SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 33

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 34

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.1 (sch jbop) (X_X)@==(Q_Q)@

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities (see MSC11-A. Incorporate diagnostic tests using assertions). The run-time runtime assert() macro has some limitations, however, in that it occurs a run-time runtime overhead and, because it calls abort(), is only useful for identifying incorrect assumptions and is not intended for runtime error checking. Consequently, run-time runtime assertions are generally unsuitable for server programs or embedded systems.

...

Using #error directives allows for clear diagnostic messages. Because this approach evaluates assertions at compile time, there is no run-time runtime penalty.

Unfortunately, this solution is not portable. C99 does not require that implementations support sizeof, offsetof, or enumeration constants in #if conditions. According to Section 6.10.1, "Conditional inclusion," all identifiers in the expression that controls conditional inclusion either are or are not macro names. Some compilers allow these constructs in conditionals as an extension, but most do not.

...

Wiki Markup
The {{JOIN()}} macro used the {{\##}} operator \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] to concatenate tokens. See [PRE05-A. Understand macro replacement when concatenating tokens or performing stringification] to understand how macro replacement behaves in C when using the {{\##}} operator.

Static assertions allow incorrect assumptions to be diagnosed at compile time, instead of resulting in a silent malfunction or run-time runtime error. Because the assertion is performed at compile time, no run-time runtime cost in space or time is incurred. An assertion can be used at file or block scope and failure results in a meaningful and informative diagnostic error message.

...

Wiki Markup
\[[Becker 08|AA. C References#Becker 08]\] 
\[[Eckel 07|AA. C References#Eckel 07]\]
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.1, "Conditional inclusion," and Section 6.10.3.3, "The ## operator," and Section 7.2.1, "Program diagnostics"
\[[Klarer 04|AA. C References#Klarer 04]\]
\[[Saks 05|AA. C References#Saks 05]\]
\[[Saks 08|AA. C References#Saks 08]\]

...