If a file-scope object or a function does not need to be visible outside of the file, it should be hidden by being declared as static. This practice creates more modular code and limits pollution of the global name space.
Subclause 6.2.2 of the C Standard [ISO/IEC 9899:2011] states:
If the declaration of a file scope identifier for an object or a function contains the storage-class specifier
static, the identifier has internal linkage.
and
If the declaration of an identifier for an object has file scope and no storage-class specifier, its linkage is external.
Noncompliant Code Example
This noncompliant code example includes a helper() function that is implicitly declared to have external linkage:
enum { MAX = 100 };
int helper(int i) {
/* Perform some computation based on i */
}
int main(void) {
size_t i;
int out[MAX];
for (i = 0; i < MAX; i++) {
out[i] = helper(i);
}
/* ... */
}
Compliant Solution
This compliant solution declares helper() to have internal linkage, thereby preventing external functions from using it:
enum {MAX = 100};
static int helper(int i) {
/* Perform some computation based on i */
}
int main(void) {
size_t i;
int out[MAX];
for (i = 0; i < MAX; i++) {
out[i] = helper(i);
}
/* ... */
}
Risk Assessment
Allowing too many objects to have external linkage can use up descriptive identifiers, leading to more complicated identifiers, violations of abstraction models, and possible name conflicts with libraries. If the compilation unit implements a data abstraction, it may also expose invocations of private functions from outside the abstraction.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL15-C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Astrée | 24.04 | global-object-scope | Fully checked |
| CodeSonar | 8.1p0 | LANG.STRUCT.SCOPE.FILE | Scope could be file static |
1.2 | CC2.DCL15 | Fully implemented | |
| LDRA tool suite | 9.7.1 | 27 D | Fully implemented |
| Parasoft C/C++test | 2023.1 | CERT_C-DCL15-a | Objects or functions with external linkage shall be declared in a header file |
| Polyspace Bug Finder | R2024a | Functions and objects should not be defined with external linkage if they are referenced in only one translation unit The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage | |
| PRQA QA-C | Unable to render {include} The included page could not be found. | 1504 | Fully implemented |
| RuleChecker | 24.04 | global-object-scope | Fully checked |
| Splint | 3.1.1 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID DCL15-CPP. Declare file-scope objects or functions that do not need external linkage in an unnamed namespace |
| MISRA C:2012 | Rule 8.7 (advisory) |
Bibliography
| ISO/IEC 9899:2011 | Subclause 6.2.2, "Linkages of Identifiers" |
