Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated UB references from C11->C23

...

The C Standard identifies four situations in which undefined behavior (UB) may arise as a result of incompatible declarations of the same function or object:

UB

Description

Code

1514

Two declarations of the same object or function specify types that are not compatible (6.2.7).

All noncompliant code in this guideline

3130Two identifiers differ only in nonsignificant characters (6.4.2.1).Excessively Long Identifiers

3736

An object has its stored value accessed other than by an lvalue of an allowable type (6.5).

Incompatible Object Declarations
Incompatible Array Declarations

4137

A function is defined with a type that is not compatible with the type (of the expression) pointed to by the expression that denotes the called function (6.5.2.2).

Incompatible Function Declarations 
Excessively Long Identifiers

...

In this noncompliant code example, the variable i is declared to have type int in file a.c but defined to be of type short in file b.c. The declarations are incompatible, resulting in undefined behavior 1514. Furthermore, accessing the object using an lvalue of an incompatible type, as shown in function f(), is undefined behavior 37 with 36 with possible observable results ranging from unintended information exposure to memory overwrite to a hardware trap.

Code Block
bgColor#FFcccc
languagec
/* In a.c */
extern int i;   /* UB 1514 */

int f(void) {
  return ++i;   /* UB 3736 */
}

/* In b.c */
short i;   /* UB 1514 */

Compliant Solution (Incompatible Object Declarations)

...

In this noncompliant code example, the variable a is declared to have a pointer type in file a.c but defined to have an array type in file b.c. The two declarations are incompatible, resulting in undefined behavior 1514. As before, accessing the object in function f() is undefined behavior 3736 with the typical effect of triggering a hardware trap.

Code Block
bgColor#FFcccc
languagec
/* In a.c */
extern int *a;   /* UB 1514 */

int f(unsigned int i, int x) {
  int tmp = a[i];   /* UB 3736: read access */
  a[i] = x;         /* UB 3736: write access */
  return tmp;
}

/* In b.c */
int a[] = { 1, 2, 3, 4 };   /* UB 1514 */

Compliant Solution (Incompatible Array Declarations)

...

In this noncompliant code example, the function f() is declared in file a.c with one prototype but defined in file b.c with another. The two prototypes are incompatible, resulting in undefined behavior 1514. Furthermore, invoking the function is undefined behavior 4137 and typically has catastrophic consequences.

Code Block
bgColor#FFcccc
languagec
/* In a.c */
extern int f(int a);   /* UB 1514 */

int g(int a) {
  return f(a);   /* UB 4137 */
}

/* In b.c */
long f(long a) {   /* UB 1514 */
  return a * 2;
}

Compliant Solution (Incompatible Function Declarations)

...

Although this code appears to be well defined because of the prototype-less declaration of of buginf(), it exhibits undefined behavior in accordance with the C Standard, 6.7.67.34, paragraph 15 14 [ISO/IEC 9899:20112024],

For two function types to be compatible, both shall specify compatible return types. Moreover, the parameter type lists , if both are present, shall agree in the number of parameters and in use of the final ellipsis terminator; corresponding parameters shall have compatible types. If one type has a parameter type list and the other type is specified by a function declarator that is not part of a function definition and that contains an empty identifier list, the parameter list shall not have an ellipsis terminator and the type of each parameter shall be compatible with the type that results from the application of the default argument promotionsIn the determination of type compatibility and of a composite type, each parameter declared with function or array type is taken as having the adjusted type and each parameter declared with qualified type is taken as having the unqualified version of its declared type.

Compliant Solution (Incompatible Variadic Function Declarations)

...

Code Block
bgColor#FFcccc
languagec
/* In bashline.h */
/* UB 1514, UB 3130 */
extern char * bash_groupname_completion_function(const char *, int);

/* In a.c */
#include "bashline.h"

void f(const char *s, int i) {
  bash_groupname_completion_function(s, i);  /* UB 4137 */
}

/* In b.c */
int bash_groupname_completion_funct;  /* UB 1514, UB 3130 */

NOTE: The identifier bash_groupname_completion_function referenced here was taken from GNU Bash, version 3.2.

...

A declaration shall be visible when with external linkage is definedParasoftParasoftruntime

Declaration mismatch

MISRA 2012 Rule 5.1

MISRA C:2012 Rule 8.3

type-compatibility

Partially checked

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

type-compatibility

Partially checked

type-compatibility-link

distinct-extern

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL40Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.STRUCT.DECL.IF
LANG.STRUCT.DECL.IO
Inconsistent function declarations
Inconsistent object declarations
Coverity
Include Page
Coverity_V
Coverity_V
MISRA C 2012 Rule 8.4Implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-dcl40-cPartially implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0776, C0778, C0779, C0789, C1510

C++1510

Fully implemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

MISRA.FUNC.NOPROT.DEF.2012
MISRA.FUNC.PARAMS.IDENT

Fully implemented
LDRA tool suite8.5.4

1 X, 17 D

Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL40-a
CERT_C-DCL40-b

All declarations of an object or function

shall have compatible types
If objects or functions are declared more than once their types shall be compatible

Parasoft Insure++



Runtime analysis

PC-lint Plus

Include Page

PC-lint Plus_V

PC-lint Plus_V

18, 621, 793, 4376

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C:

Mismatch between function or variable declarations

External identifiers shall be distinct

All declarations of an object or function shall use the same names and type qualifiers

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v1510,776,778,779,789Fully implementedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

1510

RuleChecker
Include Page
RuleChecker_VRuleChecker_V

Rule DCL40-C




Checks for declaration mismatch (rule fully covered)

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

type-compatibility

type-compatibility-link

distinct-extern

 

Fully checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

incompatible declarationExhaustively verified.

Related Guidelines

Key here (explains table format and definitions)

...

63, (including Prototypes)"
J.2, "Undefined Behavior
[Hatton 1995]Section 2.8.3
[ISO/IEC 9899:2011]

J.2, "Undefined Behavior"

[ISO/IEC 9899:2024]

6.7.

7.

4 "Function Declarators

"


...