The current C Standard does not allow for implicit typing of variables and functionsC11 Standard requires type specifiers and forbids implicit function declarations. The C90 Standard did allow such allows implicit typing of variables and functions. Consequently, some existing legacy code uses implicit typing. Some C compilers still support legacy code by allowing implicit typing, but it should not be used for new code. Because implicit declarations lead to less stringent type checking, they can introduce unexpected and erroneous behavior or even security vulnerabilities.The C Standard requires type identifiers and forbids implicit function declarations. After issuing the diagnostic, Such an implementation may choose to assume an implicit declaration and continue translation to support existing programs that used this feature.
...
C no longer allows the absence of type specifiers in a declaration. Subclause The C Standard, 6.7.2 of the C Standard [ISO/IEC 9899:2011], states:
At least one type specifier shall be given in the declaration specifiers in each declaration, and in the specifier-qualifier list in each
structdeclaration and type name.
...
Some C implementations do not issue a diagnostic for the violation of this constraint. These noncompliant nonconforming C translators continue to treat such declarations as implying the type int.
...
Implicit declaration of functions is not allowed: every function should must be explicitly declared before it can be called. In C90, if a function is called without an explicit prototype, the compiler provides an implicit declaration.
...
If a function declaration is not visible at the point at which a call to the function is made, C90-compliant platforms assume an implicit declaration of extern int identifier();.
This declaration implies that the function may take any number and type of arguments and returns a single return an int. However, to conform to the current C Standard, programmers must explicitly prototype every function before invoking it. An implementation that conforms to the C Standard may or may not perform implicit function declarations, but C does require the a conforming implementation to issue a diagnostic if it encounters an undeclared function being used.
In this noncompliant code example, if malloc() is not declared, either explicitly or by including stdlib.h, a compiler that complies conforms only with to C90 may implicitly declare malloc() as int malloc(). If the platform's size of int is 32 bits, but the size of pointers is 64 bits, the resulting pointer would likely be truncated as a result of the implicit declaration of malloc() returning a 32-bit integer.
...
Do not declare a function with an implicit return type. For example, if a function returns a meaningful integer value, declare it it as returning int. If it returns no meaningful value, declare it it as returning void.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <limits.h>
#include <stdio.h>
foo(void) {
return UINT_MAX;
}
int main(void) {
long long int c = foo();
printf("%lld\n", c);
return 0;
}
|
...
This compliant solution explicitly defines the return type of foo() as unsigned int. As a result, the function correctly returns UINT_MAX
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <limits.h>
#include <stdio.h>
unsigned int foo(void) {
return UINT_MAX;
}
int main(void) {
long long int c = foo();
printf("%lld\n", c);
return 0;
}
|
Risk Assessment
Because implicit declarations lead to less stringent type checking, they can introduce unexpected and erroneous behavior. Occurrences of an omitted type specifier in existing code are rare, and the consequences are generally minor, perhaps resulting in abnormal program termination.
...
| [ISO/IEC 9899:1990] | |
| [ISO/IEC 9899:2011] | Subclause 6.7.2, "Type Specifiers" |
| [Jones 2008] |
...