[C-safe-secure-studygroup] Rule 5.1 Distinct external identifiers

Robert Seacord rcseacord at gmail.com
Wed Feb 22 13:44:27 UTC 2017


Q1: Can violations of the rule directly threat safety and security?
A1: Yes

Q2: Can violations of the rule indirectly threat safety and security?
A2: Yes

Q3: Should an analyzer be able to detect violations of the rule?
A3: Yes

*Discussion:*

This is similar to Rule 5.2 that applies to internal identifiers but I'm
having a harder time determining the definition of distinct, as the example
says that these are not distinct:

/* in a.c */
int xyz = 0;

/* in b.c */
int XYZ = 0;

IMHO, I think changing the definition of what makes identifiers distinct
would be pretty disruptive and that the existing TS 1761 rule i fine and
could be extended to both safety and security.  The closest I have seen to
this rule is avoiding similar characters like '1' and 'l'  and '0' and 'O'
in the same positions in the identifier.

EXAMPLE 4       According to ISO/IEC 9899:2011, 5.2.4.1, external
identifiers need to be unique only within the first 31 characters. In this
noncompliant example, a diagnostic is required on implementations where the
external identifiers bash_groupname_completion_function and
bash_groupname_completion_funct are identical, because it results in
incompatible declarations.
/* in bash/bashline.h */
extern char* bash_groupname_completion_function(const char *, int);
// diagnostic required
// the identifier exceeds 31 characters
/* in a.c */
#include <bashline.h>

void w(const char *s, int i) {
  bash_groupname_completion_function(s, i);
}

/* in b.c */
int bash_groupname_completion_funct;  // diagnostic required
// identifier not unique within 31 characters

NOTE         The identifier bash_groupname_completion_function referenced
here was taken from GNU Bash <http://www.gnu.org/software/bash/> version
3.2.

*Background*

More or less already in TS 17961 the same function or object in
incompatible ways    [funcdecl]

*Rule*
Two or more incompatible declarations of the same function or object that
appear in the same program shall be diagnosed.

EXAMPLE 4       According to ISO/IEC 9899:2011, 5.2.4.1, external
identifiers need to be unique only within the first 31 characters. In this
noncompliant example, a diagnostic is required on implementations where the
external identifiers bash_groupname_completion_function and
bash_groupname_completion_funct are identical, because it results in
incompatible declarations.

/* in bash/bashline.h */

extern char* bash_groupname_completion_function(const char *, int);

// diagnostic required

// the identifier exceeds 31 characters

/* in a.c */

#include <bashline.h>



void w(const char *s, int i) {

  bash_groupname_completion_function(s, i);

}



/* in b.c */

int bash_groupname_completion_funct;  // diagnostic required

// identifier not unique within 31 characters



NOTE         The identifier bash_groupname_completion_function referenced
here was taken from GNU Bash <http://www.gnu.org/software/bash/> version
3.2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20170222/d58be5cc/attachment.html>


More information about the C-safe-secure-studygroup mailing list