SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 4

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 5

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: removed 'soundness' and 'completeness'

...

Although CERT recommends the use of an ISO/IEC TS 17961–conforming analyzer, the Software Engineering Institute, as a federally funded research and development center (FFRDC), is not in a position to endorse any particular vendor or tool. Vendors are encouraged to develop conforming analyzers, and users of this coding standard are free to evaluate and select whichever analyzers best suit their purposes.

...

False Positives and

...

False Negatives

It should be recognized that, in general, determining conformance to coding rules and recommendations is computationally undecidable. The precision of static analysis has practical limitations. For example, the halting theorem of computer science states that for every analysis tool that indicates whether a program terminates, there exists a program that the tool will not analyze correctly. Consequently, any property dependent on control flow—such as halting—may be indeterminate for some programs. A consequence of undecidability is that it may be impossible for any tool to determine statically whether a given guideline is satisfied in specific circumstances. The widespread presence of such code may also lead to unexpected results from an analysis tool.

...

To the greatest extent feasible, an analyzer should be minimize both complete false positives and sound false negatives with respect to enforceable guidelines. An analyzer is considered sound with respect to a specific guideline if it cannot give a false-positive result, meaning no false alarms. An analyzer is considered complete if it cannot issue false-negative results, meaning it finds all violations of the guideline within the entire program. The possibilities for a given guideline are outlined in the following figure.

Possibilities for a Given GuidelineImage Removed

...

Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Accordingly, developers must ensure that this trust is not misplaced. Ideally, trust should be achieved by the tool supplier running appropriate validation tests such as the Secure Coding Validation Suite.

...