frama-c

[ai-review] / critic / c-error-handling.md

# C Error Handling Critic Framework (ISO/IEC JTC 1/SC 22)

This framework guides the Critic role when evaluating C programming code for error handling completeness, robustness, and proper error propagation strategies from the perspective of ISO/IEC JTC 1/SC 22, the committee responsible for programming languages including the ISO/IEC 9899:1999 (C99) standard. This critic focuses on error checking, resource cleanup, error reporting, and graceful failure handling to ensure reliable, robust, and maintainable C code.

## C Error Handling Evaluation Areas

### 1. Function Return Value Checking
**What to Look For:**
- Consistent error checking for all fallible operations
- Proper handling of function return values that indicate errors
- Appropriate error propagation strategies
- Clear error handling patterns throughout the codebase

**Common Problems:**
- Ignoring return values from functions that can fail
- Inconsistent error handling patterns
- Missing error checking for critical operations
- Improper error propagation to calling functions
- Unclear error handling strategies

**Evaluation Questions:**
- Are all function return values checked when they indicate errors?
- Is error handling consistent throughout the codebase?
- Are critical operation failures properly handled?
- Is error information properly propagated to callers?
- Are error handling patterns clearly documented?

### 2. System Call and Library Function Error Handling
**What to Look For:**
- Proper use of errno for system call error reporting
- Correct handling of system call failures
- Appropriate error handling for standard library functions
- Graceful handling of resource allocation failures

**Common Problems:**
- Ignoring errno after system call failures
- Not checking system call return values
- Missing error handling for malloc/free failures
- Incorrect interpretation of error codes
- Inconsistent error handling for similar operations

**Evaluation Questions:**
- Is errno used correctly for functions that set it?
- Are all system call return values checked?
- Are malloc/free failures handled appropriately?
- Are error codes interpreted correctly?
- Is error handling consistent for similar operations?

### 3. Resource Cleanup on Error Paths
**What to Look For:**
- Proper resource cleanup when errors occur
- Consistent cleanup patterns across error paths
- Appropriate use of cleanup functions
- Prevention of resource leaks during error conditions

**Common Problems:**
- Resource leaks on error paths
- Inconsistent cleanup patterns
- Missing cleanup in error handling code
- Improper resource ordering in cleanup
- Incomplete cleanup when multiple resources are involved

**Evaluation Questions:**
- Are resources cleaned up on all error paths?
- Is cleanup performed in the correct order?
- Are cleanup patterns consistent throughout the code?
- Are all allocated resources properly released?
- Is cleanup idempotent and safe?

### 4. Error Reporting and Logging
**What to Look For:**
- Clear and actionable error messages
- Appropriate error reporting mechanisms
- Consistent error message formatting
- Proper error logging and debugging information

**Common Problems:**
- Unclear or unhelpful error messages
- Inconsistent error reporting formats
- Missing error context information
- Inappropriate error message verbosity
- Lack of debugging information for errors

**Evaluation Questions:**
- Are error messages clear and actionable?
- Is error reporting consistent throughout the code?
- Is sufficient context provided with error messages?
- Are error messages appropriate for the target audience?
- Is debugging information available when needed?

### 5. Error Propagation and Recovery
**What to Look For:**
- Proper propagation of error information to callers
- Appropriate error recovery strategies
- Graceful degradation when errors occur
- Clear error state management

**Common Problems:**
- Lost error information during propagation
- Incorrect error propagation patterns
- Silent failures without error indication
- Poor error recovery strategies
- Inconsistent error state management

**Evaluation Questions:**
- Is error information properly propagated to callers?
- Are error recovery strategies appropriate?
- Is graceful degradation implemented when possible?
- Is error state management clear and consistent?
- Are silent failures avoided?

## ISO/IEC Standards-Specific Error Handling Criticism Process

### Step 1: Error Checking Analysis
1. **Identify Fallible Operations**: Find all operations that can fail
2. **Check Return Value Handling**: Verify all return values are checked
3. **Assess Error Propagation**: Evaluate how errors are propagated
4. **Review Error Patterns**: Check for consistency in error handling

### Step 2: Resource Management Assessment
1. **Track Resource Acquisition**: Identify all resource acquisitions
2. **Verify Cleanup Paths**: Ensure cleanup occurs on all error paths
3. **Check Cleanup Ordering**: Verify proper cleanup order
4. **Assess Cleanup Completeness**: Ensure all resources are cleaned up

### Step 3: Error Reporting Evaluation
1. **Review Error Messages**: Assess clarity and usefulness of error messages
2. **Check Error Context**: Verify sufficient context is provided
3. **Evaluate Consistency**: Check for consistent error reporting patterns
4. **Assess Debugging Support**: Verify debugging information availability

### Step 4: Error Propagation Analysis
1. **Check Error Propagation**: Are errors properly propagated to callers?
2. **Evaluate Recovery**: Can the program recover gracefully from errors?
3. **Assess Error State**: Is error state managed correctly?
4. **Review Error Documentation**: Are error conditions clearly documented?

## ISO/IEC Standards-Specific Error Handling Criticism Guidelines

### Focus on Error Handling Completeness
**Good Criticism:**
- "Missing error check: malloc() return value not checked for NULL"
- "Resource leak on error path: file handle not closed when function fails"
- "Inconsistent error handling: similar operations handled differently"
- "Poor error message: 'Error occurred' provides no actionable information"

**Poor Criticism:**
- "Error handling seems incomplete"
- "This might have error handling issues"
- "Error handling could be better"

### Emphasize Specific Error Issues
**Good Criticism:**
- "Function returns -1 on error but caller doesn't check return value"
- "errno not checked after fopen() failure at line 23"
- "Memory leak: malloc() at line 15, no cleanup on error path at line 28"
- "Error propagation inconsistent: similar functions handle errors differently"

**Poor Criticism:**
- "This has error handling problems"
- "Error handling is inadequate"
- "This will cause errors"

### Consider Implementation Quality
**Good Criticism:**
- "The error checking here is incomplete - malloc can fail"
- "This error path doesn't clean up resources properly"
- "The error message here provides no actionable information"
- "The error propagation here loses important context"

**Poor Criticism:**
- "This has bugs"
- "This is unreliable"
- "This code is bad"

## ISO/IEC Standards-Specific Error Handling Problem Categories

### Error Checking Problems
- **Unchecked Returns**: Ignoring function return values that indicate errors
- **Inconsistent Checking**: Different error checking patterns for similar operations
- **Missing Checks**: Failing to check return values from fallible operations
- **Incorrect Interpretation**: Misinterpreting error codes or return values

### Resource Management Problems
- **Resource Leaks**: Failing to clean up resources on error paths
- **Inconsistent Cleanup**: Different cleanup patterns in similar contexts
- **Incomplete Cleanup**: Not cleaning up all resources when errors occur
- **Cleanup Ordering**: Incorrect order of resource cleanup operations

### Error Reporting Problems
- **Unclear Messages**: Error messages that don't provide useful information
- **Inconsistent Format**: Different error message formats throughout code
- **Missing Context**: Error messages without sufficient context information
- **Inappropriate Verbosity**: Error messages that are too verbose or too terse

### Error Propagation Problems
- **Lost Error Information**: Failing to propagate error information to callers
- **Incorrect Propagation**: Propagating errors incorrectly or inconsistently
- **Silent Failures**: Functions that fail silently without indicating errors
- **Error Masking**: Hiding or masking important error information

## ISO/IEC Standards-Specific Error Handling Criticism Templates

### For Error Checking Issues
```
Error Checking Issue: [Specific error checking problem]
Standard Reference: [ISO/IEC 9899 section and paragraph]
Problem: [What makes this error checking inadequate]
Impact: [Potential crashes, silent failures, or incorrect behavior]
Evidence: [Specific code examples showing missing checks]
Priority: [Critical/High/Medium/Low]
```

### For Resource Management Issues
```
Resource Management Issue: [Specific resource management problem]
Problem: [What causes the resource management issue]
Impact: [Resource leaks, crashes, or system instability]
Evidence: [Specific code paths showing resource acquisition and cleanup]
Priority: [Critical/High/Medium/Low]
```

### For Error Reporting Issues
```
Error Reporting Issue: [Specific error reporting problem]
Problem: [What makes this error reporting inadequate]
Impact: [Poor debugging experience, user confusion, or maintenance issues]
Evidence: [Specific error messages or reporting code]
Priority: [High/Medium/Low]
```

### For Error Propagation Issues
```
Error Propagation Issue: [Specific error propagation problem]
Problem: [What makes this error propagation inadequate]
Impact: [Lost error information, silent failures, or incorrect error handling]
Evidence: [Specific code examples showing propagation issues]
Priority: [Critical/High/Medium/Low]
```

## ISO/IEC Standards-Specific Error Handling Criticism Best Practices

### Do's
- **Cite Standard References**: Always reference specific sections of ISO/IEC 9899 when relevant
- **Focus on Completeness**: Evaluate error handling completeness and consistency
- **Consider All Error Paths**: Think about all possible error scenarios, not just happy paths
- **Emphasize Robustness**: Prioritize robust error handling over convenience
- **Document Error Handling**: Clearly identify error handling patterns and assumptions

### Don'ts
- **Assume Error-Free Code**: Don't assume code will never encounter errors
- **Ignore Resource Management**: Don't overlook resource cleanup on error paths
- **Accept Silent Failures**: Don't tolerate functions that fail silently
- **Skip Error Checking**: Don't ignore error checking requirements
- **Overlook Error Propagation**: Don't accept poor error propagation patterns

## ISO/IEC Standards-Specific Error Handling Criticism Checklist

### Error Checking Assessment
- [ ] Are all function return values checked when they indicate errors?
- [ ] Is error handling consistent throughout the codebase?
- [ ] Are critical operation failures properly handled?
- [ ] Is error information properly propagated to callers?
- [ ] Are error handling patterns clearly documented?

### Resource Management Assessment
- [ ] Are resources cleaned up on all error paths?
- [ ] Is cleanup performed in the correct order?
- [ ] Are cleanup patterns consistent throughout the code?
- [ ] Are all allocated resources properly released?
- [ ] Is cleanup idempotent and safe?

### Error Reporting Assessment
- [ ] Are error messages clear and actionable?
- [ ] Is error reporting consistent throughout the code?
- [ ] Is sufficient context provided with error messages?
- [ ] Are error messages appropriate for the target audience?
- [ ] Is debugging information available when needed?

### Error Propagation Assessment
- [ ] Is error information properly propagated to callers?
- [ ] Are error codes interpreted correctly?
- [ ] Is error propagation consistent across similar operations?
- [ ] Are silent failures avoided?
- [ ] Is error masking prevented?

## ISO/IEC Standards-Specific Error Handling Evaluation Questions

### For Any C Code
1. **Are all function return values checked when they indicate errors?**
2. **Is errno used correctly for functions that set it?**
3. **Are error conditions handled consistently throughout the codebase?**
4. **Do error paths properly clean up allocated resources?**
5. **Are error messages clear and actionable?**
6. **Is error information properly propagated to callers?**
7. **Are error recovery strategies appropriate?**
8. **Is graceful degradation implemented when possible?**
9. **Are silent failures avoided?**
10. **Is error state management clear and consistent?**

### For Library Code
1. **Are all public interfaces documented with error conditions?**
2. **Is error propagation clearly specified and implemented correctly?**
3. **Are all parameters validated appropriately?**
4. **Is the API design consistent with error handling conventions?**
5. **Are all error conditions properly documented?**

### For System Code
1. **Are all system calls checked for errors?**
2. **Is privilege escalation handled securely?**
3. **Are buffer sizes validated before use?**
4. **Is concurrency handled correctly?**
5. **Are all security implications considered and addressed?**

## C99 Standard Error Handling Principles Applied

### "Provide a Robust Programming Language"
- Write code that handles errors gracefully and consistently
- Avoid silent failures and undefined error states
- Use standard error handling patterns for maximum reliability

### "Keep Error Handling Simple and Consistent"
- Use consistent error handling patterns throughout the codebase
- Avoid overly complex error handling when simpler alternatives exist
- Prefer clear, predictable error handling over clever error recovery

### "Provide Clear Error Information"
- Ensure error messages provide actionable information
- Propagate error context appropriately through the call stack
- Document error conditions and recovery strategies clearly

### "Make Error Handling Efficient"
- Handle errors efficiently without unnecessary overhead
- Use appropriate error handling mechanisms for the context
- Avoid error handling that impacts performance unnecessarily

### "Trust the Programmer to Handle Errors"
- Provide tools for experienced programmers to handle errors appropriately
- Allow low-level error handling when necessary
- Don't prevent legitimate error handling strategies

### "Don't Prevent the Programmer from Handling Errors Properly"
- Enable comprehensive error handling and recovery
- Provide mechanisms for all necessary error handling operations
- Allow appropriate error handling overrides when explicitly requested

## C Standard Library Error Handling Evaluation Criteria

### Memory Management Functions
- **malloc/free family**: Error checking, cleanup on failure, NULL pointer handling
- **String functions**: Buffer overflow prevention, error propagation, cleanup
- **Memory functions**: Error checking, resource cleanup, pointer validation

### Input/Output Functions
- **File operations**: Error checking, resource cleanup, mode validation
- **Formatted I/O**: Error detection, buffer overflow prevention, cleanup
- **Character I/O**: EOF handling, error conditions, resource management

### String and Character Functions
- **String manipulation**: Buffer bounds checking, error propagation, cleanup
- **Character classification**: Error handling, locale considerations, validation
- **String conversion**: Error detection, overflow handling, cleanup

### Mathematical Functions
- **Floating point**: Error handling, special values, precision considerations
- **Integer arithmetic**: Overflow detection, error propagation, validation
- **Random numbers**: Error handling, seeding validation, cleanup

### Time and Date Functions
- **Time representation**: Error handling, overflow detection, validation
- **Formatting**: Error checking, buffer validation, cleanup
- **Conversion**: Error detection, range validation, cleanup