SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 98 Next »

A new feature of C99: The rule for implicit declaration of functions has been removed in C99.
The effect is to guarantee the production of a diagnostic that will catch an additional category of
25 programming errors. After issuing the diagnostic, an implementation may choose to assume an
implicit declaration and continue translation in order to support existing programs that exploited
this feature.

Recommendations

DCL00-A. Declare immutable values using enum or const

DCL01-A. Do not reuse variable names in subscopes

DCL02-A. Use visually distinct identifiers

DCL03-A. Reserved

DCL04-A. Take care when declaring more than one variable per declaration

DCL05-A. Use typedefs to improve code readability

DCL06-A. Use meaningful symbolic constants to represent literal values in program logic

DCL07-A. Include the appropriate type information in function declarators

DCL08-A. Properly encode relationships in constant definitions

DCL09-A. Declare functions that return an errno with a return type of errno_t

DCL10-A. Maintain the contract between the writer and caller of variadic functions

DCL11-A. Understand the type issues associated with variadic functions

DCL12-A. Create and use abstract data types

Rules

DCL30-C. Declare objects with appropriate storage durations

DCL31-C. Declare identifiers before using them

DCL32-C. Guarantee identifiers are unique

DCL33-C. Ensure that restrict-qualified source and destination pointers in function arguments do not reference overlapping objects

DCL34-C. Use volatile for data that cannot be cached

DCL35-C. Do not convert a function pointer to an incompatible type

DCL36-C. Do not declare an identifier with conflicting linkage classifications

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL00-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL01-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL02-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL04-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL05-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL06-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL07-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL08-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL09-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL10-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

DCL11-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

DCL12-A

1 (low)

1 (unlikely)

1 (high)

P1

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL30-C

3 (high)

2 (probable)

1 (high)

P6

L2

DCL32-C

2 (medium)

1 (unlikely)

3 (low)

P6

L2

DCL33-C

2 (medium)

2 (probable)

1 (high)

P4

L3

DCL34-C

2 (medium)

1 (unlikely)

2 (medium)

P4

L3

DCL35-C

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL36-C

1 (low)

2 (probable)

3 (low)

P6

L2

PRE31-C. Never invoke an unsafe macro with arguments containing assignment, increment, decrement, or function call      CERT C Secure Coding Standard       DCL00-A. Declare immutable values using enum or const

  • No labels