CertC++-MSC53ΒΆ
Do not return from a function declared [[noreturn]]
Required inputs: IR
The
[[noreturn]] attribute specifies that a function does not return.
The C++ Standard, [dcl.attr.noreturn] paragraph 2 [
ISO/IEC
14882-2014], states the following:
If a function
fis called wherefwas previously declared with thenoreturnattribute andfeventually returns, the behavior is undefined.
A function that specifies
[[noreturn]] can prohibit returning by throwing an exception,
entering an infinite loop, or calling another function designated with
the
[[noreturn]] attribute.
Noncompliant Code Example
In this noncompliant code example, if the value
0 is passed, control will flow off the end of the function,
resulting in an implicit return and
undefined
behavior.
#include <cstdlib>
[[noreturn]] void f(int i) {
if (i > 0)
throw "Received positive input";
else if (i < 0)
std::exit(0);
}
Compliant Solution
In this compliant solution, the function does not return on any code path.
#include <cstdlib>
[[noreturn]] void f(int i) {
if (i > 0)
throw "Received positive input";
std::exit(0);
}
Risk Assessment
Returning from a function
marked
[[noreturn]] results in
undefined
behavior that
might be
exploited to cause data-integrity
violations.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| MSC53-CPP | Medium | Unlikely | Low | P2 | L3 |
Bibliography
| [ ISO/IEC 14882-2014] | Subclause 7.6.3, "
noreturn Attribute"
|
Possible Messages
Key |
Text |
Severity |
Disabled |
|---|---|---|---|
noreturn_violation |
Do not return from a noreturn function. |
None |
False |
Options
This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions
This rule has no individual options.