According to ISO/IEC 9899:TC3 Section 7.1.3 on reserved identifiers,
- All identifiers that begin with an underscore and either an uppercase letter or another underscore are always reserved for any use
- All identifiers that begin with an underscore are always reserved for use as identifiers with file scope in both the ordinary and tag name spaces
- Each macro name in any of the subclauses (including the future library directions) is reserved for use as specified if any of its associated headers is included, unless explicitly stated otherwise
- All identifiers with external linkage(including future library directions) are always reserved for use as identifiers with external linkage
- Each identifier with file scope listed in any of the above subclauses (including the future library directions) is reserved for use as a macro name and as an identifier with file scope in the same name space if any of its associated headers is included
No other identifiers are reserved and if a program declares or defines an identifier in a context in which it is reserved, or defines a reserved identifier as a macro name, the behavior is undefined. Trying to define a reserved identifier may lead to that identifier name conflicting with that used in implementation, which may or may not be detected at compile time
Non Compliant Code
In this example variables are defined with names reserved for the implementation
long _Max_Value; int __length;
Compliant Solution
The compliant solution uses identifiers that are not reserved
long maxValue; int length;
Non Compliant Code
In this example, variable beginning with an underscore is defined with implicit global scope.
size_t _limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < _limit; i++){
result++;
if(i == count){
break;
}
}
}
Compliant Code
In the compliant solution, the variable is declared as static and hence has file scope.
static size_t _limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < _limit; i++){
result++;
if(i == count){
break;
}
}
}
Compliant Code
In the compliant solution, the variable name does not begin with an underscore and hence is not reserved.
size_t limit = 100;
unsigned int getValue(unsigned int count){
size_t i;
unsigned int result = 0;
for(i = 0; i < limit; i++){
result++;
if(i == count){
break;
}
}
}
Non Compliant Code
Identifiers with external linkage include setjmp, errno, math_errhandling, va_end.
In the example errno is defined. The errno value set by the function open() would not be accessible to the program as its definition is suppressed. For information regarding redefining errno, see ERR31-C. Don't redefine errno.
#include <errno.h>
#define errno 200
int validate(unsigned int secretValue){
char fname[] = "non_exist.txt";
int fd;
int result = -1;
fd = open(fname, O_RDONLY);
if(fd == -1){
printf("Error opening file. Error code : %d\n", errno);
return result;
}
close(fd);
if(errno % secretValue == 20){
result = 0;
}
else{
result = -1;
}
return result;
}
Compliant Solution
In the compliant solution, the reserved identifier errno is not used.
#include <errno.h>
#define keyNum 200
int validate(unsigned int secretValue){
char fname[] = "non_exist.txt";
int fd;
int result = -1;
fd = open(fname, O_RDONLY);
if(fd == -1){
printf("Error opening file. Error code : %d\n", errno);
return result;
}
close(fd);
if(errno % secretValue == 20){
result = 0;
}
else{
result = -1;
}
return result;
}
Risk Assessment
Use of reserved identifiers may cause incorrect program operation.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL37-C |
low |
unlikely |
Low |
P3 |
L3 |
Automated Detection
A module can be written in Compass/ROSE to detect violations of this rule
References
[[ISO/IEC 9899:1999]] Section 7.1.3, "Reserved Identifiers"