Contenuto principale

CERT C++: EXP62-CPP

Do not access the bits of an object representation that are not part of the object's value representation

Since R2022b

Description

Rule Definition

Do not access the bits of an object representation that are not part of the object's value representation.1

Polyspace Implementation

The rule checker checks for Accessing padding and vtable bits.

Examples

expand all

Issue

This issue occurs when either of these conditions is true:

  • You use the function std::memcmp on padding bits. For example:

    class A{char str; int size;}; //Padding between the fields.
    void foo(){
    	A a1,a2;
    	if(std::memcmp(&a1, &a2, sizeof(A))){/**/}//Noncompliant
    }

  • You use the functions memset or memcmp on vtable bits. For example:

    class A{
    public:
    	void virtual eval(){}
    }//Class contains a vtable
    void foo(){
    	A *a = new A;
    	//...
    	std::memset(a,0,sizeof(A));//Noncompliant
    	//...
    	a->eval();	
    }
    

The vtable holds pointers to different virtual functions available to an object. Padding bits might be inserted between members of an object. These bits are not part of the value representation of an object.

As an exception, this rule allows accessing vtable and padding bits if the code does not make assumptions about their values. This rule also allows overwriting the padding bits. For instance, you can use memcpy() to copy all object bits containing a bitfield into another object. For instance:

struct BF {
	int i : 10;
	int j;
};
void foo(const BF &a1)
{
	BF a2;
	std::memcpy(&a2, &a1, sizeof(BF));//Compliant
}

Depending on your environment and usage, unions might not have any padding bits. Violation of this rule is not reported on unions.

Risk

The C++ standard does not specify how the padding bit values and the vtable values are set. The values in these bits can vary depending on your hardware and software. Relying on such implementation-dependent values in your code might result in unexpected results that are difficult to diagnose.

Fix

Avoid accessing padding bits and vtable bits. In C++, the best practice is to avoid functions that directly access object bits, such as std::memcmp() and std::memset().

Example — Avoid Comparing Padding Bits
#include <cstring>
class myString  {
	unsigned char buffer;
public:
	int size;
	void set(const char* );
	char* get();
};

void compmyString(const myString &s1, const myString &s2)
{
	if (!std::memcmp(&s1, &s2, sizeof(myString))) { //Noncompliant
		// ...
	}
}

This example implements a string type class mystring. The function compmyString compares two objects of this class. The comparison is performed by calling std::memcmp() to compare the bits of two objects, including the padding bits. Because the values of the padding bits are implementation-defined, using std::memcmp() makes the code nonportable and might yield unexpected results. Polyspace® reports a violation of this rule.

Correction — Compare Value Representation of Objects

When you compare objects, the best practice is to implement appropriately overloaded operators that perform a field-by-field comparison. For instance, to check if two myString objects are equal, this code implements the operator==, which compares the fields buffer and size. Using the operator== avoids padding bits comparison.

#include <cstring>
class myString  {
	unsigned char buffer;
public:
	int size;
	void set(const char* );
	char* get();
	friend bool operator==(const myString &left, const myString &right)
	{
		return left.buffer == right.buffer &&
		left.size == right.size;
	}
};

void compmyString(const myString &s1, const myString &s2)
{
	if (s1==s2) { //Compliant
		// ...
	}
}

Check Information

Group: 02. Expressions (EXP)

Version History

Introduced in R2022b


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.