Page History

...

The assert() macro is an excellent example of an unsafe macro. Its argument may be evaluated once or not at all, depending on the NDEBUG macro. For more information, see EXP31-C. Avoid side effects in assertions.

Non-Compliant Code Example

One problem with unsafe macros is side effects on macro arguments, as shown by this noncompliant code example.

...

The resulting code violates EXP30-C. Do not depend on order of evaluation between sequence points resulting in undefined behavior.

Compliant Solution

One compliant solution is simply not to invoke an unsafe macro with arguments containing an assignment, increment, decrement, or function call, as in the following example:

...

This eliminates the problem of recalling which macros are safe, and which are not.

Exceptions

PRE31-EX1: An exception can be made for calling functions that have no side effects. However, it is easy to forget about obscure side effects that a function might have, especially library functions for which source code is not available; even changing errno is a side effect. Unless the function is user-written and does nothing but perform a computation and return its result without calling any other functions, it is likely that many developers will forget about some side effect. Consequently, while this exception is allowed, it is not recommended.

Risk Assessment

Invoking an unsafe macro with an argument that has side effects may cause those side effects to occur more than once. This can lead to unexpected program behavior.

Automated Detection

The LDRA tool suite V 7.6.0 can detect violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.2.3, "Program execution"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "NMP Pre-processor Directions"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 19.6
\[[Plum 85|AA. C References#Plum 85]\] Rule 1-11

...