...
Do not write a syntactically ambiguous declaration. With the advent of uniform initialization syntax using a braceda braced-init-list, there is now syntax that unambiguously specifies a declaration instead of an expression statement. Declarations can also be disambiguated by using nonfunction-style casts, by initializating initializing using =, or by removing extraneous parenthesis around the parameter name.
...
Code Block | ||
---|---|---|
| ||
Widget constructed
Gadget constructed
Widget constructed
Gadget constructed
3 |
...
Risk Assessment
Syntactically ambiguous declarations can lead to unexpected program execution. However, it is likely that rudimentary testing would uncover violations of this rule.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL53-CPP | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| LANG.STRUCT.DECL.FNEST | Nested Function Declaration | ||||||
Helix QAC |
| C++1109, C++2510 | |||||||
Klocwork |
| CERT.DCL.AMBIGUOUS_DECL | |||||||
LDRA tool suite |
| 296 S | Partially implemented |
Parasoft C/C++test |
|
2510
| CERT_CPP-DCL53-a | Parameter names in function declarations should not be enclosed in parentheses | |||||||
Polyspace Bug Finder |
| CERT C++: DCL53-CPP | Checks for declarations that can be confused between:
Rule fully covered. |
Clang |
| -Wvexing-parse |
SonarQube C/C++ Plugin |
| S3468 |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[ISO/IEC 14882-2014] | Subclause 6.8, "Ambiguity Resolution" Subclause 8.2, "Ambiguity Resolution" |
[Meyers |
2001] | Item 6, "Be Alert for C++'s Most Vexing Parse" |
...
...