Page History

Immutable objects should be const-qualified. Enforcing object immutability using const- qualification helps ensure the correctness and security of applications. ISO/IEC TR 24772, for example, recommends labeling parameters as constant to avoid the unintentional modification of function arguments [ISO/IEC TR 24772]. STR05-C. Use pointers to const when referring to string literals describes a specialized case of this recommendation.

...

In this compliant solution, pi is declared as a const-qualified object.:

Code Block

bgColor	#ccccff
lang	c

const float pi = 3.14159f;
float degrees;
float radians;
/* ... */
radians = degrees * pi / 180;

Exceptions

DCL00-EX1: It is acceptable to define valueless macros to serve as "inclusion guards." That is, the macro serves to control the multiple inclusion of header files, as in the following example:

Code Block
#ifndef SOME_HEADER_H #define SOME_HEADER_H ... // content of header file #endif

...

Risk Assessment

Failing to const-qualify immutable objects can result in a constant being modified at runtime.

Recommendation	Severity	Likelihood	Detectable

Remediation Cost

Repairable	Priority	Level
DCL00-C

low

Low

Unlikely

unlikely

Yes

high

Yes

P1

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

parameter-missing-const

Partially checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-DCL00

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.CAST.PC.CRCQ

LANG.TYPE.VCBC

LANG.STRUCT.RPNTC

Cast removes const qualifier

Variable Could Be const

Returned Pointer Not Treated as const

Compass/ROSE

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.DCL00

Partially implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C3204, C3227, C3232, C3673, C3677

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

78 D
93 D
200 S

Fully implemented

PRQA QA-C Include PagePRQA_VPRQA_V

3204

3227

3232

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-DCL00-a
CERT_C-DCL00-b

Declare local variable as const whenever possible
Declare parameters as const whenever possible

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

953

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: DCL00-C

Checks for unmodified variable not const-qualified (rule fully covered).

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

parameter-missing-const

Partially checked

Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

VOID DCL00-CPP. Const-qualify immutable objects

ISO/IEC 9899:2011 Section 6.7.3, "Type qualifiers"

Bibliography Bibliography

[Dewhurst 2002]	Gotcha #25, "#define Literals"
[Saks 2000]

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 114

New Version Current

Key

Exceptions

Risk Assessment

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography Bibliography