c++11 使用c++风格的cast: static_cast<type>(expression) const_cast<type> dynamic_cast reinterpret_cast
2015-07-02 08:33
831 查看
c++编程中, 尽量避免使用c语言风格的 cast,
具体实例如下:
EXP05-CPP. Do not use C-style casts
Skipto end of metadata
Created by Fred Long, last modified by Will
Snavely on Mar
31, 2015
Go
to start of metadata
Icon
This guideline has not been reviewed recently and may be outdated. Please review it and comment to reflect any newly available information.
C++ allows the traditional C-style casts, although it has introduced its own casts:
static_cast<type>(expression)
const_cast<type>(expression)
dynamic_cast<type>(expression)
reinterpret_cast<type>(expression)
C++ casts allow for more compiler checking and thus are considerably safer to use. They are also easier to find in source code (either by tools or by human readers).
Non-Compliant Code Example (static_cast()
)
In this example, a C-style cast is used to convert an intto a
double:
Compliant Solution (static_cast()
)
Using the new cast, the division should be written as:
Non-Compliant Code Example (const_cast()
)
In this example, a C-style cast is used to remove the constness of a function parameter:
Compliant Solution (const_cast()
)
Using the new cast, the function call should be written as:constness), and it is easier to find.
Note that this code runs afoul of EXP55-CPP.
Do not access a cv-qualified object through a cv-unqualified type.
The
const_castmay also be used to cast away volatility, but that is forbidden by VOID
EXP32-CPP. Do not access a volatile object through a non-volatile reference.
Non-Compliant Code Example (dynamic_cast()
)
In this example, a C-style cast is used to convert a type in an inheritance heirarchy:
Compliant Solution (dynamic_cast()
)
Using the new cast, the function call should be written as:
Non-Compliant Code Example (reinterpret_cast()
)
In this example, a C-style cast is used to convert a doublefunction pointer to an
intfunction pointer:
Compliant Solution (reinterpret_cast()
)
Using the new cast, the assignment should be written as:reinterpret_cast).
Risk Assessment
Using C-style casts can lead to type errors because the compiler is unable to apply the checking that is possible when using the more restrictive C++ casts. Type errors could lead to an attacker being able to execute arbitrary code.Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP05-CPP | high | probable | medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
ECLAIR | 1.2 | CP1.EXP05 | Fully implemented |
PRQA QA-C++ | v3.2 | 3080,3082 |
相关文章推荐
- 黑马程序员---C语言基础---概述
- 《C语言陷阱与缺陷》读书笔记 之 运算符优先
- C++智能指针的实现
- C语言指针学习
- C语言字符串以及二维数组指针
- CPP数据类型本质以及变量本质分析
- C语言程序内存四区(栈区,堆区,全局区,代码区)
- C语言 基础60题(2)――二维数组操作
- C++ 内存分配(new,operator new)详解
- 黑马程序员-OC语言-动态类型和静态类型(听课笔记)
- 黑马程序员-OC语言-@synthesize关键字介绍和使用(听课笔记)
- 运行C++程序是出现错误:cannot open Debug/1.exe for writing
- 黑马程序员-OC语言-@property关键字介绍及使用(听课笔记)
- C语言中数组作为函数参数的问题
- No.0 C++基础---C++经典著作列表
- 黑马程序员——C语言之机器数真值、原反补码、位运算与变量地址获取及输出原理
- 黑马程序员-OC语言-点语法介绍和使用(听课笔记)
- 黑马程序员-OC语言-SEL类型(听课笔记)
- c++ uuid生成法则
- 在什么情况下Java比C++快?