Main Content

MISRA C++:2023 Rule 24.5.2

The C++ Standard Library functions memcpy, memmove, memcmp from <cstring> shall not be used

Since R2024b

expand all in page

Description

Rule Definition

The C++ Standard Library functions memcpy, memmove, memcmp from <cstring> shall not be used.

Rationale

The functions memcpy(), memmove(), and memcmp() from the <cstring> or <string.h> headers are intended to operate on memory at a bit level. Use of these functions can result in undefined or unexpected behavior:

  • Using memcpy() to copy a block of memory to another block results in undefined behavior if the blocks overlap.

  • Using memmove() or memcpy() on two blocks of memory can result in undefined behavior if the blocks are potentially overlapping.

  • Using memmove() or memcpy() on two blocks of memory can result in undefined behavior if the blocks are not trivially copyable.

  • Using memcmp() to compare memory blocks can result in unexpected behavior. For example, two objects that are logically equal can fail an equality test done by memcmp because of differences in how the objects are represented in memory. Specifically:

    • 0.0 and -0.0 can fail an equality check because these floating-point numbers are represented differently in the memory.

    • Identical class objects can fail an equality check because of differences in padding bits or unions having different active members.

    • Buffers or containers that contain identical content can fail an quality check if the content does not occupy the whole buffer and the irrelevant parts of the buffers differ.

Because using the functions memcpy(), memmove(), and memcmp() can result in undefined or unexpected behavior, avoid using these functions.

Polyspace Implementation

Polyspace® reports a violation of this rule if your code uses the names memcpy, memmove, memcmp from the header files <cstring> or <string.h>. For example, any of these uses results in a violation of this rule:

  • You call these functions.

  • You take the address of these functions to store in a std::function object or to assign to a function pointer.

  • You use a macro that contains these names.

User-defined functions named memcpy, memmove, or memcmp are not reported as violations.

Troubleshooting

If you expect a rule violation but Polyspace does not report it, see Diagnose Why Coding Standard Violations Do Not Appear as Expected.

Examples

expand all

In this example, the use of memcpy, memmove, and memcmp can result in undefined or unexpected behavior:

  • The function ArePersonsEqual() compares two objects of class Person using std::memcmp(). If the input objects p1 and p2 differ in their layout or padding bits, the function ArePersonsEqual() can return false even if the fields of p1 and p2 are equal.

  • The use of std::memmove() in the function MovePerson and the use of std::memcpy() in CopyPerson results in an undefined behavior if:

    • The memory blocks containing source and destination are overlapping or potentially overlapping.

    • The objects source and destination are not trivially copyable.

Polyspace reports violations on the use of these functions.

#include <iostream>
#include <cstring>

class Person {
public:
	char name[50];
	int age;
	double height;

	Person(const char *name, int age, double height) {
		//...
	}
	//...
};

bool ArePersonsEqual(const Person &p1, const Person &p2) {
	// Compare the two objects byte-wise
	return std::memcmp(&p1, &p2, sizeof(Person)) == 0; //Noncompliant
}

void MovePerson(Person &destination, Person &source) {
	// Move the content of source into destination using memmove
	std::memmove(&destination, &source, sizeof(Person)); //Noncompliant
	// After moving, the source object should not be used
}

void CopyPerson(Person &destination, const Person &source) {
	// Copy the content of source into destination using memcpy
	std::memcpy(&destination, &source, sizeof(Person)); //Noncompliant
}

Check Information

Group: Strings Library
Category: Required

Version History

Introduced in R2024b

See Also

Topics