CERT C: Rec. DCL00-C

Unmodified variable not const-qualified occurs when a local variable is not const-qualified and one of the following statements is true during the variable lifetime:

The checker considers a variable as modified if its address is assigned to a pointer or reference (unless it is a pointer or reference to a const variable), passed to another function, or otherwise used. In these situations, the checker does not suggest adding a const qualifier.

The checker flags arrays as candidates for const-qualification only if you do not perform write operations on the array elements at all after initialization. The checker does not flag function parameters of integer, float, enum, or boolean types.

const-qualifying a variable avoids unintended modification of the variable during later code maintenance. The const qualifier also indicates to a developer that the variable retains its initial value in the remainder of the code.

If you do not expect to modify a variable value during its lifetime, add the const qualifier to the variable declaration and initialize the variable at declaration.

If you expect the variable to be modified, see if the absence of a modification indicates a programming omission and fix the issue.

#include <string.h>

char returnNthCharacter (int n) {
    char* pwd = "aXeWdf10fg" ; //Noncompliant
    char nthCharacter;
        
    for(int i=0; i < strlen(pwd); i++) {
        if(i==n)
            nthCharacter = pwd[i];
    }
    return nthCharacter;
}

In this example, the pointer pwd is not const-qualified. However, beyond initialization with a constant, it is not reassigned anywhere in the returnNthCharacter function.

If the variable is not intended to be modified, add the const qualifier at declaration. In this example, both the pointer and the pointed variable are not modified. Add a const qualifier to both the pointer and the pointed variable. Later modifications cannot reassign the pointer pwd to point at a different variable nor modify the value at the pointed location.

#include <string.h>

char returnNthCharacter (int n) {
    const char* const pwd = "aXeWdf10fg" ; //Compliant
    char nthCharacter;
        
    for(int i=0; i < strlen(pwd); i++) {
        if(i==n)
            nthCharacter = pwd[i];
    }
    return nthCharacter;
}

Note that the checker only flags the missing const from the pointer declaration. The checker does not determine if the pointed location also merits a const qualifier.