(no title)

BudVVeezer and bgtnhz have already made some of my points for me. "EXP05-C. Do not cast away a const qualification" is a recommendation largely because casting away constness isn't undefined behavior. There is a also a rule "EXP40-C. Do not modify constant objects" which defines a normative requirement not to modify constant objects which would result in undefined behavior. The intent of the exception to EXP05-C is to let authors of API constrain how objects of types they expose can be used by users without forcing the same constraints on the implementation. In C++, this can be done by making class members private and providing inline member functions. In C, the options are using opaque types (which has a performance cost because they can only be accessed by non-inline functions defined in the implementation's .c files), or making the struct pointer members const and casting the const away in inline functions. This is safe because the implementer knows that the objects the const pointers do not point to const objects (because the implementation initialized them). We're considering getting rid of the exceptions and risk assessments for recommendations because it suggests that conformance to recommendations is required.

If you are investigating the CERT coding standards, I would recommend focusing on the rules more than the recommendations. The rules are normative and give excellent advice on how to write secure code. The recommendations are generally more about code quality than likely security defects.

More information on the distinction can be found at: https://www.securecoding.cert.org/confluence/display/seccode...

Casting const away is never undefined. However modifying objects defined with const is. If the object was never defined with the const qualifier, then there is no problem with the casting.