...
In this noncompliant code example, a function is declared as nonthrowing, but it is possible for std::vector::resize()
to throw an exception when the requested memory cannot be allocated.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <cstddef>
#include <vector>
void f(std::vector<int> &v, size_t s) noexcept(true) {
v.resize(s); // May throw
}
|
Compliant Solution
In this compliant solution, the function's noexcept-specification is removed, signifying that the function allows all exceptions.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <cstddef>
#include <vector>
void f(std::vector<int> &v, size_t s) {
v.resize(s); // May throw, but that is okay
} |
Noncompliant Code Example
In this noncompliant code example, the second function claims to throw only Exception1
, but it may also throw Exception2.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <exception> class Exception1 : public std::exception {}; class Exception2 : public std::exception {}; void foo() { throw Exception2{}; // Okay because foo() promises nothing about exceptions } void bar() throw (Exception1) { foo(); // Bad because foo() can throw Exception2 } |
Compliant Solution
This compliant solution catches the exceptions thrown by foo().
Code Block | ||||
---|---|---|---|---|
| ||||
#include <exception> class Exception1 : public std::exception {}; class Exception2 : public std::exception {}; void foo() { throw Exception2{}; // Okay because foo() promises nothing about exceptions } void bar() throw (Exception1) { try { foo(); } catch (Exception2 e) { // Handle error without rethrowing it } } |
Compliant Solution
This compliant solution declares a dynamic exception-specification for bar()
, which covers all of the exceptions that can be thrown from it.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <exception> class Exception1 : public std::exception {}; class Exception2 : public std::exception {}; void foo() { throw Exception2{}; // Okay because foo() promises nothing about exceptions } void bar() throw (Exception1, Exception2) { foo(); } |
Noncompliant Code Example
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <cstddef>
#include <vector>
void f(std::vector<int> &v, size_t s) noexcept(true) {
v.resize(s); // May throw
}
|
Compliant Solution
In this compliant solution, the function's noexcept-specification is removed, signifying that the function allows all exceptions.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <cstddef>
#include <vector>
void f(std::vector<int> &v, size_t s) {
v.resize(s); // May throw, but that is okay
} |
Implementation Details
Some vendors provide language extensions for specifying whether or not a function throws. For instance, Microsoft Visual Studio provides __declspec(nothrow))
, and Clang supports __attribute__((nothrow))
. Currently, the vendors do not document the behavior of specifying a nonthrowing function using these extensions. Throwing from a function declared with one of these language extensions is presumed to be undefined behavior.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR55-CPP | Low | Likely | Low | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| unhandled-throw-noexcept | Partially checked | |||||||||
Axivion Bauhaus Suite |
| CertC++-ERR55 | ||||||||||
CodeSonar |
| LANG.STRUCT.EXCP.THROW | Use of throw | |||||||||
Helix QAC |
| C++4035, C++4036, C++4632 | ||||||||||
LDRA tool suite |
| 56 D | Partially implemented | |||||||||
Parasoft C/C++Test |
| MISRA2008-15_5_2, EXCEPT-14 | CERT_CPP-ERR55-a | Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) | ||||||||
Polyspace Bug Finder |
| CERT C++: ERR55-CPP | Checks for noexcept functions exiting with exception (rule fully covered) | |||||||||
RuleChecker |
| unhandled-throw-noexcept | Partially checked | PRQA QA-C++ | 4.1 | 4035, 4036, 4632 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...