bf"><ac:parameter ac:name="">Open Group 04</ac:parameter></ac:structured-macro>[Open Group 2004] The Open Group. The Open Group Base Specifications Issue 6, IEEE Std 1003.1, 2004 Edition, 2004.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="309457bc-8c4b-4583-94e0-cd1e7733bfc5"><ac:parameter ac:name="">Plum 91</ac:parameter></ac:structured-macro>[Plum 1991] Plum, Thomas. C++ Programming. Kamuela, HI: Plum Hall, Inc., November 1991 (ISBN 0911537104).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a09bba5b-d02c-453f-874b-7e96f58659e0"><ac:parameter ac:name="">Quinlan 06</ac:parameter></ac:structured-macro>[Quinlan 2006] Quinlan, Dan; Vuduc, Richard; Panas, Thomas; Härdtlein, Jochen; & Sæbjørnsen, Andreas. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++," 27-35. NIST Special Publication 500-262, Proceedings of the Static Analysis Summit. Gaithersburg, MD, July 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c9306d4a-3f47-4210-9dba-1de0efeeca54"><ac:parameter ac:name="">Saks 99</ac:parameter></ac:structured-macro>[Saks 1999] Dan Saks. const T vs.T const. Embedded Systems Programming. Pg. 13-16. February 1999. http://www.dansaks.com/articles/1999-02%20const%20T%20vs%20T%20const.pdf

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd553a4b-4c54-487e-8780-7e20ef0a7ea1"><ac:parameter ac:name="">Saks 07</ac:parameter></ac:structured-macro>[Saks 2007] Saks, Dan. "Sequence Points" Embedded Systems Design, 07/01/02.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d5896d27-9040-4690-a91c-30fd03fdd197"><ac:parameter ac:name="">Seacord 05</ac:parameter></ac:structured-macro>[Seacord 2005] Seacord, R. Secure Coding in C and C++. Upper Saddle River, NJ: Addison-Wesley, 2006 (ISBN 0321335724).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bcf92e45-77df-4514-800a-067f7875754a"><ac:parameter ac:name="">Sebor 04</ac:parameter></ac:structured-macro>[Sebor 2004] Sebor, Martin. C++ Standard Core Language Active Issues, Revision 68, Issue 475, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="74d110e6-2f32-4876-b241-a7c6becf64ad"><ac:parameter ac:name="">SGI 06</ac:parameter></ac:structured-macro>[SGI 2006] Silicon Graphics, Inc. "basic_string<charT, traits, Alloc>." Standard Template Library Programmer's Guide, 2006.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ea96f928-b72f-4007-a90d-14405ac91df5"><ac:parameter ac:name="">Steele 77</ac:parameter></ac:structured-macro>[Steele 1977] Steele, G. L. 1977. Arithmetic shifting considered harmful. SIGPLAN Not. 12, 11 (Nov. 1977), 61-69.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1b6e17f3-e5fb-4ebb-8590-3ab88a4325d7"><ac:parameter ac:name="">Stroustrup 97</ac:parameter></ac:structured-macro>[Stroustrup 1997] Stroustrup, Bjarne. The C++ Programming Language, Third Edition. Reading, MA: Addison-Wesley, 1997 (ISBN 0201889544).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0aa79ac9-8fd4-46b1-ab8c-585afe0befd2"><ac:parameter ac:name="">Stroustrup 06</ac:parameter></ac:structured-macro>[Stroustrup 2006] Stroustrup, Bjarne. C++ Style and Technique FAQ (2006).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="bddfe793-141c-4723-9db6-df707c386b53"><ac:parameter ac:name="">Stroustrup 01</ac:parameter></ac:structured-macro>[Stroustrup 2001] Stroustrup, Bjarne. Exception Safety: Concepts and Techniques (2001).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dfa8df65-83ad-4707-bd61-5ff875779cb5"><ac:parameter ac:name="">Sun 93</ac:parameter></ac:structured-macro>[Sun 1993] Sun Security Bulletin #00122, 1993.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c1ace8bd-66a0-45d6-9c4e-6e01e31b1fc6"><ac:parameter ac:name="">Sutter 00</ac:parameter></ac:structured-macro>[Sutter 2000] Sutter, Herb. Exceptional C++: 47 Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2000 (ISBN 0201615622).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="6f67b466-d0e4-4df0-ab41-cdb2582e2c06"><ac:parameter ac:name="">Sutter 01</ac:parameter></ac:structured-macro>[Sutter 2001] Sutter, Herb. More Exceptional C++: 40 New Engineering Puzzles, Programming Problems, and Solutions. Addison-Wesley Professional, 2001 (ISBN 020170434).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="2bff9dcd-f21f-4a79-b4ef-bf355e560f29"><ac:parameter ac:name="">Sutter 04</ac:parameter></ac:structured-macro>[Sutter 2004] Sutter, Herb & Alexandrescu, Andrei. C++ Coding Standards: 101 Rules, Guidelines, and Best Practices. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0321113586).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="c16e5f89-68ee-47bf-9c8e-1e3fc4888937"><ac:parameter ac:name="">Viega 03</ac:parameter></ac:structured-macro>[Viega 2003] Viega, John & Messier, Matt. Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More. Sebastopol, CA: O'Reilly, 2003 (ISBN 0-596-00394-3).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="e4a8c217-f842-4190-a646-8e3f6e4dddf8"><ac:parameter ac:name="">Warren 02</ac:parameter></ac:structured-macro>[Warren 2002] Warren, Henry S. Hacker's Delight. Boston, MA: Addison Wesley Professional. 2002 (ISBN 0201914654).

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="ca7c89cc-40b9-468d-a84e-095717ba9b52"><ac:parameter ac:name="">Williams 10</ac:parameter></ac:structured-macro>[Williams 2010] Williams, Anthony. Simpler Multithreading in C++0x, Internet.com, 2010.

<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="27f67a53-5fc3-4bb0-b1e5-2f2d6279f8b8"><ac:parameter ac:name=""> xorl 2009</ac:parameter></ac:structured-macro>[xorl 2009] xorl. xorl %eax, %eax.

  • No labels