C++ does not allow you to change the value of a reference type, effectively treating all references as being const qualified. The C++ Standard, [dcl.ref], paragraph 1 [ISO/IEC 14882-2014], states:

Cv-qualified references are ill-formed except when the cv-qualifiers are introduced through the use of a typedef-name (7.1.3, 14.1) or decltype-specifier (7.1.6.2), in which case the cv-qualifiers are ignored.

Thus, C++ prohibits or ignores the cv-qualification of a reference type. Only a value of reference type may be cv-qualified.

When attempting to const-qualify a value of reference type, a programmer may accidentally write

char &const p;

instead of

char const &p; // Or: const char &p;

Do not attempt to cv-qualify a reference type because it results in undefined behavior. A conforming compiler is required to issue a diagnostic message. However, if the compiler does not emit a fatal diagnostic, the program may produce surprising results, such as allowing the character referenced by p to be mutated.

Noncompliant Code Example

In this noncompliant code example, a const-qualified reference to a char instead of a reference to a const-qualified char is formed, resulting in undefined behavior:

#include <iostream>
 
void f(char c) {
  char &const p = c;
  p = 'p';
  std::cout << c << std::endl;
}

Implementation Details

With Microsoft Visual Studio 2013, this code compiles successfully with a warning diagnostic (warning C4227: anachronism used : qualifiers on reference are ignored) and outputs

p

With Clang 3.5, this code produces a fatal diagnostic:

error: 'const' qualifier may not be applied to a reference

Compliant Solution

This compliant solution assumes the programmer intended for the previous example to fail to compile due to attempting to modify a const-qualified char reference:

#include <iostream>
 
void f(char c) {
  const char &p = c;
  p = 'p'; // Error: read-only variable is not assignable
  std::cout << c << std::endl;
}

Risk Assessment

const and volatile reference types may result in undefined behavior instead of a fatal diagnostic, causing unexpected values to be stored and leading to possible data integrity violations.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL52-CPP

Low

Unlikely

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

PRQA QA-C++

14

 
Clang  

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Dewhurst 02]Gotcha #5, "Misunderstanding References"
[ISO/IEC 14882-2014]Subclause 8.3.2, "References"