I thought there was a checker (based on clang) included by the CPP Core Guidelines [0], but I'm not seeing it there currently. Must have been external. I know I saw a tool that provided partial support, at least for GSL [1] (MS's library support of the the CPP Core Guidelines).
I was really hoping the Wikipedia article on Roller Coasters was better. I wanted to write a piece of prose paralleling roller coasters and programming languages, but unfortunately, I have such little info to go on (https://en.wikipedia.org/wiki/Roller_coaster).
I feel like roller coasters started because people wanted to go fast, and this crazy death contraption was the only way how. Subsequently, ride operators, in order to avoid the death of their patrons, advised them not to stick their limbs outside of the car. Unfortunately, this mechanism only reduced injuries, but far from eliminated them. Not only do accidents occur because of the actions of the riders themselves, but ride operators can pose introduce risk not only by malice, but negligence. In extremely rare cases, riders can be injured by compiler failures.
Roller coaster operators soon learned that these contraptions were fundamentally unsafe, and the only way to induce safety was if the systems which drove the coaster had safety as a fundamental concern. Therefore they introduced these things like "PLCs" -- a type of computer to make sure the operators could only do so much to endanger the riders. In addition, by following the basic rules of physics at build time of the coaster they further increased safety. Since people have stopped building coasters that relied on the rider's healthy sense of caution, and the operator's awareness of safety, they've become one of the safest ways to enjoy oneself.
Or at least this is how I was hoping the story went.
To anyone experienced with CERT C++: are there rules in the standard that are critical for secure code, but not easy to discover without extensive experience?
For instance, I went through the I/O section, and most of the rules seem quite intuitive even to a novice C++ programmer like myself.
I'm currently working on a system that had no locking order defined (and no any other proper way to prevent or handle deadlocks) -- and looking at the face of my colleagues when I announced that, a good proportion (maybe even the majority) never heard about that kind of stuff before (and they typically have been programming for >5 years)
It disturbed me a little because this is the kind of stuff you learn in school, and they all have been there. Maybe they did not paid enough attention. Given the kind of programs we are writing, I could be rejecting candidates who don't cite deadlocks has a classic problem, and give a locking order as a classic solution to avoid them, even if they are right out of school.
All of that to say: IMO "novice" or "experienced" C++ programmer very often bear the risk of not really predicting the ability to write correct and maintainable code, because for the experienced ones, they can very well never have had any serious approach or mentors to get them to a decent mindset, while at the same time a smart and motivated novice can quickly figure out more and more of what matters, given some predispositions, a proper mentor, and/or a project inducing that.
If you find some of the CERT rules basic, you will quickly find most of them in that case. However, they are still useful to be used as a checklist, or for programmers who don't care enough about programming, or simply have been busy implementing piles of features in some kind of spaghetti code (and fixing 10% of the resulting bugs during 75% of their time) during a decade, etc.
I've not read through the CERT C++ rules (yet), but I highly recommend reading "Secure Coding in C and C++" [0]. Expectedly, there's a good discussion on bounds checking. But, nearly half the book is dedicated to integer underflow/overflow (and signed/unsigned) issues (which most devs either ignore or are oblivious to). It's not a panacea, but if you're write C/C++ without thinking about security and how things can go wrong, it can be a real eye opener.
I think it is pretty basic but with nice explanations, examples, it's pretty complete and it is free so you can basically hand it to someone willing to learn these things.
Some recommendations seem little bit like "don't make mistakes" but still I like it.
I've not got experience w/CERT C++, so caveats. IMO, the major utility in releasing these guidelines publicly is that developers of clang-tidy and other open source static checkers can freely access the guides that will allow them to check for compliance.
[+] [-] brakmic|9 years ago|reply
[+] [-] rezzo|9 years ago|reply
http://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-...
[+] [-] Jare|9 years ago|reply
[+] [-] mavam|9 years ago|reply
[+] [-] hermitdev|9 years ago|reply
[0] https://github.com/isocpp/CppCoreGuidelines [1] https://github.com/microsoft/gsl/
[+] [-] BudVVeezer|9 years ago|reply
[+] [-] EliRivers|9 years ago|reply
[+] [-] _pmf_|9 years ago|reply
[+] [-] a3n|9 years ago|reply
[+] [-] sargun|9 years ago|reply
I feel like roller coasters started because people wanted to go fast, and this crazy death contraption was the only way how. Subsequently, ride operators, in order to avoid the death of their patrons, advised them not to stick their limbs outside of the car. Unfortunately, this mechanism only reduced injuries, but far from eliminated them. Not only do accidents occur because of the actions of the riders themselves, but ride operators can pose introduce risk not only by malice, but negligence. In extremely rare cases, riders can be injured by compiler failures.
Roller coaster operators soon learned that these contraptions were fundamentally unsafe, and the only way to induce safety was if the systems which drove the coaster had safety as a fundamental concern. Therefore they introduced these things like "PLCs" -- a type of computer to make sure the operators could only do so much to endanger the riders. In addition, by following the basic rules of physics at build time of the coaster they further increased safety. Since people have stopped building coasters that relied on the rider's healthy sense of caution, and the operator's awareness of safety, they've become one of the safest ways to enjoy oneself. Or at least this is how I was hoping the story went.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] Cyph0n|9 years ago|reply
For instance, I went through the I/O section, and most of the rules seem quite intuitive even to a novice C++ programmer like myself.
[+] [-] temac|9 years ago|reply
It disturbed me a little because this is the kind of stuff you learn in school, and they all have been there. Maybe they did not paid enough attention. Given the kind of programs we are writing, I could be rejecting candidates who don't cite deadlocks has a classic problem, and give a locking order as a classic solution to avoid them, even if they are right out of school.
All of that to say: IMO "novice" or "experienced" C++ programmer very often bear the risk of not really predicting the ability to write correct and maintainable code, because for the experienced ones, they can very well never have had any serious approach or mentors to get them to a decent mindset, while at the same time a smart and motivated novice can quickly figure out more and more of what matters, given some predispositions, a proper mentor, and/or a project inducing that.
If you find some of the CERT rules basic, you will quickly find most of them in that case. However, they are still useful to be used as a checklist, or for programmers who don't care enough about programming, or simply have been busy implementing piles of features in some kind of spaghetti code (and fixing 10% of the resulting bugs during 75% of their time) during a decade, etc.
[+] [-] BudVVeezer|9 years ago|reply
It's easy to forget that alignment is important on some architectures (other than for performance reasons), so be careful when using placement new: https://www.securecoding.cert.org/confluence/display/cpluspl...
This may seem obvious, but even the C++ committee got this one wrong when they created auto_ptr (which has since been removed from the standard): https://www.securecoding.cert.org/confluence/display/cpluspl...
This one is totally obvious but has a stunning number of ways you can fail to adhere to it, some of which look reasonable at first blush: https://www.securecoding.cert.org/confluence/display/cpluspl...
[+] [-] hermitdev|9 years ago|reply
[0] https://www.amazon.com/Secure-Coding-2nd-Software-Engineerin...
[+] [-] koja86|9 years ago|reply
Some recommendations seem little bit like "don't make mistakes" but still I like it.
[+] [-] wyldfire|9 years ago|reply
Kudos to the SEI.
[+] [-] unknown|9 years ago|reply
[deleted]