...
Member functions, including virtual functions, can be called during construction or destruction. When a virtual function is called directly or indirectly from a constructor or from a destructor, including during the construction or destruction of the class’s non-static data members, and the object to which the call applies is the object (call it
x) under construction or destruction, the function called is the final overrider in the constructor’s or destructor’s class and not one overriding it in a more-derived class. If the virtual function call uses an explicit class member access and the object expression refers to the complete object ofxor one of that object’s base class subobjects but notxor one of its base class subobjects, the behavior is undefined.
Do not directly or indirectly invoke a virtual function from a constructor or destructor that attempts to call into the object under construction or destruction. Because the order of construction starts with base classes and moves to more derived classes, attempting to call a derived class function from a base class under construction is dangerous. The derived class has not had the opportunity to initialize its resources, which is why calling a virtual function from a constructor does not result in a call to a function in a more derived class. Similarly, an object is destroyed in reverse order from construction, so attempting to call a function in a more derived class from a destructor may access resources that have already been released.
...
Risk Assessment
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
OOP50-CPP | Low | Unlikely | Yes | MediumNo | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| virtual-call-in-constructor invalid_function_pointer | Fully checked | |||||||||||
| Axivion Bauhaus Suite |
| CertC++-OOP50 | ||||||||||||
| Clang |
| clang-analyzer-alpha.cplusplus.VirtualCall | Checked by clang-tidy | |||||||||||
| CodeSonar |
| LANG.STRUCT.VCALL_IN_CTOR LANG.STRUCT.VCALL_IN_DTOR | Virtual Call in Constructor Virtual Call in Destructor | |||||||||||
| Helix QAC |
| C++4260, C++4261, C++4273, C++4274, C++4275, C++4276, C++4277, C++4278, C++4279, C++4280, C++4281, C++4282 | ||||||||||||
| Klocwork |
| CERT.OOP.CTOR.VIRTUAL_FUNC | ||||||||||||
| LDRA tool suite |
| 467 S, 92 D | Fully implemented | |||||||||||
| Parasoft C/C++test |
| CERT_CPP-OOP50-a | Avoid calling virtual functions from constructors | |||||||||||
| Polyspace Bug Finder |
| CERT C++: OOP50-CPP | Checks for virtual function call from constructors and destructors (rule fully covered) | |||||||||||
| PRQA QA-C++ | ||||||||||||||
| Include Page | PRQA QA-C++_V | PRQA QA-C++_V | 4260, 4261, 4273, 4274, | PVS-Studio |
| V1053 | ||||||||
| RuleChecker |
| virtual-call-in-constructor | Fully checked | |||||||||||
| Security Reviewer - Static Reviewer |
| UNSAFE_07 | Fully implemented | |||||||||||
| SonarQube C/C++ Plugin |
| S1699 |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
...