You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

According to ISO/IEC 9899:TC3 Section 7.1.3 on reserved identifiers,

  • All identifiers that begin with an underscore and either an uppercase letter or another underscore are always reserved for any use
  • All identifiers that begin with an underscore are always reserved for use as identifiers with file scope in both the ordinary and tag name spaces
  • Each macro name in any of the subclauses (including the future library directions) is reserved for use as specified if any of its associated headers is included, unless explicitly stated otherwise
  • All identifiers with external linkage(including future library directions) are always reserved for use as identifiers with external linkage
  • Each identifier with file scope listed in any of the above subclauses (including the future library directions) is reserved for use as a macro name and as an identifier with file scope in the same name space if any of its associated headers is included

No other identifiers are reserved. If a program declares or defines an identifier in a context in which it is reserved or defines a reserved identifier as a macro name, the behavior of that identifier is undefined. Trying to define a reserved identifier can result in its name conflicting with that used in implementation, which may or may not be detected at compile time.

Noncompliant Code Example

In this example, variables are defined with names reserved for the implementation.

long _Max_Value;
int __length; 

Compliant Solution

This compliant solution uses identifiers that are not reserved.

long maxValue;
int length;

Noncompliant Code Example (Header Guard)

A common but non-compliant practice is to choose a reserved name for the name of a macro used in a preprocessor conditional guarding against multiple inclusion of a header file. See also PRE06-C. Enclose header files in an inclusion guard.

#ifndef _MY_HEADER_H_
#define _MY_HEADER_H_

/* contents of <my_header.h> */

#endif /* _MY_HEADER_H_ */

Compliant Solution (Header Guard)

The compliant solution avoids using leading or trailing underscores in the name of the header guard.

#ifndef MY_HEADER_H
#define MY_HEADER_H

/* contents of <my_header.h> */

#endif /* MY_HEADER_H */

Noncompliant Code Example (Global Variable)

In this example, a variable beginning with an underscore is defined with implicit global scope.

size_t _limit = 100;

unsigned int getValue(unsigned int count){

  size_t i;
  unsigned int result = 0;

  for(i = 0; i < _limit; i++){    
    result++;        
    if(i == count){ 
      break;
    }
  }

}

Noncompliant Code Example (Static Variable)

In this example, the variable is declared as static and, hence, has file scope.

This code might have been safe if the C file containing it includes no header files. However, it requires stdlib.h in order to define size_t. And loading any standard header files will introduce a potential name clash. Consequently it is not safe to prepend any identifier with an underline, even if its usage is confined to a single file.

static size_t _limit = 100;

unsigned int getValue(unsigned int count){

  size_t i;
  unsigned int result = 0;

  for(i = 0; i < _limit; i++){    
    result++;        
    if(i == count){ 
      break;
    }
  }

}

Compliant Solution (Global Variable)

In this compliant solution, the variable name does not begin with an underscore and, hence, is not reserved.

size_t limit = 100;

unsigned int getValue(unsigned int count){

  size_t i;
  unsigned int result = 0;

  for(i = 0; i < limit; i++){    
    result++;        
    if(i == count){ 
      break;
    }
  }

}

Noncompliant Code Example

Identifiers with external linkage include setjmp, errno, math_errhandling, and va_end.
In the example, errno is defined. The errno value set by the function open() would not be accessible to the program because its definition is suppressed. For information regarding redefining errno, see ERR31-C. Don't redefine errno.

#include <errno.h>

#define errno 200

int validate(unsigned int secretValue){
  
  char fname[] = "non_exist.txt";
  int fd;
  int result = -1;

  fd = open(fname, O_RDONLY); 

  if(fd == -1){
    printf("Error opening file. Error code : %d\n", errno); 
    return result;
  }

  close(fd); 

  if(errno % secretValue == 20){
    result = 0;
  }
  else{
    result = -1;
  } 
  
  return result;
  
}

Compliant Solution

In this compliant solution, the reserved identifier errno is not used.

#include <errno.h>

#define keyNum 200

int validate(unsigned int secretValue){
  
  char fname[] = "non_exist.txt";
  int fd;
  int result = -1;

  fd = open(fname, O_RDONLY); 

  if(fd == -1){
    printf("Error opening file. Error code : %d\n", errno); 
    return result;
  }

  close(fd); 

  if(errno % secretValue == 20){
    result = 0;
  }
  else{
    result = -1;
  } 
  
  return result;
  
}

Risk Assessment

Using reserved identifiers can lead to incorrect program operation.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL37-C

low

unlikely

low

P3

L3

Automated Detection

A module written in Compass/ROSE can detect violations of this rule.

References

[[ISO/IEC 9899:1999]] Section 7.1.3, "Reserved Identifiers"


  • No labels