...
This CUBE()
macro definition is noncompliant because it fails to parenthesize the parameter names.:
Code Block |
---|
|
#define CUBE(I) (I * I * I)
|
...
Code Block |
---|
|
int a = 81 / (2 + 1 * 2 + 1 * 2 + 1); /* evaluatesEvaluates to 11 */
|
which is clearly not the desired result.
...
Parenthesizing all parameter names in the CUBE()
macro allows it to expand correctly (when invoked in this manner).:
Code Block |
---|
|
#define CUBE(I) ( (I) * (I) * (I) )
int a = 81 / CUBE(2 + 1);
|
Exceptions
PRE01-C-EX1: When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Because commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way. Comma separators, which separate arguments in a function call, also have lower precedence than other operators, although they are technically different from comma operators.
Code Block |
---|
#define FOO(a, b, c) bar(a, b, c)
/* ... */
FOO(arg1, arg2, arg3);
|
PRE01-C-EX2: Macro parameters cannot be individually parenthesized when concatenating tokens using the ##
operator, converting macro parameters to strings using the #
operator, or concatenating adjacent string literals. The following JOIN()
macro below concatenates both arguments to form a new token. The SHOW()
macro converts the single argument into a string literal, which is then concatenated with the adjacent string literal to form the format specification in the call to printf()
passed as a parameter to printf()
and as a string and as a parameter to the %d
specifier. For example, if SHOW()
is invoked as SHOW(66);
, the macro would be expanded to printf("66" " = %d\n", 66);
.
Code Block |
---|
#define JOIN(a, b) (a ## b)
#define SHOW(a) printf(#a " = %d\n", a)
|
...
Failing to parenthesize the parameter names in a macro can result in unintended program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
PRE01-C |
mediumprobablelowAutomated Detection
Tool | Version | Checker | Description |
---|
Astrée | | macro-parameter-parentheses | Fully checked |
Axivion Bauhaus Suite | Include Page |
---|
| Axivion Bauhaus Suite_V |
---|
| Axivion Bauhaus Suite_V |
---|
|
| CertC-PRE01 | Fully implemented |
ECLAIR | |
macrbody Fully implemented | PRQA QA-C | Include Page |
---|
PRQA_V | PRQA_V | 3410 | Enhanced Enforcement |
Parasoft C/C++test | | CERT_C-PRE01-a
| In the definition of a function-like macro each instance of a parameter shall be enclosed in parentheses unless it is used as the operand of # or ## |
PC-lint Plus | Include Page |
---|
| PC-lint Plus_V |
---|
| PC-lint Plus_V |
---|
|
| 9022 | Fully supported |
Polyspace Bug Finder | Include Page |
---|
| Polyspace Bug Finder_V |
---|
| Polyspace Bug Finder_V |
---|
|
| CERT C: Rec. PRE01-C | Checks for expanded macro parameters not enclosed in parentheses (rule partially supported)
|
PVS-Studio | | V733 |
|
RuleChecker | Include Page |
---|
| RuleChecker_V |
---|
| RuleChecker_V |
---|
|
| macro-parameter-parentheses | Fully checked |
Fully implementedRelated Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Secure PDTR precedenceorder evaluation MISRA-C 191 advisory): #include
statements in a file should only be preceded by other preprocessor directives or comments Bibliography
...
...
Image Modified Image Modified Image Modified