SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version Current

changes.mady.by.user Alexander Wagner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Until the early 1980s, large software development projects had a continual problem with the inclusion of headers. One group might have produced a graphics.h, for example, which started by including <stdioio.h>h. Another group might have produced keyboard.h, which also included <stdioio.h>. And if <stdio.h> h. If io.h could not safely be included several times, arguments would break out about which header should include it. Sometimes an agreement was reached that each header should include no other headers, and therefore as a result, some application programs started with dozens of #include lines, and sometimes they got the ordering wrong or forgot a required header that was needed.

Compliant Solution

All these complications disappeared with the discovery of a simple technique: each header should #define a symbol that means "I have already been included." Then the The entire header should be is then enclosed in a "sandwich"an include guard:

Code Block
bgColor#ccccFF
lang#ccccffc

#ifndef HEADER_H
#define HEADER_H

/* ... contentsContents of the header<header.h> ... */

#endif /* HEADER_H */

Consequently, the first time that header.h is #include'd, all of its contents are included. If it should subsequently be the header file is subsequently #include'd again, its contents will be are bypassed.

Risk Assessment

Using header names that conflict with the C standard library functions can result in not including the intended file.

Because solutions such as this one make it possible to create a header file that can be included more than once, the C Standard guarantees that the standard headers are safe for multiple inclusion.

Note that it is a common mistake to choose a reserved name (such as _HEADER_H_ or __HEADER_H__) for the name of the macro used in the include guard. See DCL37-C. Do not declare or define a reserved identifier for more information.

Risk Assessment

Failure to include header files in an include guard can result in unexpected behavior.

Recommendation

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

PRE06-C

Low

Unlikely

Low

P3

L3

Automated Detection

ToolVersionCheckerDescription
Astrée
Include Page
Astrée_V
Astrée_V

include-guard-missing
include-guard-pragma-once

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE06

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.PRE06

Fully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0883
Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.INCGUARD
LDRA tool suite
Include Page
LDRA_V
LDRA_V

243 S

Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-PRE06-a

Use multiple include guards

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

967

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. PRE06-
A

1 (low)

1 (unlikely)

3 (low)

P3

L3
CChecks for content of header file not guarded from multiple inclusions (rec. fully covered)


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

include-guard-missing
include-guard-pragma-once

Fully checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Related Guidelines

SEI CERT C++ Coding StandardVOID PRE06-CPP. Enclose header files in an include guard
MISRA C:2012Directive 4.10 (required)

Bibliography

[Plum 1985]Rule 1-14


...

Image Added Image Added Image Added Wiki Markup\[[Plum 85|AA. C References#Plum 85]\] Rule 1-14 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"