Macro replacement lists should be parenthesized to protect any lower-precedence operators from the surrounding expression. See also PRE00-A. Prefer inline or static functions to function-like macros and PRE01-A. Use parentheses within macros around parameter names.
Non-Compliant Code Example
This CUBE()
macro definition is noncompliant because it fails to parenthesize the replacement list.
...
which is not the desired behavior.
Compliant Solution
With its replacement list parenthesized, the CUBE()
macro expands correctly for this type of invocation.
...
This compliant solution violates PRE00-A. Prefer inline or static functions to function-like macros. Consequently, this solution would be better implemented as an inline function.
Non-Compliant Code Example
In this noncompliant code example, EOF
is defined as -1
. The macro replacement list consists of a unary negation operator '-' followed by an integer literal '1'.
...
Once this modification is made, the noncompliant code example no longer compiles because the macro expansion results in the conditional expression getchar() (-1)
, which is no longer syntactically valid. Note that there must be a space after EOF
because otherwise it becomes a function-like macro (and one that is incorrectly formed, because -1 cannot be a formal parameter).
Compliant Solution
In this compliant solution, the macro definition is replaced with an enumeration constant in compliance with DCL00-C. Const-qualify immutable objects.
Code Block | ||
---|---|---|
| ||
enum { EOF = -1 }; /* ... */ if (getchar() != EOF) { /* ... */ } |
Exceptions
PRE02-EX1. A macro that expands to a single identifier or function call is not affected by the precedence of any operators in the surrounding expression, so its replacement list need not be parenthesized.
Code Block |
---|
#define MY_PID getpid() |
Risk Assessment
Failing to parenthesize macro replacement lists can cause unexpected results.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE02-C | medium | probable | low | P12 | L1 |
Automated Detection
The LDRA tool suite V 7.6.0 can detect violations of this recommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "JCW Operator precedence/Order of Evaluation", "NMP Pre-processor Directions" \[[Plum 85|AA. C References#Plum 85]\] Rule 1-1 \[[Summit 05|AA. C References#Summit 05]\] Question 10.1 |
...