An unsafe function-like macro is one that, when expanded, evaluates its argument more than once or does not evaluate it at all. Contrasted with function calls, which always evaluate each of their arguments exactly once, unsafe function-like macros often have unexpected and surprising effects and lead to subtle, hard-to-find defects . (See see PRE31-C. Avoid side effects in arguments to unsafe macros). ) Consequently, every function-like macro should evaluate each of its arguments exactly once. Alternatively and preferably, defining function-like macros should be avoided in favor of inline functions . (See see PRE00-C. Prefer inline or static functions to function-like macros).)
Anchor | ||||
---|---|---|---|---|
|
...
Some implementations provide language extensions that make it possible to define safe function-like macros, such as the macro ABS()
, that would otherwise require evaluating their arguments more than once. For example, the GCC extension Statements and Declarations in Expressions makes it possible to implement the macro ABS()
in a safe way. Note, however, that because relying on implementation-defined extensions introduces undesirable platform dependencies that may make the resulting code nonportable, such solutions should be avoided in favor of portable ones wherever possible . (See see MSC14-C. Do not introduce unnecessary platform dependencies).)
Another GCC extension known as statement expression makes it possible for the block statement to appear where an expression is expected. The statement expression extension establishes a scope (note the curly braces) and any declarations in it are distinct from those in enclosing scopes.
Code Block | ||||
---|---|---|---|---|
| ||||
#define ABS(x) __extension__ ({ __typeof (x) __tmp = x; __tmp < 0 ? - __tmp : __tmp; }) |
...
Defining an unsafe macro leads to invocations of the macro with an argument that has side effects, causing those side effects to occur more than once. Unexpected or undefined program behavior can result.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE12-C | Low | Probable | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| macro-parameter-multiplied macro-parameter-unused | Partially checked | ||||||
Axivion Bauhaus Suite |
| CertC-PRE12 | |||||||
| CC2.PRE12 | Fully |
implemented | |||||||||
Helix QAC |
| C3456 | |||||||
LDRA tool suite |
| 562 S, 572 S, 35 D, 1 Q | Partially implemented | ||||||
RuleChecker |
| macro-parameter-multiplied macro-parameter-unused | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...