Bibliography and Sources

A consolidated list of references cited throughout the book, organized by topic. Where a paper or book is freely available online, the link is included. Where it is in print, you’ll have to find it.

Foundational papers and books

• David Abrahams, “Exception-Safety in Generic Components,” Generic Programming: Proceedings of a Dagstuhl Seminar, Springer 2000. The paper that codified the three-guarantee vocabulary.
• Bjarne Stroustrup, The Design and Evolution of C++, Addison-Wesley 1994. Especially §16 on the history of exception specifications.
• Bjarne Stroustrup, The C++ Programming Language, 4th ed., Addison-Wesley 2013. Appendix E on standard-library exception safety.
• Herb Sutter, Exceptional C++, Addison-Wesley 1999. The practical companion to Abrahams’s theoretical work.
• Herb Sutter, More Exceptional C++, Addison-Wesley 2001.
• Andrei Alexandrescu, Modern C++ Design, Addison-Wesley 2001.
• Andrei Alexandrescu, “Generic: Change the Way You Write Exception-Safe Code — Forever,” C/C++ Users Journal, December 2000. The ScopeGuard paper.
• Edsger Dijkstra, “Go To Statement Considered Harmful,” Communications of the ACM 11:3, March 1968.

Exception-handling internals

• Itanium C++ ABI, “Exception Handling”: https://itanium-cxx-abi.github.io/cxx-abi/abi-eh.html
• “Zero-cost exceptions” — see the GCC and Clang documentation on .eh_frame and .gcc_except_table.
• Microsoft Visual C++ exception model documentation (varies by platform; x86 and x64 differ).

Common Lisp condition system

• Kent M. Pitman, “Condition Handling in the Lisp Language Family,” in Advances in Exception Handling Techniques, Springer 2001.
• Common Lisp HyperSpec, Chapter 9 (Conditions). http://www.lispworks.com/documentation/HyperSpec/Body/09_.htm
• Peter Seibel, Practical Common Lisp, Apress 2005, chapter 19. Free online: https://gigamonkeys.com/book/beyond-exception-handling-conditions-and-restarts.html
• Andy Wingo, “A new implementation of conditions in Guile,” 2010 — for an example of porting the design to Scheme.

Concurrency

• Hans-J. Boehm, “Threads Cannot Be Implemented as a Library,” PLDI 2005.
• Brian Goetz et al., Java Concurrency in Practice, Addison-Wesley 2006. Chapter 7 (Cancellation and Shutdown).
• The Rustonomicon, “Poisoning”: https://doc.rust-lang.org/nomicon/poisoning.html
• Tokio docs, “Cancellation safety”: https://docs.rs/tokio/latest/tokio/macro.select.html#cancellation-safety
• “Errors are values,” Rob Pike: https://go.dev/blog/errors-are-values

Smart contract reentrancy

• Phil Daian, “Analysis of the DAO exploit,” 2016: https://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/
• Solidity documentation, “Use the Checks-Effects-Interactions Pattern”: https://docs.soliditylang.org/en/latest/security-considerations.html#use-the-checks-effects-interactions-pattern
• Trail of Bits, “Slither, the Solidity source analyzer”: https://github.com/crytic/slither
• M. Rameder et al., “Reentrancy Attacks on Smart Contracts: A Systematic Mapping Study,” Empirical Software Engineering, 2022.
• Trail of Bits, “Building secure smart contracts”: https://github.com/crytic/building-secure-contracts

Field-guide post-mortems

• The DAO: https://www.coindesk.com/markets/2016/06/25/understanding-the-dao-attack/
• Parity multisig: https://www.parity.io/blog/security-alert-2/
• Therac-25: Nancy Leveson and Clark Turner, “An Investigation of the Therac-25 Accidents,” IEEE Computer 26:7, July 1993.
• Ariane 5 Flight 501: J.L. Lions et al., “Ariane 501 Inquiry Board Report,” July 1996. https://www.di.unito.it/~damiani/ariane5rep.html
• Knight Capital: SEC release No. 70694, October 16, 2013. https://www.sec.gov/litigation/admin/2013/34-70694.pdf
• Heartbleed: https://heartbleed.com/
• Cloudbleed: https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

Distributed systems and sagas

• Pat Helland, “Life beyond Distributed Transactions,” CIDR 2007.
• Pat Helland, “Standing on Distributed Shoulders of Giants,” ACM Queue 14:2, 2016.
• “Saga Pattern,” Microservices.io: https://microservices.io/patterns/data/saga.html
• Hector Garcia-Molina and Kenneth Salem, “Sagas,” ACM SIGMOD 1987 — the original paper.

Tooling

• clang-tidy check list: https://clang.llvm.org/extra/clang-tidy/checks/list.html
• AFL++ documentation: https://aflplus.plus/
• David MacIver, Hypothesis documentation: https://hypothesis.readthedocs.io/

Adjacent industry context

• Anders Hejlsberg interview, “The Trouble with Checked Exceptions,” 2003: https://www.artima.com/articles/the-trouble-with-checked-exceptions
• Effective Java, 3rd ed., Joshua Bloch, Addison-Wesley 2018. Items 49–77 (the exceptions chapter).
• The Rust Programming Language, Steve Klabnik and Carol Nichols, chapter 9 (Error Handling).
• Nancy Leveson, Engineering a Safer World, MIT Press 2011.
• Linux Kernel Development, Robert Love, 3rd ed., Addison-Wesley 2010, chapter 7.

On the Risks Forum

The Risks Forum (comp.risks) is a continuous low-volume mailing list, archived at http://catless.ncl.ac.uk/Risks, that has been documenting computing-related failure modes since 1985. A great many of its entries are exception-safety bugs in disguise. Reading the archives chronologically is unsettling.