...
An execution boundary is the delimitation between code compiled by differing compilers, including different versions of a compiler produced by the same vendor. For instance, a function may be declared in a header file but defined in a library that is loaded at runtime. The execution boundary is between the call site in the executable and the function implementation in the library. Such boundaries are also called ABI (application binary interface) boundaries because they relate to the interoperability of application binaries.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
// library.h
int func() noexcept(true); // Implemented by the library
// library.cpp
int func() noexcept(true) {
// ...
if (/* ... */) {
return 42;
}
// ...
return 0;
}
// application.cpp
#include "library.h"
void f() {
int err;
if (0 !=int (err = ffunc())) {
// Handle error
}
} |
Risk Assessment
The effects of throwing an exception across execution boundaries depends on the implementation details of the exception-handling mechanics. They can range from correct or benign behavior to undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ERR59-CPP | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| Helix QAC |
| C++3809, C++3810 | |||||||
| CERT_CPP-ERR59-a | Do not throw an exception across execution boundaries | |||||||
| Polyspace Bug Finder |
| CERT C++: ERR59-CPP | Checks for exceptions raised from library interfaces (rule partially covered). |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Coding Standard | EXP60-CPP. Do not pass a nonstandard-layout type object across execution boundaries |
Bibliography
| [ISO/IEC 14882-2014] | Subclause15, "Exception Handling" |
...