...
Depending on the fonts used, certain characters appear visually similar or even identical:
Symbol
Symbols
Character | Similar |
|---|
Characters | |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
m (lowercase M)
Do not define multiple identifiers that vary only with respect to one or more visually similar characters.
...
Failing to use visually distinct identifiers can result in referencing the wrong object or function, causing unintended program behavior.
Recommendation | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level | |
|---|---|---|---|
DCL02-C | Low | Unlikely | Yes |
Yes |
P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-DCL02 | |||||||
| CodeSonar |
| LANG.ID.AMBIG | Typographically ambiguous identifiers | ||||||
| Compass/ROSE |
| CC2.DCL02 | Fully implemented | |||||||
| LDRA tool suite |
| 67 X | Fully implemented |
| Parasoft C/C++test |
| CERT_C-DCL02-a | Use visually distinct identifiers | ||||||
| PC-lint Plus |
| 9046 | Partially supported: does not report ‘Q’ or ‘D’ vs ‘0’ or ‘O’ | ||||||
| Polyspace Bug Finder |
| CERT C: Rec. DCL02-C | Checks for use of typographically ambiguous identifiers (rec. fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID DCL02-CPP. Use visually distinct identifiers |
| ISO/IEC TR 24772:2013 | Choice of Clear Names [NAI] |
...
| MISRA C:2012 | Directive 4.5 (advisory) |
...