SEI CERT C++ Coding Standard by Aaron Ball...

SEI CERT C Coding Standard by Aaron Ballman (z-lib.org)【文件目录】Table of Contents1 Introduction 11.1 Scope 11.2 Audience 31.3 Usage 31.4 How this Coding Standard Is Organized 41.5 Relation to the CERT C Coding Standard 91.6 Rules Versus Recommendations 101.7 Tool Selection and Validation 111.8 Conformance Testing 121.9 Development Process 131.10 System Qualities 141.11 Automatically Generated Code 141.12 Government Regulations 151.13 Acknowledgments 172 Declarations and Initialization (DCL) 182.1 DCL50-CPP. Do not define a C-style variadic function 182.2 DCL51-CPP. Do not declare or define a reserved identifier 222.3 DCL52-CPP. Never qualify a reference type with const or volatile 282.4 DCL53-CPP. Do not write syntactically ambiguous declarations 312.5 DCL54-CPP. Overload allocation and deallocation functions as a pair in thesame scope 372.6 DCL55-CPP. Avoid information leakage when passing a class object across a trustboundary 412.7 DCL56-CPP. Avoid cycles during initialization of static objects 512.8 DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions 572.9 DCL58-CPP. Do not modify the standard namespaces 632.10 DCL59-CPP. Do not define an unnamed namespace in a header file 692.11 DCL60-CPP. Obey the one-definition rule 763 Expressions (EXP) 833.1 EXP50-CPP. Do not depend on the order of evaluation for side effects 833.2 EXP51-CPP. Do not delete an array through a pointer of the incorrect type 903.3 EXP52-CPP. Do not rely on side effects in unevaluated operands 923.4 EXP53-CPP. Do not read uninitialized memory 963.5 EXP54-CPP. Do not access an object outside of its lifetime 1013.6 EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type 1123.7 EXP56-CPP. Do not call a function with a mismatched language linkage 1173.8 EXP57-CPP. Do not cast or delete pointers to incomplete classes 120SEI CERT C CODING STANDARD (2016 EDITION) | V01 iiSoftware Engineering Institute | Carnegie Mellon University[DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution.3.9 EXP58-CPP. Pass an object of the correct type to va_start 1263.10 EXP59-CPP. Use offsetof() on valid types and members 1303.11 EXP60-CPP. Do not pass a nonstandard-layout type object across executionboundaries 1343.12 EXP61-CPP. A lambda object must not outlive any of its reference captured objects 1393.13 EXP62-CPP. Do not access the bits of an object representation that are not partof the object’s value representation 1423.14 EXP63-CPP. Do not rely on the value of a moved-from object 1474 Integers (INT) 1534.1 INT50-CPP. Do not cast to an out-of-range enumeration value 1535 Containers (CTR) 1575.1 CTR50-CPP. Guarantee that container indices and iterators are within the valid range 1575.2 CTR51-CPP. Use valid references, pointers, and iterators to reference elements of acontainer 1635.3 CTR52-CPP. Guarantee that library functions do not overflow 1705.4 CTR53-CPP. Use valid iterator ranges 1745.5 CTR54-CPP. Do not subtract iterators that do not refer to the same container 1775.6 CTR55-CPP. Do not use an additive operator on an iterator if the result would overflow 1825.7 CTR56-CPP. Do not use pointer arithmetic on polymorphic objects 1845.8 CTR57-CPP. Provide a valid ordering predicate 1895.9 CTR58-CPP. Predicate function objects should not be mutable 1936 Characters and Strings (STR) 1986.1 STR50-CPP. Guarantee that storage for strings has sufficient space for characterdata and the null terminator 1986.2 STR51-CPP. Do not attempt to create a std::string from a null pointer 2016.3 STR52-CPP. Use valid references, pointers, and iterators to reference elements of abasic_string 2056.4 STR53-CPP. Range check element access 2097 Memory Management (MEM) 2137.1 MEM50-CPP. Do not access freed memory 2137.2 MEM51-CPP. Properly deallocate dynamically allocated resources 2207.3 MEM52-CPP. Detect and handle memory allocation errors 2337.4 MEM53-CPP. Explicitly construct and destruct objects when manually managingobject lifetime 2387.5 MEM54-CPP. Provide placement new with properly aligned pointers to sufficientstorage capacity 2437.6 MEM55-CPP. Honor replacement dynamic storage management requirements 2497.7 MEM56-CPP. Do not store an already-owned pointer value in an unrelated smartpointer 2537.8 MEM57-CPP. Avoid using default operator new for over-aligned types 258SEI CERT C CODING STANDARD (2016 EDITION) | V01 iiiSoftware Engineering Institute | Carnegie Mellon University[DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution.8 Input Output (FIO) 2618.1 FIO50-CPP. Do not alternately input and output from a file stream without an interveningpositioning call 2618.2 FIO51-CPP. Close files when they are no longer needed 2649 Exceptions and Error Handling (ERR) 2679.1 ERR50-CPP. Do not abruptly terminate the program 2679.2 ERR51-CPP. Handle all exceptions 2739.3 ERR52-CPP. Do not use setjmp() or longjmp() 2769.4 ERR53-CPP. Do not reference base classes or class data members in a constructor ordestructor function-try-block handler 2809.5 ERR54-CPP. Catch handlers should order their parameter types from most derived toleast derived 2829.6 ERR55-CPP. Honor exception specifications 2849.7 ERR56-CPP. Guarantee exception safety 2889.8 ERR57-CPP. Do not leak resources when handling exceptions 2929.9 ERR58-CPP. Handle all exceptions thrown before main() begins executing 2989.10 ERR59-CPP. Do not throw an exception across execution boundaries 3039.11 ERR60-CPP. Exception objects must be nothrow copy constructible 3079.12 ERR61-CPP. Catch exceptions by lvalue reference 3129.13 ERR62-CPP. Detect errors when converting a string to a number 31610 Object Oriented Programming (OOP) 32010.1 OOP50-CPP. Do not invoke virtual functions from constructors or destructors 32010.2 OOP51-CPP. Do not slice derived objects 32510.3 OOP52-CPP. Do not delete a polymorphic object without a virtual destructor 33310.4 OOP53-CPP. Write constructor member initializers in the canonical order 33610.5 OOP54-CPP. Gracefully handle self-copy assignment 34010.6 OOP55-CPP. Do not use pointer-to-member operators to access nonexistentmembers 34510.7 OOP56-CPP. Honor replacement handler requirements 35010.8 OOP57-CPP. Prefer special member functions and overloaded operators toC Standard Library functions 35310.9 OOP58-CPP. Copy operations must not mutate the source object 360SEI CERT C CODING STANDARD (2016 EDITION) | V01 ivSoftware Engineering Institute | Carnegie Mellon University[DISTRIBUTION STATEMENT A] Approved for public release and unlimited distribution.11 Concurrency (CON) 36511.1 CON50-CPP. Do not destroy a mutex while it is locked 36511.2 CON51-CPP. Ensure actively held locks are released on exceptional conditions 36811.3 CON52-CPP. Prevent data races when accessing bit-fields from multiple threads 37111.4 CON53-CPP. Avoid deadlock by locking in a predefined order 37511.5 CON54-CPP. Wrap functions that can spuriously wake up in a loop 38011.6 CON55-CPP. Preserve thread safety and liveness when using condition variables 38511.7 CON56-CPP. Do not speculatively lock a non-recursive mutex that is already owned by thecalling thread 39112 Miscellaneous (MSC) 39512.1 MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers 39512.2 MSC51-CPP. Ensure your random number generator is properly seeded 39812.3 MSC52-CPP. Value-returning functions must return a value from all exit paths 40212.4 MSC53-CPP. Do not return from a function declared [[noreturn]] 40512.5 MSC54-CPP. A signal handler must be a plain old function 407Appendix A: Bibliography 411Appendix B: Definitions 419Appendix C: Related Guidelines 425Appendix D: Risk Assessments 427