An unsafe function-like macro is one that evaluates a parameter more than once in the code expansion or never evaluates the parameter at all. Never invoke an unsafe macro with arguments containing an assignment, increment, decrement, volatile access, input/output, or other side effects (including function calls, which may cause side effects).
The documentation for unsafe macros must warn about putting side effects on the invocation, but the responsibility is on the programmer using the macro. Because of the risks associated with their use, it is recommended that you avoid the creation of unsafe macro functions. (See PRE00-C. Prefer inline or static functions to function-like macros.)
The assert() macro is an excellent example of an unsafe macro. Its argument may be evaluated once or not at all, depending on the NDEBUG macro. For more information, see EXP31-C. Avoid side effects in assertions.
...
Note the comment declaring the macro unsafe as a warning for programmers. Alternatively, the macro can be renamed ABS_UNSAFE() to make it painfully apparent that the macro is unsafe. However, a preferable, compliant solution is to declare ABS() as an inline function. (See PRE00-C. Prefer inline or static functions to function-like macros.)
| Code Block | ||||
|---|---|---|---|---|
| ||||
inline int abs(int x) {
return (((x) < 0) ? -(x) : (x));
}
/* ... */
m = abs(++n);
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 9 S | Partially implemented | |||||||
| PRQA QA-C |
| 3454 | Partially implemented | ||||||
| 3455 | |||||||||
| 3456 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
ISO/IEC 9899:2011 Section 5.1.2.3, "Program execution"
ISO/IEC TR 24772 "NMP Pre-processor directions"
MISRA Rule 19.6
Bibliography
[Plum 1985] Rule 1-11
...