SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The examples here fall under the exception MSC17-C-EX2 in MSC17-C. Finish every set of statements associated with a case label with a break statement.

...

When i = 1, the entire for loop is executed. When i = 2, two increments to j are made before the loop starts. When i = 3, one increment to j is made before the loop starts. The default case is no loop. Consequently, the function has the following behavior:

i

f(i)

1

12

2

12

3

11

Other values

0

Compliant

...

Solution

The compliant example solution separates the switch and for blocks:

...

Many people . . . have said that the worst feature of C is that switches don't break automatically before each case label. This code forms some sort of argument in that debate, but I'm not sure whether it's for or against.

Compliant

...

Solution (Duff's Device)

This is an alternative implementation of Duff's device, which separates the switch statement and loop:

Code Block
bgColor#CCCCFF
langc
int n = (count + 7) / 8;
switch (count % 8) {
  case 0: *to = *from++; /* Fall through */
  case 7: *to = *from++; /* Fall through */
  case 6: *to = *from++; /* Fall through */
  case 5: *to = *from++; /* Fall through */
  case 4: *to = *from++; /* Fall through */
  case 3: *to = *from++; /* Fall through */
  case 2: *to = *from++; /* Fall through */
  case 1: *to = *from++; /* Fall through */
}
while (--n > 0) {
  *to = *from++;
  *to = *from++;
  *to = *from++;
  *to = *from++;
  *to = *from++;
  *to = *from++;
  *to = *from++;
  *to = *from++;
}

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC20-C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
switch-labelFully checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.SW.MPC

Misplaced case

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC20

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2019
LDRA tool suite
Include Page
LDRA_V
LDRA_V
245 SFully implemented
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

646, 9055

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC20-CChecks for situations where switch label is not at the outermost level of switch statement body (rec. fully covered)


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
switch-labelFully checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1036

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID MSC20-CPP. Do not use a switch statement to transfer control into a complex block
ISO/IEC TR 24731-1:2007
 

MISRA C:2012
 Rule
Rule 16.2 (required)

Bibliography

[ISO/IEC 9899:2011]Subclause 6.8.6.1, "The goto Statement"
[Duff 1988]Tom Duff on Duff's Device

...


...

Image Modified Image Modified Image Modified