Page History

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. (See recommendation MSC11-C. Incorporate diagnostic tests using assertions.) The runtime assert() macro has some limitations, however, in that it incurs a runtime overhead and because it calls abort(). Consequently, the runtime assert() macro is only useful for identifying incorrect assumptions and not for runtime error checking. As a result, runtime assertions are generally unsuitable for server programs or embedded systems.

Wiki MarkupStatic assertion is a new facility in the C1X draft standard \ [[Jones 2010|AA. Bibliography#Jones 10]\] and the C+\+ 0X draft standard \ [[Becker 2008|AA. Bibliography#Becker 08] \] and takes the form

Code Block
static_assert(constant-expression, string-literal);

...

Tool

Version

Checker

Description

Section
Compass/ROSE

Section
could detect violations of this rule merely by looking for calls to `assert()`, and if it can evaluate the assertion (due to all values being known at compile time), then the code should use `static-assert` instead. This assumes ROSE can recognize macro invocation.

Section
LDRA tool suite

Include Page

	c:LDRA_Vc:
	LDRA_V

Section
44 S

Section
Fully Implemented

...

ISO/IEC 9899:1999 Section 6.10.1, "Conditional inclusion," and Section 6.10.3.3, "The ## operator," and Section 7.2.1, "Program diagnostics"

Bibliography

Wiki Markup\[[Becker 2008|AA. Bibliography#Becker 08]\] \[[Eckel 2007|AA. Bibliography#Eckel 07]\] \[[Jones 2010|AA. Bibliography#Jones 10]\] \[[Klarer 2004|AA. Bibliography#Klarer 04]\] \[[Saks 2005|AA. Bibliography#Saks 05]\] \[[Saks 2008|AA. Bibliography#Saks 08]\]
[Eckel 2007]
[Jones 2010]
[Klarer 2004]
[Saks 2005]
[Saks 2008]

...

02. Declarations and Initialization (DCL)

Space shortcuts

Page tree

Versions Compared

Old Version 75

New Version 76

Key

Bibliography