
Software Engineering Institute Makes CERT C++ Coding Standard Freely Available - BudVVeezer
http://www.sei.cmu.edu/news/article.cfm?assetid=495412&article=081&year=2017
======
brakmic
[http://www.cert.org/downloads/secure-coding/assets/sei-
cert-...](http://www.cert.org/downloads/secure-coding/assets/sei-cert-cpp-
coding-standard-2016-v01.pdf)

~~~
rezzo
The SEI CERT C Coding Standard previously released:

[http://www.sei.cmu.edu/downloads/sei-cert-c-coding-
standard-...](http://www.sei.cmu.edu/downloads/sei-cert-c-coding-
standard-2016-v01.pdf)

------
mavam
It would be great to see such elaborate guidelines to be accompanied with an
integration into a linting tool, such as clang-tidy.

~~~
hermitdev
I thought there was a checker (based on clang) included by the CPP Core
Guidelines [0], but I'm not seeing it there currently. Must have been
external. I know I saw a tool that provided partial support, at least for GSL
[1] (MS's library support of the the CPP Core Guidelines).

[0]
[https://github.com/isocpp/CppCoreGuidelines](https://github.com/isocpp/CppCoreGuidelines)
[1] [https://github.com/microsoft/gsl/](https://github.com/microsoft/gsl/)

~~~
geokon
Maybe I'm misunderstanding your reply, but the GSL _is_ the checker. It adds
header constructs that create compile time errors based on bad practices. The
whole point is that there is no need for an external tool.

~~~
stinos
_the GSL is the checker_

Well it's a bunch of headers declaring useful types and functions. If you
don't use them the compiler won't complain and nothing is checked. I think the
OP means something like static analysis.

I found a note in my C++14/17 TODO list where I typed 'clang-tidy might be
able to give warnings for pre-c++14 constructs etc, see
[https://reviews.llvm.org/diffusion/L/browse/clang-tools-
extr...](https://reviews.llvm.org/diffusion/L/browse/clang-tools-
extra/trunk/clang-tidy/cppcoreguidelines/'). Don't have time now to figure out
what that is, but it's probably what the OP is after.

------
_pmf_
Pretty sane and modern when compared to other so called safety standards like
MISRA that are in fact rules to satisfy proprietary legacy compilers.

------
a3n
And C:
[http://www.cert.org/news/article.cfm?assetid=465486&article=...](http://www.cert.org/news/article.cfm?assetid=465486&article=182&year=2016)

------
sargun
I was really hoping the Wikipedia article on Roller Coasters was better. I
wanted to write a piece of prose paralleling roller coasters and programming
languages, but unfortunately, I have such little info to go on
([https://en.wikipedia.org/wiki/Roller_coaster](https://en.wikipedia.org/wiki/Roller_coaster)).

I feel like roller coasters started because people wanted to go fast, and this
crazy death contraption was the only way how. Subsequently, ride operators, in
order to avoid the death of their patrons, advised them not to stick their
limbs outside of the car. Unfortunately, this mechanism only reduced injuries,
but far from eliminated them. Not only do accidents occur because of the
actions of the riders themselves, but ride operators can pose introduce risk
not only by malice, but negligence. In extremely rare cases, riders can be
injured by compiler failures.

Roller coaster operators soon learned that these contraptions were
fundamentally unsafe, and the only way to induce safety was if the systems
which drove the coaster had safety as a fundamental concern. Therefore they
introduced these things like "PLCs" \-- a type of computer to make sure the
operators could only do so much to endanger the riders. In addition, by
following the basic rules of physics at build time of the coaster they further
increased safety. Since people have stopped building coasters that relied on
the rider's healthy sense of caution, and the operator's awareness of safety,
they've become one of the safest ways to enjoy oneself. Or at least this is
how I was hoping the story went.

------
Cyph0n
To anyone experienced with CERT C++: are there rules in the standard that are
critical for secure code, but not easy to discover without extensive
experience?

For instance, I went through the I/O section, and most of the rules seem quite
intuitive even to a novice C++ programmer like myself.

~~~
hermitdev
I've not read through the CERT C++ rules (yet), but I highly recommend reading
"Secure Coding in C and C++" [0]. Expectedly, there's a good discussion on
bounds checking. But, nearly half the book is dedicated to integer
underflow/overflow (and signed/unsigned) issues (which most devs either ignore
or are oblivious to). It's not a panacea, but if you're write C/C++ without
thinking about security and how things can go wrong, it can be a real eye
opener.

[0] [https://www.amazon.com/Secure-Coding-2nd-Software-
Engineerin...](https://www.amazon.com/Secure-Coding-2nd-Software-
Engineering/dp/0321822137/)

~~~
duneroadrunner
I haven't read the book. What's the gist of the recommendations for addressing
those issues? SaferCPlusPlus addresses the signed/unsigned issue by providing
compatible substitutes[1] for "int" and "size_t" that automatically handle it.
And it addresses the integer underflow/overflow issue by recommending another
compatible "int" substitute[2] and introducing the concept (but not yet the
implementation) of "quarantined" types for untrusted input values.

[1] [https://github.com/duneroadrunner/SaferCPlusPlus#cint-
csize_...](https://github.com/duneroadrunner/SaferCPlusPlus#cint-csize_t-and-
cbool)

[2]
[https://github.com/robertramey/safe_numerics](https://github.com/robertramey/safe_numerics)

~~~
hermitdev
A lot of it involves techniques for detecting that overflow will occur
(without actually doing the computation - because in C/C++, once you've signed
overflow, you're already into undefined behavior).

