Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

It is possible to assign the value of a constant object by using a non-constant value, but the resulting behavior is undefined. According to C99 Section The C Standard, 6.7.3, "Type qualifiers," Paragraph 5:4, paragraph 7 [ISO/IEC 9899:2024], states

If an attempt is made to modify an object defined with a const-qualified type through use of an lvalue with non-const-qualified type, the behavior is undefined.

There are existing (non-compliant) compiler implementations that allow const-qualified values objects to be modified without generating a warning message.

Wiki Markup
It is also a recommended practice not to cast away a {{const}} qualification (\[[EXP05-A. Do not cast away a const qualification]\]), as this makes it easier to modify a {{const}}\-qualified value without warning.

Non-Compliant Code Example

Avoid casting away const qualification because doing so makes it possible to modify const-qualified objects without issuing diagnostics. (See EXP05-C. Do not cast away a const qualification and STR30-C. Do not attempt to modify string literals for more details.)

Noncompliant Code Example

This noncompliant code example allows a constant object to be modified:This non-compliant code example allows a constant value to be modified.

Code Block
bgColor#FFcccc
langc

const charint **cppipp;
charint *cpip;
const charint ci = 'A'42;


cppvoid func(void) {
  ipp = &cpip; /* constraintConstraint violation */
  *cppipp = &ci; /* validValid */
  *cpip = 'B'0;   /* valid Modifies constant i (was 42) */
}

The first assignment is unsafe because it would allow allows the valid code that follows it to attempt to change the value of the const object c i.

Implementation

...

Details

If cpp ipp, cp ip, and c and i are declared as automatic (stack) variables, this example compiles without warning on warning with Microsoft Visual C++ .NET (2003) and on MS Visual Studio 2005. In both cases, Studio 2013 when compiled in C mode (/TC) and the resulting program changes the value of c i. Version 3GCC 4.2.2 of the gcc compiler 8.1 generates a warning but compiles. The , and the resulting program changes the value of c i.

If cpp ipp, cp ip, and c and i are declared with static storage duration, this program terminates abnormally for both MS Visual Studio and gcc Version 3.2.2compiles without warning and terminates abnormally with Microsoft Visual Studio 2013, and compiles with warning and terminates abnormally with GCC 4.8.1.

Compliant Solution

The compliant solution depends on the intention intent of the programmer. If the intention intent is that the value of c of i is modifiable, then it should not be declared as a constant. If the intention , as in this compliant solution:

Code Block
bgColor#ccccff
langc
int **ipp;
int *ip;
int i = 42;

void func(void) {
  ipp = &ip; /* Valid */
  *ipp = &i; /* Valid */
  *ip = 0; /* Valid */
}

If the intent is that the value of c of i is not meant to change, then do not write non-compliant noncompliant code that attempts to modify it.  

Risk Assessment

Modifying constant objects through non-constant references results in nonconstant references is undefined behavior 61.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

EXP31-C

1 (low)

1 (unlikely)

2 (medium)

P2

L3

EXP40-C

Low

Unlikely

Yes

No

P2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

assignment-to-non-modifiable-lvalue

pointer-qualifier-cast-const

pointer-qualifier-cast-const-implicit

write-to-constant-memory

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP40
Coverity
Include Page
Coverity_V
Coverity_V

PW

MISRA C 2004 Rule 11.5

Implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-exp40-c
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0563
LDRA tool suite
Include Page
LDRA_V
LDRA_V
582 SFully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-EXP40-a

A cast shall not remove any 'const' or 'volatile' qualification from the type of a pointer or reference

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule EXP40-CChecks for write operations on const qualified objects (rule fully covered)
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

assignment-to-non-modifiable-lvalue

pointer-qualifier-cast-const

pointer-qualifier-cast-const-implicit

Partially checked
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

C73

Fully implemented
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

mem_access

Exhaustively verified (see the compliant and the non-compliant example).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardEXP05-C.

...

References

...

Do not cast away a const qualificationPrior to 2018-01-12: CERT: Unspecified Relationship
CERT C Secure Coding StandardSTR30-C. Do not attempt to modify string literalsPrior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

...

...

9899:2024]Subclause 6.7.

...

4,

...

"Type Qualifiers"


...

Image Added Image Added Image Added qualifiers," and Section 6.5.16.1, "Simple assignment"