According to subclause 6.2.7 of the C Standard [AA. Bibliography#ISO-ISO/IEC 9899-:2011],
All declarations that refer to the same object or function shall have compatible type; otherwise, the behavior is undefined.
(See also CC. Undefined Behavior#ub_15 undefined behavior 14 of Annex J.)
Further, according to subclause 6.4.2.1,
Any identifiers that differ in a significant character are different identifiers. If two identifiers differ only in nonsignificant characters, the behavior is undefined.
(See also CC. Undefined Behavior#ub_31 undefined behavior 30 of Annex J.)
Identifiers in mutually visible scopes must be deemed unique by the compiler to prevent confusion about which variable or function is being referenced. BB. Definitions#implementation Implementations can allow additional nonunique characters to be appended to the end of identifiers, making the identifiers appear unique while actually being indistinguishable.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
extern int *global_symbol_definition_lookup_table_a;
extern int *global_symbol_definition_lookup_table_b;
|
Compliant Solution (Source Character Set)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
extern int *a_global_symbol_definition_lookup_table;
extern int *b_global_symbol_definition_lookup_table;
|
Noncompliant Code Example (Universal Character Names)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010401\U00010401\U00010401\U00010402;
|
Compliant Solution (Universal Character Names)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
extern int *\U00010401\U00010401\U00010401\U00010401;
extern int *\U00010402\U00010401\U00010401\U00010401;
|
Risk Assessment
Nonunique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.
Rule | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
DCL23-C | Medium | Unlikely |
Yes | Yes | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported indirectly via MISRA C:2012 Rules 5.1, 5.2, 5.3, 5.4 and 5.5. | |||||||
| Axivion Bauhaus Suite |
| CertC-DCL23 | |||||||
| CodeSonar |
| LANG.ID.ND. |
EXT LANG.ID.NU.EXT LANG.STRUCT.DECL.MGT | Non-distinct identifiers: external names Non-unique identifiers: external name Global variable declared with different types |
| Compass/ROSE |
Can detect some violations of this rule but cannot flag violations involving universal names |
| Helix QAC |
| C0627, C0776, C0777, C0778, C0779, C0789, C0791, C0793 | |||||||
| Klocwork |
| MISRA.IDENT.DISTINCT.C99.2012 | |||||||
| LDRA tool suite |
| 17 D | Fully implemented |
| PC- |
| lint Plus |
|
627, 776, 0777, 778, 0779
| 621 | Fully supported | |||||||
| Polyspace Bug Finder |
| Checks for:
Rec. fully covered. | |||||||
| RuleChecker |
| Supported indirectly via MISRA C:2012 Rules 5.1, 5.2, 5.3, 5.4 and 5.5. | |||||||
| SonarQube C/C++ Plugin |
| IdentifierLongerThan31 |
Related Vulnerabilities
Search for BB. Definitions#vulnerability vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
AA. Bibliography#ISO-
-
AA. Bibliography#MISRA 12
1 through
| ISO/IEC TR 24772 |
| :2013 | Choice of Clear Names [NAI] Identifier Name Reuse [YOW] |
| MISRA C:2012 | Rule 5.1 (required) |
4 (required) |
Bibliography
| [ |
| ISO/IEC 9899 |
| :2011] | Subclause 6.2.7, "Compatible Type and Composite Type" |
...
...