Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated parasoft

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE



Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

Coverity
Include Page
Coverity_V
Coverity_V

STRING_OVERFLOW

BUFFER_SIZE

OVERRUN

STRING_SIZE

Fully implemented

Fortify SCA

5.0



Klocwork

Include Page
Klocwork_V
Klocwork_V

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF


LDRA tool suite

Include Page
LDRA_V
LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test
Include Page
c:Parasoft_Vc:
Parasoft_V
BD-PB-OVERFWR, BD-PB-ARRAY, BD-PB-OVERFWR, BD-SECURITY-BUFWRITE, BD-SECURITY-OVERFWR, SECURITY-12Implemented
Polyspace Bug FinderR2016a
Guarantee that storage for strings has sufficient space for character data and null terminator

Splint

Include Page
Splint_V
Splint_V



PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
2845, 2846, 2847, 2848, 2849, 5009Partially implemented
 PRQA QA-C++4.2 0145, 2845, 2846, 2847, 2848, 2849, 2840, 2841, 2842, 2843, 2844, 2930, 2831, 2831, 2832, 2833, 2934 

...