...
| Wiki Markup |
|---|
This non-compliant code example is based on the managed string library developed by CERT \[[Burch 06|AA. C References#Seacord 06]\]. In this non-compliant example, the managed string type is, and functions that operate on this type, are defined in the include file {{string_m.h}} as follows: |
| Code Block | ||
|---|---|---|
| ||
struct string_mx {
size_t size;
size_t maxsize;
unsigned char strtype;
char *cstr;
};
typedef struct string_mx *string_m;
/* Function declarations */
extern errno_t strcpy_m(string_m s1, const string_m s2);
extern errno_t strcat_m(string_m s1, const string_m s2) ;
/* etc. */
|
The implementation of the string_m type is fully visible to the user of the data type after including the string_m.h file. Programmers are consequently more likely to directly manipulate the fields within the structure, violating the software engineering principles of information hiding and data encapsulation and increasing the probability of developing incorrect or non-portable code.
...
| Code Block | ||
|---|---|---|
| ||
struct string_mx {
size_t size;
size_t maxsize;
unsigned char strtype;
char *cstr;
};
/* Function declarations */
extern errno_t strcpy_m(string_m s1, const string_m s2);
extern errno_t strcat_m(string_m s1, const string_m s2) ;
/* etc. */
|
Modules that implement the abstract data type include both the external and internal definitions, while users of the data abstraction include only the external string_m.h file. This allows the implementation of the string_m to remain private.
...