Main Content

CERT C: Rec. DCL19-C

Minimize the scope of variables and functions

expand all in page

Description

Rule Definition

Minimize the scope of variables and functions.1

Polyspace Implementation

The rule checker checks for these issues:

  • Function or object declared without static specifier and referenced in only one file.

  • Object defined beyond necessary scope.

Examples

expand all

Issue

The rule checker flags:

  • Objects that are defined at file scope without the static specifier but used only in one file.

  • Functions that are defined without the static specifier but called only in one file.

If you intend to use the object or function in one file only, declare it static.

Objects that are defined at file scope without the static specifier but used only in one file.

Functions that are defined without the static specifier but called only in one file.

The checker does not flag this issue in a default Polyspace® as You Code analysis. See Checkers Deactivated in Polyspace as You Code Analysis (Polyspace Access).

Risk

Compliance with this rule avoids confusion between your identifier and an identical identifier in another translation unit or library. If you restrict or reduce the visibility of an object by giving it internal linkage or no linkage, you or someone else is less likely to access the object inadvertently.

Example - Variable with External Linkage Used in One File

Header file:

/* file.h */
extern int var;

First source file:

/* file1.c */
#include "file.h"

int var;    /* Compliant */
int var2;   /* Non compliant */

void reset(void);

void reset(void) {

    static int var3=0; /* Compliant */
    var = 0;
    var2 = 0;
}

Second source file:

/* file2.c */
#include "file.h"

void increment(int var2);

void increment(int var2) {
    var++;
    var2++;
}

In this example:

  • The declaration of var is compliant because var is declared with external linkage and used in multiple files.

  • The declaration of var2 is noncompliant because var2 is declared with external linkage but used in one file only.

    It might appear that var2 is defined in both files. However, in the second file, var2 is a parameter with no linkage and is not the same as the var2 in the first file.

  • The declaration of var3 is compliant because var3 is declared with internal linkage (with the static specifier) and used in one file only.

Example - Function with External Linkage Used in One File

Header file:

/* file.h */
extern int var;
extern void increment1 (void);

First source file:

/* file1.c */
#include "file.h"

int var;

void increment2(void);
static void increment3(void);
void func(void);

void increment2(void) { /* Non compliant */
    var+=2;
}

static void increment3(void) { /* Compliant */
    var+=3;
}

void func(void) {
    increment1();
    increment2();
    increment3();
}

Second source file:

/* file2.c */
#include "file.h"

void increment1(void) { /* Compliant */
    var++;
}

In this example:

  • The definition of increment1 is compliant because increment1 is defined with external linkage and called in a different file.

  • The declaration of increment2 is noncompliant because increment2 is defined with external linkage but called in the same file and nowhere else.

  • The declaration of increment3 is compliant because increment3 is defined with internal linkage (with the static specifier) and called in the same file and nowhere else.

Issue

The issue occurs when the identifier of an object only appears in a single function but the object is defined beyond the block scope.

The rule checker flags static objects that are accessed in one function only but declared at file scope.

Risk

If you define an object at block scope, you or someone else is less likely to access the object inadvertently outside the block.

Example - Object Declared at File Scope but Used in One Function
static int ctr;   /* Non compliant */

int checkStatus(void);
void incrementCount(void);

void incrementCount(void) {
    ctr=0;
    while(1) {
        if(checkStatus())
            ctr++;
    }
}

In this example, the declaration of ctr is noncompliant because it is declared at file scope but used only in the function incrementCount. Declare ctr in the body of incrementCount to be MISRA C™-compliant.

Check Information

Group: Rec. 02. Declarations and Initialization (DCL)

Version History

Introduced in R2019a

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.