SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 53

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because missing end delimitors are error prone and often viewed as a mistake, this approach is not recommended for commenting out code.

Compliant Solution (

...

Preprocessor)

Instead of using /* and */ to comment out blocks of code, comment out blocks of code using conditional compilation (e.g., #if, #ifdef, or #ifndef).

...

The text inside a block of code commented out using #if, #ifdef, or #ifndef must still consist of valid preprocessing tokens. This means that the characters " and ' must each be paired just as in real C code, and the pairs must not cross line boundaries. In particular, an apostrophe within a contracted word looks like the beginning of a character constant. Consequently, natural-language comments and pseudocode should always be written between the comment delimiters /* and */ or following //.

Compliant Solution (

...

Compiler)

This compliant solution takes advantage of the compiler's ability to remove unreachable (dead) code. The code inside the if block must remain acceptable to the compiler. If other parts of the program such as macros, types, or function prototypes change later in a way that would cause syntax errors, the unexecuted code must be brought up to date to correct the problem. Then, if it is needed again in the future, all that must be done is to remove the surrounding if statement and the NOTREACHED comment.

...

This is an instance of exception MSC07-EX2 to guideline MSC07-C. Detect and remove dead code.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC04-C

medium

unlikely

medium

P4

L3

Automated Detection

The LDRA tool suite V 7.6.0 can detect violations of this recommendation.

...

Tool

Version

Checker

Description

Section

LDRA tool suite

Include Page
c:LDRA_V
c:LDRA_V

 

 

Section

GCC

Include Page
c:GCC_V
c:GCC_V

 

Section

can detect violations of this rule when the -Wcomment flag is used

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MSC04-CPP. Use comments consistently and in a readable fashion.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.4.9, "Comments," and Section 6.10.1, "Conditional inclusion"
\[[MISRA 04|AA. Bibliography#MISRA 04]\] Rule 2.2, "Source code shall only use /\* ... \*/ style comments," Rule 2.3, "The character sequence /\* shall not be used within a comment," and Rule 2.4, "Sections of code should not be "commented out"
\[[Summit 05|AA. Bibliography#Summit 05]\] [Question 11.19|http://c-faq.com/ansi/ifdefsyntax.html]

...