1<?xml version="1.0" encoding="UTF-8"?> 2<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> 4<section id="safe_numerics.bibliography"> 5 <title>Bibliography</title> 6 7 <bibliography> 8 <biblioentry id="coker"> 9 <abbrev>Coker</abbrev> 10 11 <author> 12 <firstname>Zack</firstname> 13 14 <surname>Coker</surname> 15 </author> 16 17 <author> 18 <firstname>Samir</firstname> 19 20 <surname>Hasan</surname> 21 </author> 22 23 <author> 24 <firstname>Jeffrey</firstname> 25 26 <surname>Overbey</surname> 27 </author> 28 29 <author> 30 <firstname>Munawar</firstname> 31 32 <surname>Hafiz</surname> 33 </author> 34 35 <author> 36 <firstname>Christian</firstname> 37 38 <surname>Kästner</surname> 39 </author> 40 41 <title> 42 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 43 <ulink 44 url="https://www.cs.cmu.edu/~ckaestne/pdf/csse14-01.pdf">Integers In 45 C: An Open Invitation To Security Attacks?</ulink> 46 </ulink> 47 </title> 48 49 <publishername> 50 <ulink url="http://www.open-std.org/jtc1/sc22/wg21/">JTC1/SC22/WG21 - 51 The C++ Standards Committee - ISOCPP</ulink> 52 </publishername> 53 54 <date>January 15, 2012</date> 55 </biblioentry> 56 57 <biblioentry id="cook"> 58 <abbrev>Cook</abbrev> 59 60 <author> 61 <firstname>John D.</firstname> 62 63 <surname>Cook</surname> 64 </author> 65 66 <title> 67 <ulink 68 url="https://www.johndcook.com/blog/ieee_exceptions_in_cpp/">IEEE 69 floating-point exceptions in C++</ulink> 70 </title> 71 </biblioentry> 72 73 <biblioentry id="crowl"> 74 <abbrev>Crowl</abbrev> 75 76 <author> 77 <firstname>Lawrence</firstname> 78 79 <surname>Crowl</surname> 80 </author> 81 82 <title> 83 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 84 <ulink 85 url="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2012/n3352.html">C++ 86 Binary Fixed-Point Arithmetic</ulink> 87 </ulink> 88 </title> 89 90 <publishername> 91 <ulink url="http://www.open-std.org/jtc1/sc22/wg21/">JTC1/SC22/WG21 - 92 The C++ Standards Committee - ISOCPP</ulink> 93 </publishername> 94 95 <date>January 15, 2012</date> 96 </biblioentry> 97 98 <biblioentry id="crowl2"> 99 <abbrev>Crowl & Ottosen</abbrev> 100 101 <author> 102 <firstname>Lawrence</firstname> 103 104 <surname>Crowl</surname> 105 </author> 106 107 <author> 108 <surname>Thorsten Ottosen</surname> 109 </author> 110 111 <title> 112 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 113 <ulink 114 url="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2006/n1962.html">Proposal 115 to add Contract Programming to C++</ulink> 116 </ulink> 117 </title> 118 119 <publishername> 120 <ulink url="http://www.open-std.org/jtc1/sc22/wg21/">WG21/N1962 and 121 J16/06-0032 - The C++ Standards Committee - ISOCPP</ulink> 122 </publishername> 123 124 <date>February 25, 2006</date> 125 </biblioentry> 126 127 <biblioentry id="dietz"> 128 <abbrev>Dietz</abbrev> 129 130 <author> 131 <firstname>Will</firstname> 132 133 <surname>Dietz</surname> 134 </author> 135 136 <author> 137 <firstname>Peng</firstname> 138 139 <surname>Li</surname> 140 </author> 141 142 <author> 143 <firstname>John</firstname> 144 145 <surname>Regehr</surname> 146 </author> 147 148 <author> 149 <firstname>Vikram</firstname> 150 151 <surname>Adve</surname> 152 </author> 153 154 <title> 155 <ulink 156 url="http://www.cs.utah.edu/~regehr/papers/overflow12.pdf">Understanding 157 Integer Overflow in C/C++</ulink> 158 </title> 159 160 <publishername> 161 <ulink 162 url="http://dl.acm.org/citation.cfm?id=2337223&picked=prox">Proceedings 163 of the 34th International Conference on Software Engineering (ICSE), 164 Zurich, Switzerland</ulink> 165 </publishername> 166 167 <date>June 2012</date> 168 </biblioentry> 169 170 <biblioentry id="garcia"> 171 <abbrev>Garcia</abbrev> 172 173 <author> 174 <firstname>J. Daniel</firstname> 175 176 <surname>Garcia</surname> 177 </author> 178 179 <title> 180 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 181 <ulink 182 url="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n4293.pdf">C++ 183 language support for contract programming</ulink> 184 </ulink> 185 </title> 186 187 <publishername> 188 <ulink url="http://www.open-std.org/jtc1/sc22/wg21/">WG21/N4293 - The 189 C++ Standards Committee - ISOCPP</ulink> 190 </publishername> 191 192 <date>December 23, 2014</date> 193 </biblioentry> 194 195 <biblioentry id="goldberg"> 196 <abbrev>Goldberg</abbrev> 197 198 <author> 199 <firstname>David</firstname> 200 201 <surname>Goldberg</surname> 202 </author> 203 204 <title> 205 <ulink 206 url="https://docs.oracle.com/cd/E19957-01/806-3568/ncg_goldberg.html">What 207 Every Computer Scientist Should Know About Floating-Point 208 Arithmetic</ulink> 209 </title> 210 211 <publishername> 212 <ulink url="https://csur.acm.org/index.cfm">ACM Computing 213 Surveys</ulink> 214 </publishername> 215 216 <date>March, 1991</date> 217 </biblioentry> 218 219 <biblioentry id="katz"> 220 <abbrev>Katz</abbrev> 221 222 <author> 223 <firstname>Omer</firstname> 224 225 <surname>Katz</surname> 226 </author> 227 228 <title> 229 <ulink 230 url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?">SafeInt 231 code proposal</ulink> 232 </title> 233 234 <publishername> 235 <ulink 236 url="https://groups.google.com/a/isocpp.org/forum/?fromgroups#!forum/std-proposals">Boost 237 Developer's List</ulink> 238 </publishername> 239 240 <abstract> 241 <para>Posts of various authors regarding a proposed SafeInt library 242 for boost</para> 243 </abstract> 244 </biblioentry> 245 246 <biblioentry id="keaton"> 247 <author> 248 <firstname>David</firstname> 249 250 <surname>Keaton</surname> 251 </author> 252 253 <author> 254 <firstname>Thomas</firstname> 255 256 <surname>Plum</surname> 257 </author> 258 259 <author> 260 <firstname>Robert</firstname> 261 262 <othername>C.</othername> 263 264 <surname>Seacord</surname> 265 </author> 266 267 <author> 268 <firstname>David</firstname> 269 270 <surname>Svoboda</surname> 271 </author> 272 273 <author> 274 <firstname>Alex</firstname> 275 276 <surname>Volkovitsky</surname> 277 </author> 278 279 <author> 280 <firstname>Timothy</firstname> 281 282 <surname>Wilson</surname> 283 </author> 284 285 <title> 286 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 287 <ulink 288 url="http://resources.sei.cmu.edu/asset_files/TechnicalNote/2009_004_001_15074.pdf">As-if 289 Infinitely Ranged Integer Model</ulink> 290 </ulink> 291 </title> 292 293 <publishername> 294 <ulink url="http://www.sei.cmu.edu">Software Engineering 295 Institute</ulink> 296 </publishername> 297 298 <volumenum>CMU/SEI-2009-TN-023</volumenum> 299 300 <abstract> 301 <para>Presents a model for addressing integer overflow errors.</para> 302 </abstract> 303 </biblioentry> 304 305 <biblioentry id="leblanc1"> 306 <abbrev>LeBlanc</abbrev> 307 308 <author> 309 <firstname>David</firstname> 310 311 <surname>LeBlanc</surname> 312 </author> 313 314 <title> 315 <ulink 316 url="https://msdn.microsoft.com/en-us/library/ms972705.aspx">Integer 317 Handling with the C++ SafeInt Class</ulink> 318 </title> 319 320 <publishername> 321 <ulink url="https://www.cert.org">Microsoft Developer Network</ulink> 322 </publishername> 323 324 <date>January 7, 2004</date> 325 </biblioentry> 326 327 <biblioentry id="leblanc2"> 328 <abbrev>LeBlanc</abbrev> 329 330 <author> 331 <firstname>David</firstname> 332 333 <surname>LeBlanc</surname> 334 </author> 335 336 <title> 337 <ulink url="https://safeint.codeplex.com">SafeInt</ulink> 338 </title> 339 340 <publishername> 341 <ulink url="https://www.cert.org">CodePlex</ulink> 342 </publishername> 343 344 <date>Dec 3, 2014</date> 345 </biblioentry> 346 347 <biblioentry id="lions"> 348 <abbrev>Lions</abbrev> 349 350 <author> 351 <firstname>Jacques-Louis</firstname> 352 353 <surname>Lions</surname> 354 </author> 355 356 <title> 357 <ulink 358 url="https://en.wikisource.org/wiki/Ariane_501_Inquiry_Board_report">Ariane 359 501 Inquiry Board report</ulink> 360 </title> 361 362 <publishername> 363 <ulink 364 url="https://en.wikisource.org/wiki/Main_Page">Wikisource</ulink> 365 </publishername> 366 367 <date>July 19, 1996</date> 368 </biblioentry> 369 370 <biblioentry id="matthews"> 371 <abbrev>Matthews</abbrev> 372 373 <author> 374 <firstname>Hubert</firstname> 375 376 <surname>Matthews</surname> 377 </author> 378 379 <title> 380 <ulink url="https://accu.org/index.php/journals/324">CheckedInt: A 381 Policy-Based Range-Checked Integer</ulink> 382 </title> 383 384 <publishername> 385 <ulink url="https://accu.org/index.php">Overload Journal #58</ulink> 386 </publishername> 387 388 <date>December 2003</date> 389 </biblioentry> 390 391 <biblioentry id="mouawad"> 392 <abbrev>Mouawad</abbrev> 393 394 <author> 395 <firstname>Jad</firstname> 396 397 <surname>Mouawad</surname> 398 </author> 399 400 <title> 401 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 402 <ulink 403 url="http://www.nytimes.com/2015/05/01/business/faa-orders-fix-for-possible-power-loss-in-boeing-787.html?_r=0">F.A.A 404 Orders Fix for Possible Power Loss in Boeing 787</ulink> 405 </ulink> 406 </title> 407 408 <publishername>New York Times</publishername> 409 410 <date>April 30, 2015</date> 411 412 <abstract> 413 <para>Federal regulators will order operators of Boeing 787 414 Dreamliners to shut down the plane’s electrical power periodically 415 after Boeing discovered a software error that could result in a total 416 loss of power.</para> 417 </abstract> 418 </biblioentry> 419 420 <biblioentry id="plakosh"> 421 <abbrev>Plakosh</abbrev> 422 423 <author> 424 <firstname>Daniel</firstname> 425 426 <surname>Plakosh</surname> 427 </author> 428 429 <title> 430 <ulink 431 url="https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/coding/312-BSI.html">Safe 432 Integer Operations</ulink> 433 </title> 434 435 <publishername> 436 <ulink url="https://buildsecurityin.us-cert.gov">U.S. Department of 437 Homeland Security</ulink> 438 </publishername> 439 440 <date>May 10, 2013</date> 441 </biblioentry> 442 443 <biblioentry id="seacord1"> 444 <abbrev>Seacord</abbrev> 445 446 <author> 447 <firstname>Robert C.</firstname> 448 449 <surname>Seacord</surname> 450 </author> 451 452 <title> 453 <ulink 454 url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?">Secure 455 Coding in C and C++</ulink> 456 </title> 457 458 <edition>2nd Edition</edition> 459 460 <publishername>Addison-Wesley Professional</publishername> 461 462 <date>April 12, 2013</date> 463 464 <isbn>978-0321822130</isbn> 465 </biblioentry> 466 467 <biblioentry id="seacord2"> 468 <abbrev>INT30-C</abbrev> 469 470 <author> 471 <firstname>Robert C.</firstname> 472 473 <surname>Seacord</surname> 474 </author> 475 476 <title> 477 <ulink 478 url="https://www.securecoding.cert.org/confluence/display/seccode/INT32-C.+Ensure+that+operations+on+signed+integers+do+not+result+in+overflow?showComments=false">INT30-C. 479 Ensure that operations on unsigned integers do not wrap</ulink> 480 </title> 481 482 <publishername> 483 <ulink url="https://www.cert.org">Software Engineering Institute, 484 Carnegie Mellon University</ulink> 485 </publishername> 486 487 <date>August 17, 2014</date> 488 </biblioentry> 489 490 <biblioentry id="seacord3"> 491 <abbrev>INT32-C</abbrev> 492 493 <author> 494 <firstname>Robert C.</firstname> 495 496 <surname>Seacord</surname> 497 </author> 498 499 <title> 500 <ulink 501 url="https://www.securecoding.cert.org/confluence/display/c/INT30-C.+Ensure+that+unsigned+integer+operations+do+not+wrap">INT32-C. 502 Ensure that operations on signed integers do not result in 503 overflow</ulink> 504 </title> 505 506 <publishername> 507 <ulink url="https://www.cert.org">Software Engineering Institute, 508 Carnegie Mellon University</ulink> 509 </publishername> 510 511 <date>August 17, 2014</date> 512 </biblioentry> 513 514 <biblioentry id="stone"> 515 <abbrev>Stone</abbrev> 516 517 <author> 518 <firstname>David</firstname> 519 520 <surname>Stone</surname> 521 </author> 522 523 <title> 524 <ulink url="http://doublewise.net/c++/bounded/">C++ Bounded Integer 525 Library</ulink> 526 </title> 527 </biblioentry> 528 529 <biblioentry id="stroustrup"> 530 <abbrev>Stroustrup</abbrev> 531 532 <author> 533 <firstname>Bjarn</firstname> 534 535 <surname>Stroustrup</surname> 536 </author> 537 538 <title>The C++ Programming Language</title> 539 540 <edition>Fourth Edition</edition> 541 542 <publishername> 543 <ulink 544 url="http://www.open-std.org/jtc1/sc22/wg21/">Addison-Wesley</ulink> 545 </publishername> 546 547 <copyright> 548 <year>2014 by Pearson Education, Inc.</year> 549 </copyright> 550 551 <date>January 15, 2012</date> 552 </biblioentry> 553 554 <biblioentry id="forum"> 555 <abbrev>Forum</abbrev> 556 557 <author> 558 <surname>Forum Posts</surname> 559 </author> 560 561 <title> 562 <ulink url="http://www.cert.org/secure-coding/publications/books/secure-coding-c-c-second-edition.cfm?"> 563 <ulink 564 url="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2012/n3352.html">C++ 565 Binary Fixed-Point Arithmetic</ulink> 566 </ulink> 567 </title> 568 569 <publishername> 570 <ulink 571 url="https://groups.google.com/a/isocpp.org/forum/?fromgroups#!forum/std-proposals">ISO 572 C++ Standard Future Proposals</ulink> 573 </publishername> 574 575 <abstract> 576 <para>Posts of various authors regarding proposal to add safe integer 577 to C++ standard libraries</para> 578 </abstract> 579 </biblioentry> 580 </bibliography> 581</section> 582