Parenthesize all parameter names in macro definitions. See also PRE00-C. Prefer inline or static functions to function-like macros and PRE02-C. Macro replacement lists should be parenthesized.
Noncompliant Code Example
This CUBE()
macro definition is noncompliant because it fails to parenthesize the parameter names:
#define CUBE(I) (I * I * I)
As a result, the invocation
int a = 81 / CUBE(2 + 1);
expands to
int a = 81 / (2 + 1 * 2 + 1 * 2 + 1); /* Evaluates to 11 */
which is clearly not the desired result.
Compliant Solution
Parenthesizing all parameter names in the CUBE()
macro allows it to expand correctly (when invoked in this manner):
#define CUBE(I) ( (I) * (I) * (I) ) int a = 81 / CUBE(2 + 1);
Exceptions
PRE01-C-EX1: When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Because commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way. Comma separators, which separate arguments in a function call, also have lower precedence than other operators, although they are technically different from comma operators.
#define FOO(a, b, c) bar(a, b, c) /* ... */ FOO(arg1, arg2, arg3);
PRE01-C-EX2: Macro parameters cannot be individually parenthesized when concatenating tokens using the ##
operator, converting macro parameters to strings using the #
operator, or concatenating adjacent string literals. The following JOIN()
macro concatenates both arguments to form a new token. The SHOW()
macro converts the single argument into a string literal, which is then passed as a parameter to printf()
and as a string and as a parameter to the %d
specifier. For example, if SHOW()
is invoked as SHOW(66);
, the macro would be expanded to printf("66" " = %d\n", 66);
.
#define JOIN(a, b) (a ## b) #define SHOW(a) printf(#a " = %d\n", a)
See PRE05-C. Understand macro replacement when concatenating tokens or performing stringification for more information on using the ##
operator to concatenate tokens.
Risk Assessment
Failing to parenthesize the parameter names in a macro can result in unintended program behavior.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE01-C | Medium | Probable | Low | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Astrée | 24.04 | macro-parameter-parentheses | Fully checked |
Axivion Bauhaus Suite | 7.2.0 | CertC-PRE01 | Fully implemented |
ECLAIR | 1.2 | CC2.PRE01 | Fully implemented |
Klocwork | 2024.3 | MISRA.DEFINE.NOPARS | |
LDRA tool suite | 9.7.1 | 78 S | Enhanced Enforcement |
Parasoft C/C++test | 2023.1 | CERT_C-PRE01-a | In the definition of a function-like macro each instance of a parameter shall be enclosed in parentheses unless it is used as the operand of # or ## |
Polyspace Bug Finder | R2024a | CERT C: Rec. PRE01-C | Checks for expanded macro parameters not enclosed in parentheses (rule partially supported) |
PRQA QA-C | Unable to render {include} The included page could not be found. | 3410 | Fully implemented |
PVS-Studio | 7.33 | V733 | |
RuleChecker | 24.04 | macro-parameter-parentheses | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID PRE01-CPP. Use parentheses within macros around parameter names |
ISO/IEC TR 24772:2013 | Operator Precedence/Order of Evaluation [JCW] Pre-processor Directives [NMP] |
MISRA C:2012 | Rule 20.7 (required) |
Bibliography
[Plum 1985] | |
[Summit 2005] | Question 10.1 |