...
| Code Block |
|---|
/* Legacy function defined elsewhere - cannot be modified */
void audit_log(char *errstr) {
fprintf(stderr, "Error: %s.\n", errstr);
}
/* ... */
const char INVFNAME[] = "Invalid file name.";
audit_log((char *)INVFNAME); /* EXP05-EX1 */
/* ... */
|
Automated Checking
The tool Compass / ROSE should be able to detect explicit casting away of a const object. So it should catch the first NCE, which does just this.
ROSE should also be able to detect implicit casting away of a const pointer to memset(), and to any other functions that take pointer arguments. To do this, it simply takes any function that is accepting a const pointer as argument, and view the function declaration (which will be available in the AST). So ROSE should be able to catch any const-casts, explicit or implicit.
ROSE won't be able to identify 'legitimate' const casts as specified in EXP05:EX1.
In C++, there is a const_cast keyword specifically representing the casting away of const. My feeling would be that Rose should report const casts using the old syntax, but remain quiet on casts using the const_cast keyword. This is mainly because const_cast is explicitly meant to violate this rule and is easy to search for, while C-style casts may or may not violate this rule, and in general are very difficult to spot.
Risk Assessment
If the object is constant, the compiler may allocate storage in ROM or write-protected memory. Attempting to modify such an object may lead to a program crash or denial-of-service attack.
...
The LDRA tool suite V 7.6.0 can detect violations of this recommendation.
GCC Compiler can detect violations of this rule when the -Wcast-qual flag is used.
Compass/ROSE can detect violations of this recommendation.
...