...
This CUBE()
macro definition is noncompliant because it fails to parenthesize the parameter names.:
Code Block | ||||
---|---|---|---|---|
| ||||
#define CUBE(I) (I * I * I)
|
As a result, the invocation
Code Block | ||||
---|---|---|---|---|
| ||||
int a = 81 / CUBE(2 + 1);
|
expands to
Code Block | ||||
---|---|---|---|---|
| ||||
int a = 81 / (2 + 1 * 2 + 1 * 2 + 1); /* evaluatesEvaluates to 11 */ |
which is clearly not the desired result.
...
Parenthesizing all parameter names in the CUBE()
macro allows it to expand correctly (when invoked in this manner).:
Code Block | ||||
---|---|---|---|---|
| ||||
#define CUBE(I) ( (I) * (I) * (I) )
int a = 81 / CUBE(2 + 1);
|
Exceptions
PRE01-C-EX1: When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Because commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way. Comma separators, which separate arguments in a function call, also have lower precedence than other operators, although they are technically different from comma operators.
Code Block |
---|
#define FOO(a, b, c) bar(a, b, c)
/* ... */
FOO(arg1, arg2, arg3);
|
PRE01-C-EX2: Macro parameters cannot be individually parenthesized when concatenating tokens using the ##
operator, converting macro parameters to strings using the #
operator, or concatenating adjacent string literals. The following JOIN()
macro below concatenates both arguments to form a new token. The SHOW()
macro converts the single argument into a string literal, which is then concatenated with the adjacent string literal to form the format specification in the call to printf()
passed as a parameter to printf()
and as a string and as a parameter to the %d
specifier. For example, if SHOW()
is invoked as SHOW(66);
, the macro would be expanded to printf("66" " = %d\n", 66);
.
Code Block |
---|
#define JOIN(a, b) (a ## b)
#define SHOW(a) printf(#a " = %d\n", a)
|
...
Failing to parenthesize the parameter names in a macro can result in unintended program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE01-C |
Medium |
Probable |
Low | P12 | L1 |
Automated Detection
The LDRA tool suite V 7.6.0 can detect violations of this recommendation.
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| macro-parameter-parentheses | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-PRE01 | Fully implemented | ||||||
ECLAIR |
| CC2.PRE01 | Fully implemented | ||||||
Helix QAC |
| C3410 | |||||||
Klocwork |
| MISRA.DEFINE.NOPARS | |||||||
LDRA tool suite |
| 78 S | Enhanced Enforcement | ||||||
Parasoft C/C++test |
| CERT_C-PRE01-a | In the definition of a function-like macro each instance of a parameter shall be enclosed in parentheses unless it is used as the operand of # or ## | ||||||
PC-lint Plus |
| 9022 | Fully supported | ||||||
Polyspace Bug Finder |
| CERT C: Rec. PRE01-C | Checks for expanded macro parameters not enclosed in parentheses (rule partially supported) | ||||||
PVS-Studio |
| V733 | |||||||
RuleChecker |
| macro-parameter-parentheses | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
...
Related Guidelines
...
...
...
...
ISO/IEC TR 24772:2013 | Operator Precedence/Order of Evaluation [JCW] Pre-processor Directives [NMP] |
MISRA C:2012 | Rule 20.7 (required) |
Bibliography
[Plum 1985] | |
[Summit 2005] | Question 10.1 |
...
9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "JCW Operator precedence/Order of Evaluation" \[[MISRA 04|AA. Bibliography#MISRA 04]\] Rule 19.1 \[[Plum 85|AA. Bibliography#Plum 85]\] \[[Summit 05|AA. Bibliography#Summit 05]\] Question 10.1 01. Preprocessor (PRE)