Rule A18-0-2 (required, implementation, automated)
The error state of a conversion from string to a numeric value shall be checked.
Rationale
Error conditions of a string-to-number conversion must be detected and properly handled. Such errors can happen when an input string: does not contain a number; contains a number, but it is out of range;
contains additional data after a number. Some functions for string-to-number conversion from the C Standard library have undefined behavior when a string cannot be converted to a number, e.g. atoi(). Since the C++11 Language Standard, new numeric conversion functions are available (see: std::stoi(), std::stol(), std::stoll() [16]). These guarantee defined behavior. Moreover, errors shall be checked also for formatted input stream functions (e.g. istream::operator>>()), by using basic_ios::fail().
Example
// $Id: A18-0-2.cpp 312092 2018-03-16 15:47:01Z jan.babst $
#include <cstdint>
#include <cstdlib>
#include <iostream>
#include <string>
std::int32_t F1(const char* str) noexcept
{
return atoi(str); // Non-compliant - undefined behavior if str can not
// be converted
}
std::int32_t F2(std::string const& str) noexcept(false)
{
return std::stoi(str); // Compliant - throws a std::invalid_argument
// exception if str can not be converted
}
std::uint16_t ReadFromStdin1() // non-compliant
{
std::uint16_t a;
std::cin >> a; // no error detection
return a;
}
std::uint16_t ReadFromStdin2() // compliant
{
std::uint16_t a;
std::cin.clear(); // clear all flags
std::cin >> a;
if (std::cin.fail())
{
throw std::runtime_error{"unable to read an integer"};
}
std::cin.clear(); // clear all flags for subsequent operations
return a;
}
See also
MISRA C++ 2008 [7]: 18-0-2: The library functions atof, atoi and atol from
library