Incorrect dynamic class definition can be non-resilient

Production RiskSoftware ResiliencyCode Reliability

Incorrect dynamic class definition can be non-resilient

This count insight counts a violation in this non-compliant code example, the function A<int>::f2() is ill-formed because int is not a class and does not have a member named x. Clearly the designer of template A did not intend it to be applied to {{int}}.

However the compiler is not required to catch the error, as it does not need to instantiate A<int>::f2(). Consequently the program will compile, run, and most likely produce flawed results.

template <typename T>
class A {
void f1() { /* … */ }
void f2() {
T t;
t.x = 50;

int main() {
A<int> a;


Why you should care

All templates place restrictions on their arguments; however these restrictions are often not validated by the compiler. Consequently, it is possible to build and run code that violates a template’s design principles, as long as it doesn’t actually instantiate the ill-formed instantiations. Furthermore implicit template instantiations can always be made explicit by an attacker, subverting the design.

Business Impacts

Production Risk

CAST recommendations



About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See featuresHow it works