SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 146

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 147

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attempting to compile a program with a function declarator that does not include the appropriate type information typically generates a warning but does not prevent program compilation. These warnings should be resolved. (See MSC00-C. Compile cleanly at high warning levels.)

Noncompliant Code Example (Non-Prototype-Format Declarators)

...

Section 6.11.7 of the C Standard [ISO/IEC 9899:2011] states that "the use of function definitions with separate parameter identifier and declaration lists (not prototype-format parameter type and identifier declarators) is an obsolescent feature."

...

Declaring a function without any prototype forces the compiler to assume that the correct number and type of parameters have been supplied to a function. This can result in unintended and undefined behavior.

In this noncompliant code example, the definition of func() in file_a.c expects three parameters but is supplied only two.

...

C99 eliminated implicit function declarations from the C language. However, many compilers still allow the compilation of programs containing implicitly declared functions, although they may issue a warning message. These warnings should be resolved. (See MSC00-C. Compile cleanly at high warning levels.)

Compliant Solution (Function Prototypes)

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V

21 S
135 S
170 S

Fully implemented.

GCC

Include Page
GCC_V
GCC_V

 

Can detect violation of this recommendation when the -Wstrict-prototypes flag is used.

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

decltype

Fully implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V

3335
3450
0563
2050

Fully implemented.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TR 24772Type system [IHN] and Subprogram signature mismatch [OTR]
MISRA-CRule 8.2 (required): Whenever an object or function is declared or defined, its type shall be explicitly stated

Bibliography

[ISO/IEC 9899:2011]Foreword and Section 6.911.17, "Function Definitions"
[Spinellis 2006]Section 2.6.1, "Incorrect Routine or Arguments"

...