CERT C: Rec. MSC00-C

Compile cleanly at high warning levels

Since R2026a

expand all in page

Description

Compile cleanly at high warning levels.1

Polyspace Implementation

The rule checker checks for Use of default warning specifier with #pragma warning

Examples

expand all

Issue

This issue occurs when a #pragma warning() directive or a Microsoft __pragma(warning(...)) operator is used with the default specifier immediately after the opening parenthesis. Developers may attempt to restore warning states by using the default specifier after temporarily disabling certain warnings. However, the default specifier does not restore the previous warning state, but rather it resets the warning to the compiler default, which may not match the state before the change.

Risk

If this rule is not followed, the code can inadvertently suppress or fail to restore compiler warnings as intended. Specifically, using the default warning specifier with #pragma warning resets the warning state to its default, which may differ from the warning state prior to its temporary modification. This can result in important warnings being missed, potentially allowing defects or vulnerabilities to go undetected. Over time, this practice can degrade code quality, reduce maintainability, and increase the risk of introducing subtle bugs or security issues.

Fix

Use the push and pop specifiers with #pragma warning or __pragma(warning) to save and restore the warning state. This approach preserves the original warning configuration, ensuring that warnings are neither inadvertently suppressed nor left enabled when they should not be. Avoid using the default specifier to restore the warning state.

Try to rewrite code to eliminate compiler warnings when possible. If the code is correct and the warning does not apply, add a comment explaining why the warning does not apply.

Example — Use default Specifier with #pragma warning

In this example, the function disables warning 4554 before a block of code that would normally trigger it. Afterward, it tries to restore the warning using #pragma warning(default: 4554).


              
#include <stdio.h>

void process_data(int data) {
    if (data == 0) {
#pragma warning(disable: 4554)
        // Some code that triggers warning C4554
        int x = 1 && data;
#pragma warning(default: 4554)   // Noncompliant
    }
}
Correction — Use pop and push Specifiers

Use #pragma warning(push) to save the current warning state before disabling the warning and #pragma warning(pop) to restore it afterward. The warning configuration is returned to its previous state, maintaining consistent compiler diagnostics and complying with the rule.


#include <stdio.h>

void process_data(int data) {
    if (data == 0) {
#pragma warning(push)             // Compliant
#pragma warning(disable: 4554)
        // Some code that triggers warning C4554
        int x = 1 && data;
#pragma warning(pop)              // Compliant
    }
}

Check Information

Group: Rec. 48. Miscellaneous (MSC)
PQL Name: std.cert.MSC00_C

Version History

Introduced in R2026a

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.