Contenido principal

CERT C++: ERR59-CPP

Do not throw an exception across execution boundaries

Since R2022b

Description

Rule Definition

Do not throw an exception across execution boundaries.1

Polyspace Implementation

The rule checker checks for Exceptions raised from library interface.

Examples

expand all

Issue

This issue occurs when both of these conditions are met:

  • A function is specified to be across an execution boundary.

  • The function raises an exception.

Polyspace® assumes that library interface functions are across an execution boundary. A violation is not raised if a new operator in a library interface function raises a std::bad_alloc exception.

To use this checker correctly, specify the library interface functions in your code. Declare a function foo() as a library interface function by setting their visibility attribute. For instance:

  • GNU and Clang compiler: void __attribute__((visibility("default"))) foo(){/*...*/}

  • Visual Studio: void __declspec(dllexport) foo(){/**.../}

If you do not explicitly specify a function as visible, Polyspace assumes that it is not part of a library interface.

Risk

Exception handling requires interoperability between the functions that raise the exception and the functions that handle the raised exceptions. Library functions might implement exception handling by using incompatible interfaces. For instance:

// lib.h
void foo() noexcept(false);
//lib.cpp
void foo() noexcept(false){
  //...
  throw 42;
}
//App.cpp
#include"lib.h"
int main(){
  try{
    foo();
  }catch(int& e){
    //handle exception
  }
}
Say you use the library interface lib.cpp that has been compiled by using a GCC 4.9 compiler. Then you compile the application App.cpp by using Microsoft® Visual Studio®. These two portions of your code use incompatible exception-handling interfaces. If the library interface function raises an exception, it is not handled and terminates the application unexpectedly.

Fix

Avoid raising exceptions in library interfaces. Instead of raising exceptions, return different error codes to handle unexpected situations.

Example — Exception Arising from Visible Function

#include<exception>

void __attribute__((visibility("default"))) foo(int rd) noexcept(false) { //Noncompliant
    if (rd==-1)
        throw std::exception();
}

In this example, the visibility attribute of the function foo() is set to default. Because foo() might be used in modules that have different exception handling mechanisms, exceptions raised by foo() might remain unhandled. Avoid raising exceptions from visible functions.

Correction — Use Other Methods to Handle Errors

Use other methods for handling errors. For instance, set an error flag and return an error code when a logic error occurs in the code.

#include<exception>
int FLAG;

int __attribute__((visibility("default"))) foo(bool rd) noexcept(true) { 
    if (rd==-1){
		FLAG = 52;
		return -1;//Compliant
	}
}

Check Information

Group: 08. Exceptions and Error Handling (ERR)

Version History

Introduced in R2022b


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.