SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 96

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Depending on the fonts used, certain characters appear visually similar or even identical:

Symbol

Character

Similar

Symbols

Characters

0 (zero)

O (capital o), Q (capital q), D (capital d)

1 (one)

I (capital i), l (lowercase L)

2 (two)

Z (capital z)

5 (five)

S (capital s)

8 (eight)

B (capital b)

n (lowercase N)

h (lowercase H)

m (lowercase M)

rn (lowercase R, lowercase N)

m (lowercase M)

Do not define multiple identifiers that vary only with respect to one or more visually similar characters.

Make the initial portions of long identifiers unique for easier recognition . This also helps and to help prevent errors resulting from non-unique nonunique identifiers. (See DCL32 DCL23-C. Guarantee that mutually visible identifiers are unique.)

In addition, the larger the scope of an identifier, the more descriptive its name should be. It may be perfectly appropriate to name a loop control variable i, but the same name would likely be confusing if it named a file scope object or a variable local to a function more than a few lines long. See also DCL01-C. Do not reuse variable names in subscopes and DCL19-C. Use as minimal a scope as possible for all variables and functions.

Noncompliant Code Example (Source Character Set)

DCL02-C implicitly assumes global scope, which can be confused with scope within the same file. Although it may not generate any errors, a possible violation of the rule may occur, as in the following example. Note this example does not violate DCL32 DCL23-C. Guarantee that mutually visible identifiers are unique.

In file foo.h:

Code Block
bgColor#FFcccc
langc
int id_O; //* (captialCapital letter O) */

In file bar.h:

Code Block
bgColor#FFcccc
langc
int id_0; //* (numericNumeric letterdigit zero) */

If a file foobar.c includes both foo.h and bar.h, then both id_0 and id_0 come in the same scope, violating this rule.

...

Failing to use visually distinct identifiers can result in referencing the wrong object or function, causing unintended program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

DCL02-C

Low

low

Unlikely

unlikely

Yes

medium

Yes

P2

P3

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL02
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.ID.AMBIGTypographically ambiguous identifiers
Compass/ROSE




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.DCL02

Fully implemented

LDRA tool suite
Include Page
LDRA_V
LDRA_V

67 X

Fully implemented

Compass/ROSE

 

 

 

ECLAIR

Include PageECLAIR_VECLAIR_V

idntsiml

Fully implemented

PRQA QA-C Include PagePRQA_VPRQA_V Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL02-a

Use visually distinct identifiers
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

9046

Partially supported: does not report ‘Q’ or ‘D’ vs ‘0’ or ‘O’

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. DCL02-C

Checks for use of typographically ambiguous identifiers (rec. fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

VOID DCL02-CPP. Use visually distinct identifiers
ISO/IEC

...

TR 24772:2013Choice of Clear Names [NAI]
MISRA C:2012Directive 4.5 (advisory)

ISO/IEC TR 24772 "AJN Choice of filenames and other external identifiers," "BRS Leveraging human experience," and "NAI Choice of clear names"

MISRA Rule 5.6

...


...

Image Modified Image Modified Image Modified