Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following table summarizes some of the differences between const-qualified objects, enumeration constants, and object-like macro definitions.

Method

Evaluated At

Consumes Memory

Viewable by Debuggers

Type Checking

Compile-Time Constant Expression

Enumerations

Compile time

No

Yes

Yes

Yes

const-qualified

Runtime

Yes

Yes

Yes

No

Macros

Preprocessor

No

No

No

Yes

Noncompliant Code Example

...

Using numeric literals makes code more difficult to read and understand. Buffer overruns are frequently a consequence of a magic number being changed in one place (such as in an array declaration) but not elsewhere (such as in a loop through an array).

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL06-C

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL06
Compass/ROSE

 

 



Could detect violations of this recommendation merely by searching for the use of "magic numbers" and magic strings in the code itself. That is, any number (except a few canonical numbers: −1, 0, 1, 2) that appears in the code anywhere besides where assigned to a variable is a magic number and should instead be assigned to a const integer, enum, or macro. Likewise, any string literal (except "" and individual characters) that appears in the code anywhere besides where assigned to a char* or char[] is a magic string

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.DCL06

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3120, C3121, C3122, C3123, C3131, C3132


LDRA tool suite
Include Page
LDRA_V
LDRA_V

201 S

Fully implemented

Parasoft C/C++test
9.5CODSTA-26Fully implementedPRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v

3120
3121
3122
3123
3131
3132

Partially implemented
Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL06-a

Use meaningful symbolic constants to represent literal values

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. DCL06-C


Checks for:

  • Hard-coded buffer size
  • Hard-coded loop boundary

Rec. fully covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

...


...

Image Modified Image Modified Image Modified