 
                            Identifiers must be unique to prevent confusion about which variable or function is being referenced. Implementations can allow additional non-unique characters to be appended to the end of identifiers, making the identifiers appear unique while actually being indistinguishable.
To guarantee identifiers are unique, you must first determine the number of significant characters recognized by (the most restrictive) compiler you are using. This assumption must be documented in the code.
The standard defines the following minimum requirements:
- 63 significant initial characters in an internal identifier or a macro name (each universal character name or extended source character is considered a single character)
- 31 significant initial characters in an external identifier (each universal character name specifying a short identifier of 0000FFFF or less is considered 6 characters, each
 universal character name specifying a short identifier of 00010000 or more is considered 10 characters, and each extended source character is considered the same number of characters as the corresponding universal character name, if any)
Restriction of the significance of an external name to fewer than 255 characters in the standard (considering each universal character name or extended source character as a single character) is an obsolescent feature that is a concession to existing implementations. Therefore, it is not necessary to comply with this restriction, as long as your identifiers are unique and your assumptions concering the number of significant characters is documented.
Non-Compliant Code Example
Assuming your compiler implements the minimum requirements for signficant characters required by the standard, the following examples are non-compliant:
extern int global_symbol_definition_lookup_table_a[100]; extern int global_symbol_definition_lookup_table_b[100];
The external indentifiers in this example are not unique because the first 31 characters are identical.
extern int \U00010401\U00010401\U00010401\U00010401[100]; extern int \U00010401\U00010401\U00010401\U00010402[100];
In this example, both external identifiers consist of four universal characters, but only the first three characters are unique. In practice, this means that both identifiers are referring to the same integer array.
Compliant Solution
In the compliant solution, the signficant characters in each identifier vary.
extern int a_global_symbol_definition_lookup_table[100]; extern int b_global_symbol_definition_lookup_table[100];
Again, assuming a minimally compliant implementation, the first three universal characters used in an identifier must be unique.
extern int \U00010401\U00010401\U00010401\U00010401[100]; extern int \U00010402\U00010401\U00010401\U00010401[100];
Risk Assessment
Non-unique identifiers can lead to abnormal program termination, denial-of-service attacks, or unintended information disclosure.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| DCL32-C | 2 (low) | 1 (unlikely) | 3 (low) | P6 | L2 | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 5.2.4.1, "Translation limits"
[[MISRA 04]] Rule 5.1