SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Admin

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Confusion over which instructions are executed and which are not can lead to serious programming errors and vulnerabilities, including denial of service, abnormal program termination, and data integrity violation. This problem is mitigated by the use of interactive development environments (IDEs) and editors that use fonts, colors, or other mechanisms to differentiate between comments and code. However, the problem can still manifest, for example, when reviewing source code printed on a black-and-white printer.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MSC04-C

Medium

Unlikely

Yes

Medium

No

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

mmline-comment
sline-comment
sline-splicing
smline-comment

Partially checked
GCC
Include Page
GCC_V
GCC_V
 

Can detect violations of this rule when the -Wcomment flag is used

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC04

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3108
LDRA tool suite
Include Page
LDRA_V
LDRA_V
119 S, 302 S, 611 S

Partially implemented

Parasoft C/C++test
9.5MISRA2012-RULE-3_1{a,b,c}, COMMENT-13Fully implementedPRQA QA-C Include Page
Include Page
Parasoft_V
Parasoft_V

CERT_C-MSC04-a
CERT_C-MSC04-b
CERT_C-MSC04-c
CERT_C-MSC04-d

The character sequence /* shall not be used within a C-style comment
The character sequence // shall not be used within a C-style comment
The character sequence /* shall not be used within a C++-style comment
Line-splicing shall not be used in // comments

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

1, 427, 602, 689, 853,
9059, 9060, 9066, 9259

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC04-C


Checks for use of /* and // within a comment (rule partially covered)

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

mmline-comment
sline-comment
sline-splicing
smline-comment

Partially checked
PRQA QA-C_vPRQA QA-C_v3108 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC04-CPP. Use comments consistently and in a readable fashion
MISRA C:2012

Rule 1.2 (advisory)
Rule 3.1 (required)
Directive 4.4 (advisory)

Bibliography

[Summit 2005]Question 11.19

...


...

Image Modified Image Modified Image Modified