According to ISO/IEC 9899:TC3 Section 7.1.3 on reserved identifiers,
- All identifiers that begin with an underscore and either an uppercase letter or another underscore are always reserved for any use
- All identifiers that begin with an underscore are always reserved for use as identifiers with file scope in both the ordinary and tag name spaces
- Each macro name in any of the subclauses (including the future library directions) is reserved for use as specified if any of its associated headers is included, unless explicitly stated otherwise
- All identifiers with external linkage(including future library directions) are always reserved for use as identifiers with external linkage
- Each identifier with file scope listed in any of the above subclauses (including the future library directions) is reserved for use as a macro name and as an identifier with file scope in the same name space if any of its associated headers is included
No other identifiers are reserved. If a program declares or defines an identifier in a context in which it is reserved or defines a reserved identifier as a macro name, the behavior of that identifier is undefined. Trying to define a reserved identifier can result in its name conflicting with that used in implementation, which may or may not be detected at compile time.
Noncompliant Code Example
In this example, variables are defined with names reserved for the implementation.
long _Max_Value; int __length;
Compliant Solution
This compliant solution uses identifiers that are not reserved.
long maxValue; int length;
Noncompliant Code Example
In this example, a variable beginning with an underscore is defined with implicit global scope.
size_t _limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < _limit; i++){
result++;
if(i == count){
break;
}
}
}
Compliant Solution 1
In this compliant solution, the variable is declared as static and, hence, has file scope.
static size_t _limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < _limit; i++){
result++;
if(i == count){
break;
}
}
}
Compliant Code Solution 2
In this compliant solution, the variable name does not begin with an underscore and, hence, is not reserved.
size_t limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < limit; i++){
result++;
if(i == count){
break;
}
}
}
Noncompliant Code Example
Identifiers with external linkage include setjmp, errno, math_errhandling, and va_end.
In the example, errno is defined. The errno value set by the function open() would not be accessible to the program because its definition is suppressed. For information regarding redefining errno, see ERR31-C. Don't redefine errno.
#include <errno.h>
#define errno 200
int validate(unsigned int secretValue){
char fname[] = "non_exist.txt";
int fd;
int result = -1;
fd = open(fname, O_RDONLY);
if(fd == -1){
printf("Error opening file. Error code : %d\n", errno);
return result;
}
close(fd);
if(errno % secretValue == 20){
result = 0;
}
else{
result = -1;
}
return result;
}
Compliant Solution
In this compliant solution, the reserved identifier errno is not used.
#include <errno.h>
#define keyNum 200
int validate(unsigned int secretValue){
char fname[] = "non_exist.txt";
int fd;
int result = -1;
fd = open(fname, O_RDONLY);
if(fd == -1){
printf("Error opening file. Error code : %d\n", errno);
return result;
}
close(fd);
if(errno % secretValue == 20){
result = 0;
}
else{
result = -1;
}
return result;
}
Risk Assessment
Using reserved identifiers can lead to incorrect program operation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL37-C |
low |
unlikely |
low |
P3 |
L3 |
Automated Detection
A module written in Compass/ROSE can detect violations of this rule.
References
[[ISO/IEC 9899:1999]] Section 7.1.3, "Reserved Identifiers"