SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 110

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Prefer type definitions (typedef) to macro definitions (#define) when encoding types. Type definitions obey scope rules; macro definitions do not. textual substitution is inferior to using the type system. While type definitions for non-pointer types have similar advantages [Summit 2005], can make it more difficult to write const-correct code (see DCL05-C. Use typedefs of non-pointer types only).

Noncompliant Code Example

This noncompliant code example will not compile, because macros use textual substitution and not the type system:  [also doesn't work with a single variable per line]

Code Block
bgColor#ffcccc
#define MATRIX double matrix[4][4]
MATRIX matrix_a;

After preprocessing, this code example is translated to the following invalid declaration:

Code Block
bgColor#ffcccc
#define MATRIX double matrix_b[4][4]
double matrix[4][4] matrix_a;

Compliant Solution

This compliant solution compiles correctly.Using type definitions instead of macro definitions in this compliant solution results in a valid declaration:

Code Block
bgColor#ccccff
typedef double matrix[4][4]; 
matrix matrix_a, matrix_b;

 

...

Noncompliant Code Example
...
 Code Block
bgColor#ffcccc
#define uchar unsigned char

 

Compliant Solution
Use type definitions to encode all non-pointer types.
 Code Block
bgColor#ccccff
typedef unsigned char uchar;

 

Risk Assessment
Recommendation
Severity
Likelihood
Remediation Cost
Priority
Level
PRE03-C
Low
Unlikely
Medium
P2
L3
Automated Detection
ToolVersionCheckerDescription
Axivion Bauhaus Suite
 Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-PRE03
ECLAIR
 Include Page
ECLAIR_V
ECLAIR_V
CC2.PRE03
Fully implemented
LDRA tool suite
Helix QAC
 Include Page
LDRA
Helix QAC_V
LDRA
Helix QAC_V
79 S
273 S
Fully implemented
PRQA QA-C Include PagePRQA QA-C_vPRQA QA-C_v3413
C3413
LDRA tool suite
 Include Page
LDRA_V
LDRA_V
79 S
Enhanced Enforcement
Fully implemented
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ 
 Secure 
 Coding StandardVOID PRE03-CPP. Prefer typedefs to defines for encoding types
ISO/IEC TR 24772:2013Pre-processor Directives [NMP]
Bibliography
[Saks 1999]
 

[Summit 2005]Question 1.13
Question 11.11
...

...
Image Modified Image Modified Image Modified