SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 86

changes.mady.by.user Pranjal Jumde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. (See MSC11-C. Incorporate diagnostic tests using assertions.) The runtime assert() macro has some limitations, however, in that it incurs a runtime overhead and because it calls abort(). Consequently, the runtime assert() macro is only useful for identifying incorrect assumptions and not for runtime error checking. As a result, runtime assertions are generally unsuitable for server programs or embedded systems.

...

For assertions involving only constant expressions, some implementations allow the use of a preprocessor conditional statement, as in this example:

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

Could detect violations of this rule merely by looking for calls to assert(), and if it can evaluate the assertion (due to all values being known at compile time), then the code should use static-assert instead. This assumes ROSE can recognize macro invocation.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

44 S

Fully implemented.

ECLAIR
Include Page
ECLAIR_V
ECLAIR_V
macrcallFully implemented.
PRQA QA·CQA-C
Include Page
PRQA_V
PRQA_V
 Fully implemented

...

ISO/IEC 9899:2011 Section 6.10.1, "Conditional inclusion," section 6.10.3.3, "The ## operator," and section 7.2.1, "Program diagnostics"

Sources

[Becker 2008]
[Eckel 2007]
[Jones 2010]
[Klarer 2004]
[Saks 2005]
[Saks 2008]

...