C++ does not allow you to change the value of a reference type, effectively treating all references as being const qualified. The C++ Standard, [dcl.ref], paragraph 1 [ISO/IEC 14882-2014], states the following:
Cv-qualified references are ill-formed except when the cv-qualifiers are introduced through the use of a typedef-name (7.1.3, 14.1) or decltype-specifier (7.1.6.2), in which case the cv-qualifiers are ignored.
Thus, C++ prohibits or ignores the cv-qualification of a reference type. Only a value of non-reference type may be cv-qualified.
When attempting to const-qualify a value of type as part of a declaration that uses reference type, a programmer may accidentally write:
instead of:
| Code Block |
|---|
|
char const &p; // orOr: const char &p; |
Do not attempt to cv-qualify a reference type as because it can result results in undefined behavior. A conforming compiler is required to issue a diagnostic message. However, if the compiler does not emit a fatal diagnostic, the program may produce surprising results, such as allowing the character referenced by p to be mutated.
Noncompliant Code Example
In this noncompliant code example, a const-qualified reference to a char is is formed instead of a reference to a const-qualified char, resulting . This results in undefined behavior:.
| Code Block |
|---|
|
#include <iostream>
void f(char c) {
char &const p = c;
p = 'p';
std::cout << c << std::endl;
} |
Implementation Details (MSVC)
With Microsoft Visual Studio 2013 2015, this code compiles successfully with a warning diagnostic (.
| Code Block |
|---|
warning C4227: anachronism used : qualifiers on reference are ignored |
When run, the code outputs the following. ignored) and outputs:
Implementation Details (Clang)
With Clang 3.59, this code produces a fatal diagnostic:.
| Code Block |
|---|
error: 'const' qualifier may not be applied to a reference
|
Compliant Solution
Noncompliant Code Example
This noncompliant code example correctly declares p to be a reference to a const-qualified char. The subsequent modification of p makes the program ill-formed.This compliant solution assumes the programmer intended for the previous example to fail to compile due to attempting to modify a const-qualified char reference:
| Code Block |
|---|
| bgColor | #ccccff#ffcccc |
|---|
| lang | cpp |
|---|
|
#include <iostream>
void f(char c) {
const char &p = c;
p = 'p'; // error,Error: read-only variable is not assignable
std::cout << c << std::endl;
} |
Compliant Solution
This compliant solution removes the const qualifier.
| Code Block |
|---|
|
#include <iostream>
void f(char c) {
char &p = c;
p = 'p';
std::cout << c << std::endl;
}
|
Risk Assessment
A const and or volatile reference types type may result in undefined behavior instead of a fatal diagnostic, causing unexpected values to be stored and leading to possible data integrity violations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|
DCL33lowunlikelylowP1Automated Detection
Tool | Version | Checker | Description |
|---|
PRQA QA- PRQA QA-_vPRQA QA-C++_v | 14 | | | test | | CERT_CPP-DCL52-a | Never qualify a reference type with 'const' or 'volatile' |
| Polyspace Bug Finder | | Include Page |
|---|
| Polyspace Bug Finder_V |
|---|
| Polyspace Bug Finder_V |
|---|
|
| CERT C++: DCL52-CPP | Checks for: - const-qualified reference types
- Modification of const-qualified reference types
Rule fully covered. |
| Clang | |
| Clang checks for violations of this rule and produces an error without the need to specify any special flags or options. |
| SonarQube C/C++ Plugin | | Include Page |
|---|
| SonarQube C/C++ Plugin_V |
|---|
| SonarQube C/C++ Plugin_V |
|---|
|
| S3708 |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
, "References"| [Dewhurst 02] | Gotcha #5Misunderstanding
...
Image Modified Image Modified Image Modified
