Main Content

CERT C++: MEM54-CPP

Provide placement new with properly aligned pointers to sufficient storage capacity

Since R2020b

Description

Rule Definition

Provide placement new with properly aligned pointers to sufficient storage capacity1

Polyspace Implementation

The rule checker checks for Placement new used with insufficient storage or misaligned pointers.

Examples

expand all

Issue

Placement new used with insufficient storage or misaligned pointers occurs when the pointer passed to a placement new operator does not have sufficient storage for the memory allocation or is not properly aligned.

Suppose that a pointer ptr is preallocated m bytes of memory on the stack and has alignment n. For instance, if ptr is an array:

uint8_t ptr[5];
the allocated storage is sizeof(uint8_t) * 5 and the alignment is alignof(uint8_t). If you allocate more than m bytes to this pointer in a placement new expression or if the alignment required for the allocation is greater than n, the checker raises a violation. When determining the pointer alignment, the checker takes into account explicit alignments such as with std::align.

The checker does not consider pointers that are preallocated memory on the heap since the available storage depends on the memory availability, which is known only at run time.

Risk

The new operator allocates the required amount of memory for storing an object on the heap and constructs a new object in the allocated memory in a single operation. If you want to separate the allocation and the construction and place an object in preallocated memory on either the stack or the heap, you use placement new. Placement new has advantages over new in certain situations, for example, when you need to place the object at a known memory location.

The new operator automatically allocates the correct amount of aligned memory that the object requires. But when using placement new, you must manually make sure that the pointer you pass has sufficient allocated storage capacity and is properly aligned. Violating these constraints results in the construction of an object at a misaligned location or memory initialization outside of allocated bounds, which might lead to unexpected or implementation-dependent behavior.

Fix

Make sure that the pointer used in the placement new operation has sufficient memory for the allocation and the alignments match.

Example — Placement new Used with Insufficient Storage Capacity and Misaligned Pointers
#include <new>
#include<memory>
#include <cstdint>

void Foo()
{
  uint8_t c;                
  uint64_t* ptr =
      new    // Non-compliant (insufficient storage, misaligned)
      (&c) uint64_t;
}

void Bar()
{
  uint8_t buf[sizeof(uint64_t)];    
  uint64_t* ptr =
      new            // Non-compliant (sufficient storage, misaligned)
      (buf) uint64_t;
}

void Baz()
{
  void* buf;
  std::size_t sp = 64;
  std::align(alignof(uint64_t), sizeof(uint64_t), buf, sp);
  uint64_t* ptr =
      new            // Compliant (sufficient storage, aligned)
      (buf) uint64_t;
}

In the function Foo, the &c points to an uint8_t value and has one byte memory in stack with one-byte alignment. The pointer is passed to placement new, which constructs an instance of uint64_t that requires 8 bytes of memory and a 4-byte alignment. This usage violates the rule.

In the function Bar, the pointer buf is properly allocated and has sufficient storage capacity. But, because it points to the uint8_t data type, it has one-byte alignment. This usage still violates the rule.

The function Baz calls the std::align function to create a pointer with correct storage capacity (8 byte) and alignment (4-byte) for uint64_t. This usage complies with the rule.

Check Information

Group: 06. Memory Management (MEM)

Version History

Introduced in R2020b


1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.