Wiki Markup const}}\-qualified. Enforcing object immutability using {{const}}\- qualification helps ensure the correctness and security of applications. ISO/IEC TR 24772, for example, recommends labeling parameters as constant to avoid the unintentional modification of function arguments \[ [ISO/IEC TR 24772|AA. Bibliography#ISO/ISO/IEC DTR 24772]\]. See recommendation [STR05-C. Use pointers to const when referring to string literals] describes a specialized case of this recommendation.
Adding const qualification may propagate through a program; as you add const, qualifiers become still more become necessary. This phenomenon is sometimes called const poisoning, which can frequently lead to violations of recommendation EXP05-C. Do not cast away a const qualification. While Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
Macros, A macro or an enumeration constant , may also be used instead of a const-qualified object. Reocmmendation DCL06-C. Use meaningful symbolic constants to represent literal values describes the relative merits of using const-qualified objects, enumeration constants, and object-like macros. However, adding a const qualifier to an existing variable is a better first step than replacing the variable with an enumeration constant or macro because the compiler will issue warnings on any code that changes your const-qualified variable. Once you have verified that a const-qualified variable is not changed by any code, you may consider changing it to an enumeration constant or macro, as best fits your design.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
float pi = 3.14159f;
float degrees;
float radians;
/* ... */
radians = degrees * pi / 180;
|
...
In this compliant solution, pi is declared as a const-qualified object.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
const float pi = 3.14159f; float degrees; float radians; /* ... */ radians = degrees * pi / 180; |
Exceptions
DCL00-EX1: It is acceptable to define valueless macros to serve as 'inclusion guards'. That is, the macro serves to control the multiple inclusion of header files, as in the following example:
| Code Block |
|---|
#ifndef SOME_HEADER_H
#define SOME_HEADER_H
... // content of header file
#endif
|
...
Risk Assessment
Failing to const-qualify immutable objects can result in a constant being modified at runtime.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL00-C |
Low |
Unlikely |
High | P1 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| Astrée |
| parameter-missing-const | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-DCL00 | |||||||
| CodeSonar |
| LANG.CAST.PC.CRCQ LANG.TYPE.VCBC LANG.STRUCT.RPNTC | Cast removes const qualifier Variable Could Be const Returned Pointer Not Treated as const | ||||||
| Compass/ROSE |
| CC2.DCL00 | Partially implemented | |||||||
| Helix QAC |
| C3204, C3227, C3232, C3673, C3677 |
| LDRA tool suite |
|
|
|
78 D |
Fully implemented | |||||||||
| Parasoft C/C++test |
| CERT_C-DCL00-a | Declare local variable as const whenever possible | ||||||
| PC-lint Plus |
| 953 | Fully supported | ||||||
| Polyspace Bug Finder |
| CERT C: DCL00-C | Checks for unmodified variable not const-qualified (rule fully covered). | ||||||
| RuleChecker |
| parameter-missing-const | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
ISO/IEC 9899:1999 Section 6.7.3, "Type qualifiers"
Bibliography
| Wiki Markup |
|---|
\[[Dewhurst 2002|AA. Bibliography#Dewhurst 02]\] Gotcha #25, "#define Literals"
\[[Saks 2000|AA. Bibliography#Saks 00]\] |
Bibliography
| [Dewhurst 2002] | Gotcha #25, "#define Literals" |
| [Saks 2000] |
...
02. Declarations and Initialization (DCL) 02. Declarations and Initialization (DCL)