The member initializer list for a class constructor allows members to be initialized to specified values and for base class constructors to be called with specific arguments. However, the order in which initialization occurs is fixed and does not depend on the order written in the member initializer list. According to the The C++ Standard, [class.base.init], paragraph 11 [ISO/IEC 14882-2014], states the following:
In a non-delegating constructor, initialization proceeds in the following order:
— First, and only for the constructor of the most derived class, virtual base classes are initialized in the order they appear on a depth-first left-to-right traversal of the directed acyclic graph of base classes, where “left-to-right” is the order of appearance of the base classes in the derived class base-specifier-list.
— Then, direct base classes are initialized in declaration order as they appear in the base-specifier-list (regardless of the order of the mem-initializers).
— Then, non-static data members are initialized in the order they were declared in the class definition (again regardless of the order of the mem-initializers).
— Finally, the compound-statement of the constructor body is executed.
[Note: The declaration order is mandated to ensure that base and member subobjects are destroyed in the reverse order of initialization. —end note]
...
This compliant solution changes the declaration order of the class member variables so that the dependency can be ordered properly in the constructor's member initializer list:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
class C {
int someVal;
int dependsOnSomeVal;
public:
C(int val) : someVal(val), dependsOnSomeVal(someVal + 1) {}
};
|
Note that it It is reasonable for initializers to depend on previously initialized values.
...
This compliant solution initializes both base classes using the same value from the constructor's parameter list instead of relying on the initialization order of the base classes:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
class B1 {
int val;
public:
B1(int val) : val(val) {}
};
class B2 {
int otherVal;
public:
B2(int otherVal) : otherVal(otherVal) {}
};
class D : B1, B2 {
public:
D(int a) : B1(a), B2(a) {}
}; |
Exceptions
OOP53-CPP-EX0: Constructors that do not use member initializers do not violate this rule.Anchor OOP53-EX0 OOP53-EX0
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OOP53-CPP | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| Astrée |
|
|
4053, 4056, 4058
| initializer-list-order | Fully checked | ||||||||
| Axivion Bauhaus Suite |
| CertC++-OOP53 | |||||||
| Clang |
| -Wreorder |
| CodeSonar |
| LANG.STRUCT.INIT.OOMI | Out of Order Member Initializers | ||||||
| Helix QAC |
| C++4053 | |||||||
| Klocwork |
| CERT.OOP.CTOR.INIT_ORDER | |||||||
| LDRA tool suite |
| 206 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_CPP-OOP53-a | List members in an initialization list in the order in which they are declared | |||||||
| Polyspace Bug Finder |
| CERT C++: OOP53-CPP | Checks for members not initialized in canonical order (rule fully covered) | ||||||
| RuleChecker |
| initializer-list-order | Fully checked |
| SonarQube C/C++ Plugin |
| S3229 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [ISO/IEC 14882-2014] | Subclause 12.6.2, "Initializing Bases and Members" |
| [Lockheed Martin |
| 2005] | AV Rule 75, Members of the initialization list shall be listed in the order in which they are declared in the class |
...
...