Until the early 1980's1980s, large software development projects had a continual problem with the inclusion of headers. One group might have produced a graphics.h
, for example, which started by including <stdioio.h>h
. Another group might have produced keyboard.h
, which also included <stdioio.h>
. And if <stdio.h>
h
. If io.h
could not safely be included several times, arguments would break out about which header should include it. Sometimes an agreement was reached that each header should include no other headers, and therefore as a result, some application programs started with dozens of #include
lines ? , and sometimes they got the ordering wrong , or forgot a required header that was needed.
Compliant Solution
All these complications disappeared with the discovery of a simple technique: each header should #define
a symbol which that means "I have already been included." Then the The entire header should be is then enclosed in a "sandwich"an include guard:
Code Block | ||||
---|---|---|---|---|
| ||||
#ifndef HEADER_H #define HEADER_H /* ... contentsContents of the header<header.h> ... */ #endif /* HEADER_H */ |
Consequently, the first time that header.h
is #include
'd, all of its contents are included. If it should subsequently be the header file is subsequently #include
'd again, its contents will be by-passedare bypassed.
Because solutions such as this one make it possible to create a header file that can be included more than once, the C Standard guarantees that the standard headers are safe for multiple inclusion.
Note that it is a common mistake to choose a reserved name (such as _HEADER_H_
or __HEADER_H__
) for the name of the macro used in the include guard. See DCL37-C. Do not declare or define a reserved identifier for more information.
Risk Assessment
Using header names that conflict with the C standard library functions can result in not including the intended file.
Failure to include header files in an include guard can result in unexpected behavior.
Recommendation |
---|
Severity | Likelihood | Remediation Cost | Priority | Level | |
---|---|---|---|---|---|
PRE06- |
1 (low)
1 (unlikely)
3 (low)
P3
C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| include-guard-missing | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-PRE06 | |||||||
| CC2.PRE06 | Fully implemented | |||||||
Helix QAC |
| C0883 | |||||||
Klocwork |
| MISRA.INCGUARD | |||||||
LDRA tool suite |
| 243 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-PRE06-a | Use multiple include guards | ||||||
PC-lint Plus |
| 967 | Fully supported | ||||||
Polyspace Bug Finder |
| CERT C: Rec. PRE06-C | Checks for content of header file not guarded from multiple inclusions (rec. fully covered) | ||||||
RuleChecker |
| include-guard-missing | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Related Guidelines
SEI CERT C++ Coding Standard | VOID PRE06-CPP. Enclose header files in an include guard |
MISRA C:2012 | Directive 4.10 (required) |
Bibliography
[Plum 1985] | Rule 1-14 |
...
\[[Plum 85|AA. C References#Plum 85]\] Rule 1-14
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" Wiki Markup