When an exception is thrown, the value of the object in the throw expression is used to initialize an anonymous temporary object called the exception object. The type of this exception object is used to transfer control to the nearest catch handler which contains an exception declaration with a matching type. The C++ Standard, [except.handle], paragraph 16 [ISO/IEC 14882-2014], states, in part:
The variable declared by the exception-declaration, of type cv
T
or cvT&
, is initialized from the exception object, of typeE
, as follows:
— ifT
is a base class ofE
, the variable is copy-initialized from the corresponding base class subobject of the exception object;
— otherwise, the variable is copy-initialized from the exception object.
Because the variable declared by the exception-declaration is copy-initialized, it is possible to slice the exception object as part of the copy operation, losing valuable exception information and leading to incorrect error recovery. For more information about object slicing, see OOP51-CPP. Do not slice derived objects. Further, if the copy constructor of the exception object throws an exception, the copy initialization of the exception-declaration object results in undefined behavior; see ERR60-CPP. Exception objects must be nothrow copy constructible for more information.
Always catch exceptions by lvalue reference unless the type is a trivial type. For reference, the C++ Standard, [basic.types], paragraph 9 [ISO/IEC 14882-2014], defines trivial types as
Arithmetic types, enumeration types, pointer types, pointer to member types,
std::nullptr_t
, and cv-qualified versions of these types are collectively called scalar types.... Scalar types, trivial class types, arrays of such types and cv-qualified versions of these types are collectively called trivial types.
The C++ Standard, [class], paragraph 6, defines trivial class types as
A trivially copyable class is a class that:
— has no non-trivial copy constructors,
— has no non-trivial move constructors,
— has no non-trivial copy assignment operators,
— has no non-trivial move assignment operators, and
— has a trivial destructor.
A trivial class is a class that has a default constructor, has no non-trivial default constructors, and is trivially copyable. [Note: In particular, a trivially copyable or trivial class does not have virtual functions or virtual base classes. — end note]
In this noncompliant code example, an object of type S
is used to initialize the exception object that is later caught by an exception-declaration of type std::exception
. The exception-declaration matches the exception object type, and so the variable E
is copy-initialized from the exception object, resulting in the exception object being sliced. Consequently, the output of this noncompliant code example is the implementation-defined value returned from calling std::exception::what()
instead of "My custom exception"
.
#include <exception> #include <iostream> struct S : std::exception { const char *what() const noexcept override { return "My custom exception"; } }; void f() { try { throw S(); } catch (std::exception e) { std::cout << e.what() << std::endl; } } |
In this noncompliant code example, the variable declared by the exception-declaration is an lvalue pointer. Unfortunately the lifetime of the temporary object does not extend to beyond the exception declaration, leaving a dangling pointer. This violates EXP54-CPP. Do not access an object outside of its lifetime.
#include <exception> #include <iostream> struct S : std::exception { const char *what() const noexcept override { return "My custom exception"; } }; void f() { try { S s; throw &s; } catch (std::exception* e) { std::cout << e->what() << std::endl; } } |
In this compliant solution, the variable declared by the exception-declaration is an lvalue reference. The call to what()
results in executing S::what()
instead of std::exception::what()
.
#include <exception> #include <iostream> struct S : std::exception { const char *what() const noexcept override { return "My custom exception"; } }; void f() { try { throw S(); } catch (std::exception &e) { std::cout << e.what() << std::endl; } } |
Object slicing can result in abnormal program execution. This generally is not a problem for exceptions, but it can lead to unexpected behavior depending on the assumptions made by the exception handler.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR61-CPP | Low | Unlikely | Low | P3 | L3 |
Tool | Version | Checker | Description |
---|---|---|---|
| Checked by clang-tidy ; also checks for ERR09-CPP. Throw anonymous temporaries by default | ||
SonarQube C/C++ Plugin | S1044 |
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
This rule is a subset of OOP51-CPP. Do not slice derived objects
SEI CERT C++ Coding Standard | ERR60-CPP. Exception objects must be nothrow copy constructible |
[ISO/IEC 14882-2014] | Subclause 3.9, "Types" |
[MISRA 08] | Rule 15-3-5 |