[metadata]
id = "DCL12-C"
type = "recommendation"
category = "DCL"
number = 12
title = "Implement abstract data types using opaque types"
description = """
Abstract data types are not restricted to object-oriented languages such as C++
and Java. They should be created and used in C language programs as well.
Abstract data types are most effective when used with private (opaque) data
types and information hiding. This noncompliant code example is based on the
managed string library developed by CERT [Burch 2006]. In this example, the
managed string type and the functions that operate on this type are defined in
thestring_m.hheader file as follows: struct string_mx { size_t size; size_t
maxsize; unsigned char strtype; char *cstr; }; typedef struct string_mx
string_mx; /* Function declarations */ extern errno_t strcpy_m(string_mx *s1,
const string_mx *s2); extern errno_t strcat_m(string_mx *s1, const string_mx
*s2); /* ... */
"""
severity = "Low"
likelihood = "Unlikely"
priority = "P1"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 19, 2025"
[rules.cert_c.DCL12-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/DCL12-C.+Implement+abstract+data+types+using+opaque+types"