CertC-PRE01ΒΆ
Use parentheses within macros around parameter names
Required inputs: IR
Parenthesize all parameter names in macro definitions. See also PRE00-C. Prefer inline or static functions to function-like macros and PRE02-C. Macro replacement lists should be parenthesized.
Noncompliant Code Example
This
CUBE() macro definition is noncompliant because it fails to
parenthesize the parameter names:
#define CUBE(I) (I * I * I)
As a result, the invocation
int a = 81 / CUBE(2 + 1);
expands to
int a = 81 / (2 + 1 * 2 + 1 * 2 + 1); /* Evaluates to 11 */
which is clearly not the desired result.
Compliant Solution
Parenthesizing all parameter names in the
CUBE() macro allows it to expand correctly (when invoked in this
manner):
#define CUBE(I) ( (I) * (I) * (I) ) int a = 81 / CUBE(2 + 1);
Exceptions
PRE01-C-EX1: When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Because commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way. Comma separators, which separate arguments in a function call, also have lower precedence than other operators, although they are technically different from comma operators.
#define FOO(a, b, c) bar(a, b, c) /* ... */ FOO(arg1, arg2, arg3);
PRE01-C-EX2: Macro parameters cannot be individually
parenthesized when concatenating tokens using the
## operator, converting macro parameters to strings using the
# operator, or concatenating adjacent string literals. The
following
JOIN() macro concatenates both arguments to form a new token. The
SHOW() macro converts the single argument into a string literal,
which is then passed as a parameter to
printf() and as a string and as a parameter to the
%d specifier. For example, if
SHOW() is invoked as
SHOW(66);, the macro would be expanded to
printf("66" " = %d\n", 66);.
#define JOIN(a, b) (a ## b) #define SHOW(a) printf(#a " = %d\n", a)
See
PRE05-C.
Understand macro replacement when concatenating tokens or performing
stringification for more information on using the
## operator to concatenate tokens.
Risk Assessment
Failing to parenthesize the parameter names in a macro can result in unintended program behavior.
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| PRE01-C | Medium | Probable | Low | P12 | L1 |
Related Guidelines
| SEI CERT C++ Coding Standard | VOID PRE01-CPP. Use parentheses within macros around parameter names |
| ISO/IEC TR 24772:2013 | Operator Precedence/Order of Evaluation [JCW] Pre-processor Directives [NMP] |
| MISRA C:2012 | Rule 20.7 (required) |
Bibliography
| [ Plum 1985] | |
| [ Summit 2005] | Question 10.1 |
Possible Messages
Key |
Text |
Severity |
Disabled |
|---|---|---|---|
unsafe_macro_param |
Macro parameter not enclosed in parentheses |
None |
False |
Options
This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions
This rule has no individual options.