Prefer type definitions (typedef
) to macro definitions (#define
) when encoding types. Type definitions obey scope rules; whereas, macro definitions do not. Type definitions can also correctly encode pointer types because they are not implemented as simple textual substitution. In this type definition, for example, the variable p
is declared as a constant pointer to char
[Summit 2005]:
typedef char *NTCS; const NTCS p = &data;
This can be confusing to developers who think that type definitions are implemented using textual substitution. As a result, Dan Saks recommends placing type qualifiers as the rightmost declaration specifier when qualifying types [Saks 1999]. While less confusing to some, this practice is not recommended because it is inconsistent with widely accepted practice and potentially misleading to experienced programmers.
Noncompliant Code Example
In this noncompliant code example, s1
is declared as char *
, but s2
is declared as a char
, which is probably not what the programmer intended.
#define cstring char * cstring s1, s2;
This noncompliant code example also violates recommendation DCL04-C. Do not declare more than one variable per declaration.
Compliant Solution
In this compliant solution, both s1
and s2
are declared as char *
.
typedef char * cstring; cstring s1; cstring s2;
Risk Assessment
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
PRE03-C |
low |
unlikely |
medium |
P2 |
L3 |
Automated Detection
Tool |
Version |
Checker |
Description |
---|---|---|---|
9.7.1 | 79 S |
Fully Implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: PRE03-CPP. Prefer typedefs to defines for encoding types
ISO/IEC 9899:1999 Section 6.7, "Declarations"
ISO/IEC PDTR 24772 "NMP Pre-processor Directives"
Bibliography
[Saks 1999]
[Summit 2005] Question 1.13, Question 11.11