...
Braces also help ensure that macros with multiple statements are properly expanded. Such a macro should be wrapped in a do-while loop. (See PRE10-C. Wrap multistatement macros in a do-while loop.) However, when the do-while loop is not present, braces can still ensure that the macro expands as intended.
An if, for, or while statement with an empty body also should have an empty pair of braces to indicate the empty body. In such a case, the condition should have a significant side-effect, or the statement will violate MSC12-C. Detect and remove code that has no effect or is never executed:
| Code Block | ||||
|---|---|---|---|---|
| ||||
while (invalid_login()) {} // let user re-login until successful
|
Noncompliant Code Example
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int privileges;
if (invalid_login()) {
if (allow_guests()) {
privileges = GUEST;
}
} else {
privileges = ADMINISTRATOR;
}
|
Noncompliant Code Example (empty block)
This noncompliant code example has a while statement with no block:
| Code Block | ||||
|---|---|---|---|---|
| ||||
while (invalid_login()); |
Note that if invalid_login() has no side effects (such as warning the user if their login failed), this code also violates MSC12-C. Detect and remove code that has no effect or is never executed.
Compliant Solution (empty block)
This compliant solution features an explicit empty block, which clarifies the developer's intent:
| Code Block | ||||
|---|---|---|---|---|
| ||||
while (invalid_login()) {}
|
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP19-C | Medium | Probable | Medium | P8 | L2 |
...