SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 114

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 115

changes.mady.by.user Roberto Bagnara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added ECLAIR to the list of the tools that provide support for this rule.

...

Code Block
const int max = 15;
int a[max]; /* invalid declaration outside of a function */
const int *p;

/* a const-qualified object can have its address taken */
p = &max;

Wiki Markup
{{const}}\-qualified objects are likely to incur some runtime overhead  \[[Saks 2001b|AA. Bibliography#Saks 02]\]. Most C compilers, for example, allocate memory for {{const}}\-qualified objects. {{const}}\-qualified objects declared inside a function body can have automatic storage duration. If so, the compiler will allocate storage for the object, and it will be on the stack. As a result, this storage will need to be allocated and initialized each time the containing function is invoked.

...

Tool

Version

Checker

Description

Section

LDRA tool suite

Include Page
c:LDRA_V
c:LDRA_V
Section

201 S

Section

Fully Implemented

Section

Compass/ROSE

 

 

Section

Wiki Markup
Could detect violations of this recommendation, merely by searching for the use of 'magic numbers' and magic strings in the code itself. That is, any number (besides a few canonical numbers: \-1, 0, 1, 2) that appears in the code anywhere besides being assigned to a variable is a magic number, and should instead be assigned to a const integer, enum, or macro. Likewise any string literal (except "" and individual characters) that appears in the code anywhere besides being assigned to a {{char\*}} or {{char\[\]}} is a magic string.\\

Section

ECLAIR

Include Page
c:ECLAIR_V
c:ECLAIR_V
Section

nomagicc

Section

Fully Implementedcould detect violations of this recommendation, merely by searching for the use of 'magic numbers' and magic strings in the code itself. That is, any number (besides a few canonical numbers: -1, 0, 1, 2) that appears in the code anywhere besides being assigned to a variable is a magic number, and should instead be assigned to a const integer, enum, or macro. Likewise any string literal (except "" and individual characters) that appears in the code anywhere besides being assigned to a char* or char[] is a magic string.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...