SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

According to the C Standard, 3.8 [ISO/IEC 9899:2011], a constraint is a "restriction, either syntactic or semantic, by which the exposition of language elements is to be interpreted."  Despite the similarity of the terms, a runtime constraint is not a kind of constraint.

Violating any shall statement within a constraint clause in the C Standard requires an implementation to issue a diagnostic message, the C Standard, 5.1.1.3 [ISO/IEC 9899:2011] states:

A conforming implementation shall produce at least one diagnostic message (identified in an implementation-defined manner) if a preprocessing translation unit or translation unit contains a violation of any syntax rule or constraint, even if the behavior is also explicitly specified as undefined or implementation-defined. Diagnostic messages need not be produced in other circumstances.

The C Standard further explains in a footnote:

The intent is that an implementation should identify the nature of, and where possible localize, each violation. Of course, an implementation is free to produce any number of diagnostics as long as a valid program is still correctly translated. It may also successfully translate an invalid program.

...

The C Standard, 6.7.4, paragraph 3 [ISO/IEC 9899:2011], states:

An inline definition of a function with external linkage shall not contain a definition of a modifiable object with static or thread storage duration, and shall not contain a reference to an identifier with internal linkage.

...

The left-shift operation in the last line may wrap, but this is permitted by exception INT30-C-EX3 to rule INT30-C. Ensure that unsigned integer operations do not wrap.

...

Constraint violations are a broad category of error that can result in unexpected control flow and corrupted data.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

MSC40-C

Low

Unlikely

No

Medium

No

P2

L3

P1

L3

Automated Detection

Tool

Version

Checker

Description

 Astrée
 

Include Page
Astrée_V
Astrée_V

alignas-extended
assignment-to-non-modifiable-lvalue
cast-pointer-void-arithmetic-implicit
element-type-incomplete
function-pointer-integer-cast-implicit
function-return-type
inappropriate-pointer-cast-implicit
incompatible-function-pointer-conversion
incompatible-object-pointer-conversion
initializer-excess
invalid-array-size
non-constant-static-assert
parameter-match-type
pointer-integral-cast-implicit
pointer-qualifier-cast-const-implicit
pointer-qualifier-cast-volatile-implicit
redeclaration
return-empty
return-non-empty
static-assert
type-compatibility
type-compatibility-link
type-specifier
undeclared-parameter
unnamed-parameter

Partially checked
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-msc40-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0232, C0233, C0244, C0268, C0321, C0322, C0338, C0422, C0423, C0426, C0427, C0429, C0430, C0431, C0432, C0435, C0436, C0437, C0446, C0447, C0448, C0449, C0451, C0452, C0453, C0454, C0456, C0457, C0458, C0460, C0461, C0462, C0463, C0466, C0467, C0468, C0469, C0476, C0477, C0478, C0481, C0482, C0483, C0484, C0485, C0486, C0487, C0493, C0494, C0495, C0496, C0497, C0513, C0514, C0515, C0536, C0537, C0540, C0541, C0542, C0546, C0547, C0550, C0554, C0555, C0556, C0557, C0558, C0559, C0560, C0561, C0562, C0563, C0564, C0565, C0580, C0588, C0589, C0590, C0591, C0605, C0616, C0619, C0620, C0621, C0622, C0627, C0628, C0629, C0631, C0638, C0640, C0641, C0642, C0643, C0644, C0645, C0646, C0649, C0650, C0651, C0653, C0655, C0656, C0657, C0659, C0664, C0665, C0669, C0671, C0673, C0674, C0675, C0677, C0682, C0683, C0684, C0685, C0690, C0698, C0699, C0708, C0709, C0736, C0737, C0738, C0746, C0747, C0755, C0756, C0757, C0758, C0766, C0767, C0768, C0774, C0775, C0801, C0802, C0803, C0804, C0811, C0821, C0834, C0835, C0844, C0845, C0851, C0852, C0866, C0873, C0877, C0940, C0941, C0943, C0944, C1023, C1024, C1025, C1033, C1047, C1048, C1050, C1061, C1062, C3236, C3237, C3238, C3244

C++4122


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.FUNC.STATIC.REDECL
 LDRA tool suite
 

Include Page
LDRA_V
LDRA_V

 21 S, 145 S, 323 S, 345 S, 387 S, 404 S, 481 S, 580 S, 612 S, 615 S, 646 S
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC40-a

An inline definition of a function with external linkage shall not contain definitions and uses of static objects

 Polyspace Bug Finder

 

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MSC40-CChecks for inline constraint not respected (rule partially covered)
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

alignas-extended
assignment-to-non-modifiable-lvalue
cast-pointer-void-arithmetic-implicit
element-type-incomplete
function-pointer-integer-cast-implicit
function-return-type
inappropriate-pointer-cast-implicit
incompatible-function-pointer-conversion
incompatible-object-pointer-conversion
initializer-excess
invalid-array-size
non-constant-static-assert
parameter-match-type
pointer-integral-cast-implicit
pointer-qualifier-cast-const-implicit
pointer-qualifier-cast-volatile-implicit
redeclaration
return-empty
return-non-empty
static-assert
type-compatibility
type-compatibility-link
type-specifier
undeclared-parameter
unnamed-parameter

Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[ISO/IEC 9899:2011]

4, "Conformance"
5.1.1.3, "Diagnostics" 
6.7.4, "Function Specifiers"

...


...

Image Modified Image Modified Image Modified