CertC-INT09

Ensure enumeration constants map to unique values

Required inputs: IR

A C enumeration defines a type with a finite set of values represented by identifiers known as enumeration constants, or enumerators. An enumerator is a constant integer expression whose value is representable as an int. Although the language allows multiple enumerators of the same type to have the same value, it is a common expectation that all enumerators of the same type have distinct values. However, defining two or more enumerators of the same type to have the same value can lead to some nonobvious errors.

Noncompliant Code Example

In this noncompliant code example, two enumerators of type Color are assigned explicit values. It may not be obvious to the programmer that yellow and indigo have been declared to be identical values (6), as are green and violet (7). Probably the least dangerous error that can result from such a definition is attempting to use the enumerators as labels of a switch statement. Because all labels in a switch statement are required to be unique, the following code violates this semantic constraint and is required to be diagnosed by a conforming compiler:

enum Color { red=4, orange, yellow, green, blue, indigo=6, violet };

const char* color_name(enum Color col) {
  switch (col) {
  case red: return "red";
  case orange: return "orange";
  case yellow: return "yellow";
  case green: return "green";
  case blue: return "blue";
  case indigo: return "indigo";   /* Error: duplicate label (yellow) */
  case violet: return "violet";   /* Error: duplicate label (green) */
  }
}

Compliant Solution

To prevent the error discussed of the noncompliant code example, enumeration type declarations must take one of the following forms:

• Provide no explicit integer assignments, as in this example:

enum Color { red, orange, yellow, green, blue, indigo, violet };

• Assign a value to the first member only (the rest are then sequential), as in this example:

enum Color { red=4, orange, yellow, green, blue, indigo, violet };

• Assign a value to all members so any equivalence is explicit, as in this example:

enum Color {
  red=4,
  orange=5,
  yellow=6,
  green=7,
  blue=8,
  indigo=6,
  violet=7
};

It is also advisable to provide a comment explaining why multiple enumeration type members are being assigned the same value so that future maintainers do not mistakenly identify this form as an error.

Of these three options, providing no explicit integer assignments is the simplest and consequently the preferred approach unless the first enumerator must have a nonzero value.

Exceptions

INT09-C-EX1: In cases where defining an enumeration with two or more enumerators with the same value is intended, the constant expression used to define the value of the duplicate enumerator should reference the enumerator rather than the original enumerator's value. This practice makes the intent clear to both human readers of the code and automated code analysis tools that detect violations of this guideline and would diagnose them otherwise. Note, however, that it does not make it possible to use such enumerators in contexts where unique values are required (such as in a switch statement, as discussed earlier).

enum Color { red, orange, yellow, green, blue, indigo, violet=indigo };

Risk Assessment

Failing to ensure that constants within an enumeration have unique values can result in unexpected results.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
INT09-C	Low	Probable	Medium	P4	L3

Related Guidelines

SEI CERT C++ Coding Standard	VOID INT09-CPP. Ensure enumeration constants map to unique values
CERT Oracle Secure Coding Standard for Java	DCL56-J. Do not attach significance to the ordinal associated with an enum
ISO/IEC TR 24772:2013	Enumerator Issues [CCB]
MISRA C:2012	Rule 8.12 (required)

Excerpt from SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) and SEI CERT C Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/recommendations/integers-int/int09-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
duplicate_enum_value	Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

allow_equality_to_constant_defined_by_name_only

allow_equality_to_constant_defined_by_name_only : bool = False

If true, an implicitly-specified enumeration constant is allowed to be equal to an explicitly-specified constant, if that explicitly-specified constant is specified only using the name of another constant.