Page History

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities (see MSC11-A. Incorporate diagnostic tests using assertions). The run-time assert() macro has some limitations, however, in that it occurs a run-time overhead and, because it calls abort(), are is only useful for identifying incorrect assumptions and is not intended for runtime error checking. Consequently, run-time assertions are generally unsuitable for server programs or embedded systems.

Static assertion is

 a new facility in the C+\+ 0X draft standard

 \[[Becker 08|AA. C References#Becker 08]\] and takes the form:

static_assert(constant-expression, string-literal);

Wiki MarkupAccording to the C+\+ 0X draft standard \[[Becker 08|AA. C References#Becker 08]\], the {{constant-expression}} in a static assert declaration is a constant expression that can be converted to {{bool}} at compile time. If the value of the converted expression when converted is true, the declaration has no effect. Otherwise the program is ill-formed, and a diagnostic message (which includes the text of the {{string-literal}}) is issued at compile time. For example:

static_assert(sizeof(int) <= sizeof(void*), "sizeof(int) <= sizeof(void*)"); /* Passes */
static_assert(sizeof(double) <= sizeof(int), "sizeof(double) <= sizeof(int)"); /* Fails */

...

Static assertions allow incorrect assumptions to be diagnosed at compile time, instead of resulting in a silent malfunction or run-time error. Because the assertion is performed at compile time, no run-time cost in space or time is incurred. An assertion can be used at file or block scope and failure results in a meaningful and informative diagnostic error message.

Risk Assessment

Static assertion is a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities at compile time. The absence of static assertions, however, does not mean that code is incorrect.

...