Immutable objects should be const-qualified. Enforcing object immutability using const qualification helps ensure the correctness and security of applications. ISO/IEC TR 24772, for example, recommends labeling parameters as constant to avoid the unintentional modification of function arguments [ISO/IEC TR 24772]. STR05-C. Use pointers to const when referring to string literals describes a specialized case of this recommendation.
Adding const qualification may propagate through a program; as you add const, qualifiers become still more necessary. This phenomenon is sometimes called const poisoning, which can frequently lead to violations of EXP05-C. Do not cast away a const qualification. Although const qualification is a good idea, the costs may outweigh the value in the remediation of existing code.
A macro or an enumeration constant may also be used instead of a const-qualified object. DCL06-C. Use meaningful symbolic constants to represent literal values describes the relative merits of using const-qualified objects, enumeration constants, and object-like macros. However, adding a const qualifier to an existing variable is a better first step than replacing the variable with an enumeration constant or macro because the compiler will issue warnings on any code that changes your const-qualified variable. Once you have verified that a const-qualified variable is not changed by any code, you may consider changing it to an enumeration constant or macro, as best fits your design.
Noncompliant Code Example
In this noncompliant code, pi is declared as a float. Although pi is a mathematical constant, its value is not protected from accidental modification.
float pi = 3.14159f; float degrees; float radians; /* ... */ radians = degrees * pi / 180;
Compliant Solution
In this compliant solution, pi is declared as a const-qualified object:
const float pi = 3.14159f; float degrees; float radians; /* ... */ radians = degrees * pi / 180;
Risk Assessment
Failing to const-qualify immutable objects can result in a constant being modified at runtime.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL00-C | Low | Unlikely | High | P1 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
|
|
| |
| 1.2 | CC2.DCL00 | Partially implemented | |
| 9.7.1 | 78 D | Fully implemented | |
| PRQA QA-C | Unable to render {include} The included page could not be found. | 3204 3673 | Partially implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [Dewhurst 2002] | Gotcha #25, "#define Literals" |
| [Saks 2000] |