Page History

Software vulnerabilities can result when a programmer fails to consider all possible data states.

...

Note that adding a default case to a switch statement, even when all possible switch labels are specified, is an exception (MSC07-EX1) to MSC07-C. Detect and remove dead code.

An alternative compliant solution to the noncompliant code example is to provide a return statement after the switch statement. Note, however, that this solution may not be appropriate in all situations.

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

12 S

Fully implemented.

GCC

Include Page

	GCC_V
	GCC_V

Can detect some violations of this recommendation when the -Wswitch and -Wswitch-default flags are used.

Compass/ROSE

Can detect some violations of this recommendation. In particular, it flags switch statements that do not have a default clause. ROSE should detect "fake switches" as well (that is, a chain of if statements each checking the value of the same variable). These if statements should always end in an else clause, or they should mathematically cover every possibility. For instance, consider the following:

  if (x > 0) {
	  /* ... */
  } else if (x < 0) {
    /* ... */
  } else if (x == 0) {
    /* ... */
  }

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

LA_UNUSED

PRQA QA·CQA-C

Include Page

	PRQA_V
	PRQA_V

Fully implemented

...

ISO/IEC TR 17961 (Draft) Use of an implied default in a switch statement [swtchdflt]

ISO/IEC TR 24772 "CLL Switch statements and static analysis"

Sources

[Hatton 1995] Section 2.7.2, "Errors of omission and addition"
[Viega 2005] Section 5.2.17, "Failure to account for default case in switch"
[http://www.aeroxp.org/2009/01/lesson-on-infinite-loops] for analysis on the Zune 30 bug

...

Space shortcuts

Page tree

Versions Compared

Old Version 68

New Version 69

Key

Sources