SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Standard-layout types can be used to communicate with code written in other programming languages, as the layout of the type is strictly specified. The C++ Standard, [class], paragraph 7 [ISO/IEC 14882-2014], defines a standard-layout classes class as a class that

  • Does does not have virtual functions,
  • Has has the same access control for all nonstatic data members,
  • Has has no base classes of the same type as the first nonstatic data member,
  • Has has nonstatic data members declared in only one class within the class hierarchy, and
  • Recursivelyrecursively, does not have nonstatic data members of nonstandard-layout type.

...

This noncompliant code example assumes that there is a library whose header is library.h, and an application (represented by application.cpp), and that the library and application are not ABI-compatible. Therefore, the contents of library.h constitute an execution boundary. A nonstandard-layout type object S is passed across this execution boundary. The application creates an instance of an object of this type, then passes a reference to the object to a function defined by the library, crossing the execution boundary. Because the layout is not guaranteed to be compatible across the boundary, this results in unexpected behavior.

...

The effects of passing objects of nonstandard-layout type across execution boundaries depends on what operations are performed on the object within the callee as well as what subsequent operations are performed on the object from the caller. The effects can range from correct or benign behavior to undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP60-CPP

High

Probable

Medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

Clang

Include Page
Clang_V
Clang_V
-Wdynamic-class-memaccessCatches instances where the vtable pointer will be overwritten
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4741, DF4742, DF4743


Klocwork
Include Page
Klocwork_V
Klocwork_V
CERT.EXPR.PASS_NON_STD_LAYOUT
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-EXP60-aDo not pass a nonstandard-layout type object across execution boundaries
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: EXP60-CPPChecks for non-standard layout objects passed across execution boundaries (rule fully covered).

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Coding StandardEXP58-CPP. Pass an object of the correct type to va_start

Bibliography

[ISO/IEC 14882-2014]Clause 9, "Classes"
Subclause 7.5, "Linkage Specifications"
 
 


...

 Image Modified