The C11 C23 Standard requires type specifiers and forbids implicit function declarations. The C90 Standard allows implicit typing of variables and functions. Consequently, some existing legacy code uses implicit typing. Some C compilers still support legacy code by allowing implicit typing, but it should not be used for new code. Such an implementation may choose to assume an implicit declaration and continue translation to support existing programs that used this feature.
...
C no longer allows the absence of type specifiers in a declaration. The C Standard, 6.7.3 paragraph 2 [ ISO/IEC 9899:20112024 ], states
At Except where the type is inferred (6.7.10), at least one type specifier shall be given in the declaration specifiers in each declaration, and in the specifier-qualifier list in each
struct
member declaration and type name.
This noncompliant code example omits the type specifier:
...
Because implicit declarations lead to less stringent type checking, they can introduce unexpected and erroneous behavior. Occurrences of an omitted type specifier in existing code are rare, and the consequences are generally minor, perhaps resulting in abnormal program termination.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL31-C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| type-specifier function-return-type implicit-function-declaration undeclared-parameter | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-DCL31 | Fully implemented | ||||||
Clang |
| -Wimplicit-int |
Compass/ROSE |
Coverity |
| MISRA C 2012 Rule 8.1 | Implemented | ||||||
Cppcheck Premium |
| premium-cert-dcl31-c | Partially Implemented Can detect implicit int | ||||||
| CC2.DCL31 | Fully implemented | |||||||
GCC |
|
Can detect violations of this rule when the | |||||||||
Helix QAC |
| C0434, C2050, C2051, C3335 | Fully implemented | ||||||
Klocwork |
| CWARN.IMPLICITINT |
MISRA.DECL.NO_TYPE |
Fully implemented | |||||||||
LDRA tool suite |
| 24 D, 41 D, 20 S, 326 S, 496 S | Fully implemented | ||||||
Parasoft C/C++test |
|
|
|
0434 (C)
1302
2050
2051
3335
CERT_C-DCL31-a | All functions shall be declared before use | ||||||||
PC-lint Plus |
| 601, 718, 746, 808 | Fully supported | ||||||
Polyspace Bug Finder |
| Checks for:
Rule fully covered. | |||||||
PVS-Studio |
| V1031 |
SonarQube C/C++ Plugin |
| S819, S820 | Partially implemented; implicit return type not covered. | ||||||
RuleChecker |
| type-specifier function-return-type implicit-function-declaration undeclared-parameter | Fully checked | ||||||
TrustInSoft Analyzer |
| type specifier missing | Partially verified (exhaustively detects undefined behavior). |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C Secure Coding Standard | DCL07-C. Include the appropriate type information in function declarators | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Subprogram Signature Mismatch [OTR] | Prior to 2018-01-12: CERT: Unspecified Relationship |
MISRA C:2012 | Rule 8.1 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
...
...