CERT C++: EXP60-CPP

Do not pass a nonstandard-layout type object across execution boundaries

Since R2023b

Description

This checker is deactivated in a default Polyspace^® as You Code analysis. See Checkers Deactivated in Polyspace as You Code Analysis (Polyspace Access).

Rule Definition

Do not pass a nonstandard-layout type object across execution boundaries.¹

Polyspace Implementation

This checker checks for Non-standard layout objects passed across execution boundaries.

Examples

expand all

Non-Standard Layout Objects Passed Across Execution Boundaries

Issue

The issue occurs when you pass an object with a non-standard layout type across an application binary interface (ABI). Differences in layout across an ABI might result in unsafe or unpredictable code execution.

An ABI, or execution boundary, refers to a point of interaction in a program between binaries from code compiled with different compilers or different versions of the same compiler, or code written in different languages.
For instance, you might have an application that calls a function func that is defined in an external library. Because the library is compiled separately and linked with the application, the call site in the application executable interacts across an execution boundary with the function implementation in the library.
For a definition of a standard layout class (C++11 and later versions), see the C++ Standard (ISO/IEC 14882:2017), [class], paragraph 7. For code that uses C++ versions prior to C++11, Polyspace considers an object has a standard layout only if it is a plain old data (POD) type.

Polyspace reports a violation when you pass an object with a non-standard layout to a function that is not part of the std:: or boost:: libraries and that function is defined in a different translation unit (source file).

Polyspace does not report a violation of this rule when you pass an object with non-standard layout to:

Virtual member functions. The function callee is unknown at compilation time.
Constructors and Destructors.
new and delete operators.

Risk

If you pass an object with a non-standard layout across an execution boundary and you do not check whether the object has the same layout on both sides of the execution boundary, your code might have correctness and portability issues.

If the object has a different layout on each side of the execution boundary, the code execution might result in undefined behavior, incorrect results, or incompatibilities that are difficult to diagnose.

Fix

Pass objects with a standard layout when you have code that interacts across an execution boundary. If you pass an object with a non-standard layout across an execution boundary, check that both sides of the boundary follow the same ABI. Different code components follow the same ABI if the components are:

Compiled with the same compiler.
Compiled with different versions of the same compiler, and that compiler is ABI-compatible across multiple versions.
Compiled with different compiler that follow the same ABI.

Example — Object with Non-Standard Layout Passed Across Execution Boundary

#include <iostream>
#include <string>

class Roster // Non-Standard Layout class
{
public:
   Roster(std::string name) : student(name) {}
   std::string getName() const { return student; }

private:
   std::string student;
   virtual void someFunc() {}
};

extern void PrintRoster(Roster *);

void func()
{
   Roster roster("John Doe");
   PrintRoster(&roster); //Noncompliant
}

In this example, an object of type Roster is passed to the function PrintRoster() which is defined in a separate translation unit.

Polyspace considers that the program crosses an execution boundary to interact with the implementation of the function PrintRoster() and reports a violation of the coding rule since there is no guarantee that object roster has the same layout on the other side of the execution boundary. The code execution might result in unexpected behavior.

The class Roster has a non-standard layout because it has a virtual member function someFunc().

Check Information

Group: Rule 02. Expressions (EXP)

Version History

Introduced in R2023b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.