The [[noreturn]]
attribute specifies that a function does not return. The C++ Standard, [dcl.attr.noreturn] paragraph 2 [ISO/IEC 14882-2014], states the following:
If a function
f
is called wheref
was previously declared with thenoreturn
attribute andf
eventually returns, the behavior is undefined.
A function that specifies [[noreturn]]
can prohibit returning by throwing an exception, entering an infinite loop, or calling another function designated with the [[noreturn]]
attribute.
Noncompliant Code Example
In this noncompliant code example, if the value 0
is passed, control will flow off the end of the function, resulting in an implicit return and undefined behavior.
#include <cstdlib> [[noreturn]] void f(int i) { if (i > 0) throw "Received positive input"; else if (i < 0) std::exit(0); }
Compliant Solution
In this compliant solution, the function does not return on any code path.
#include <cstdlib> [[noreturn]] void f(int i) { if (i > 0) throw "Received positive input"; std::exit(0); }
Risk Assessment
Returning from a function marked [[noreturn]]
results in undefined behavior that might be exploited to cause data-integrity violations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC53-CPP | Medium | Unlikely | Low | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Astrée | 22.10 | invalid-noreturn | Fully checked |
Axivion Bauhaus Suite | 7.2.0 | CertC++-MSC53 | |
Clang | 3.9 | -Winvalid-noreturn | |
Helix QAC | 2024.3 | ||
Parasoft C/C++test | 2023.1 | CERT_CPP-MSC53-a | Never return from functions that should not return |
RuleChecker | 22.10 | invalid-noreturn | Fully checked |
SonarQube C/C++ Plugin | 4.10 | S935 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[ISO/IEC 14882-2014] | Subclause 7.6.3, " |