An identifier declared in different scopes or multiple times within the same scope can be made to refer to the same object or function by _linkage_.  An identifier can be classified as _externally linked_, _internally linked_, or _not linked_.  These three kinds of linkage have the following characteristics \[[Kirch-Prinz 2002|AA. Bibliography#Kirch-Prinz 02]\]:

According to C99 \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\], linkage is determined as follows:

If the declaration of a file scope identifier for an object or a function contains the storage class specifier static, the identifier has internal linkage.

For an identifier declared with the storage-class specifier extern in a scope in which a prior declaration of that identifier is visible, if the prior declaration specifies internal or external linkage, the linkage of the identifier at the later declaration is the same as the linkage specified at the prior declaration. If no prior declaration is visible, or if the prior declaration specifies no linkage, then the identifier has external linkage.

If the declaration of an identifier for a function has no storage-class specifier, its linkage is determined exactly as if it were declared with the storage-class specifier extern. If the declaration of an identifier for an object has file scope and no storage-class specifier, its linkage is external.

The following identifiers have no linkage: an identifier declared to be anything other than an object or a function; an identifier declared to be a function parameter; a block scope identifier for an object declared without the storage-class specifier extern.

Use of an identifier (within one translation unit) classified as both internally and externally linked causes undefined behavior. See also undefined behavior 7 of Appendix J. A translation unit includes the source file together with its headers and all source files included via the preprocessing directive #include.

Noncompliant Code Example

In this noncompliant code example, i2 and i5 are defined as having both internal and external linkage. Future use of either identifier results in undefined behavior.

int i1 = 10;  /* definition, external linkage */
static int i2 = 20;  /* definition, internal linkage */
extern int i3 = 30;  /* definition, external linkage */
int i4;  /* tentative definition, external linkage */
static int i5;  /* tentative definition, internal linkage */

int i1;  /* valid tentative definition */
int i2;  /* not valid, linkage disagreement with previous */
int i3;  /* valid tentative definition */
int i4;  /* valid tentative definition */
int i5;  /* not valid, linkage disagreement with previous */

int main(void) {
  /* ... */
}

Implementation Details

Both Microsoft Visual Studio 2003 and Microsoft Visual Studio 2005 compile this noncompliant code example without warning even at the highest diagnostic levels. Microsoft Visual Studio 2008 does provide warnings at the default warning level. The GCC compiler generates a fatal diagnostic for the conflicting definitions of i2 and i5.

Compliant Solution

This compliant solution does not include conflicting definitions.

int i1 = 10;  /* definition, external linkage */
static int i2 = 20;  /* definition, internal linkage */
extern int i3 = 30;  /* definition, external linkage */
int i4;  /* tentative definition, external linkage */
static int i5;  /* tentative definition, internal linkage */

int main(void) {
  /* ... */
}

Risk Assessment

Use of an identifier classified as both internally and externally linked causes undefined behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL36-C

medium

probable

medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite

 

 

Splint

 

 

GCC

 

 

Klocwork

IF_DEF_IN_HEADER_DECL IF_MULTI_DECL

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: DCL36-CPP. Do not declare an identifier with conflicting linkage classifications

ISO/IEC 9899:1999 Section 6.2.2, "Linkages of identifiers"

MISRA Rule 8.1

Bibliography

\[[Banahan 2003|AA. Bibliography#Banahan 03]\] [Section 8.2, "Declarations, Definitions and Accessibility"|http://publications.gbdirect.co.uk/c_book/chapter8/declarations_and_definitions.html]
\[[Kirch-Prinz 2002|AA. Bibliography#Kirch-Prinz 02]\]


DCL35-C. Do not invoke a function using a type that does not match the function definition      02. Declarations and Initialization (DCL)      DCL37-C. Do not use identifiers that are reserved for the implementation