SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 205

changes.mady.by.user Jakub Zwolakowski

Saved on

compared with

New Version 206

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported via MISRA C:2012 Rules 10.1, 10.3, 10.4, 10.6 and 10.7
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.CAST.PC.AV
LANG.CAST.PC.CONST2PTR
LANG.CAST.PC.INT

LANG.CAST.COERCE
LANG.CAST.VALUE

ALLOC.SIZE.TRUNC
MISC.MEM.SIZE.TRUNC

LANG.MEM.TBA

Cast: arithmetic type/void pointer
Conversion: integer constant to pointer
Conversion: pointer/integer

Coercion alters value
Cast alters value

Truncation of allocation size
Truncation of size

Tainted buffer access

Compass/ROSE

Can detect violations of this rule. However, false warnings may be raised if limits.h is included

Coverity*

Include Page
Coverity_V
Coverity_V

NEGATIVE_RETURNS

REVERSE_NEGATIVE

MISRA_CAST

Can find array accesses, loop bounds, and other expressions that may contain dangerous implied integer conversions that would result in unexpected behavior

Can find instances where a negativity check occurs after the negative value has been used for something else

Can find instances where an integer expression is implicitly converted to a narrower integer type, where the signedness of an integer value is implicitly converted, or where the type of a complex expression is implicitly converted

 Cppcheck
 
Include Page
Cppcheck_V
Cppcheck_V
memsetValueOutOfRangeThe second argument to memset() cannot be represented as unsigned char
Klocwork
Include Page
Klocwork_V
Klocwork_V

PRECISION.LOSS
PRECISION.LOSS.CALL


LDRA tool suite
Include Page
LDRA_V
LDRA_V

93 S, 433 S, 434 S

Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-INT31-a
CERT_C-INT31-b
CERT_C-INT31-c
CERT_C-INT31-d
CERT_C-INT31-e
CERT_C-INT31-f
CERT_C-INT31-g
CERT_C-INT31-h
CERT_C-INT31-i
CERT_C-INT31-j
CERT_C-INT31-k
CERT_C-INT31-l
CERT_C-INT31-m
CERT_C-INT31-n

An expression of essentially Boolean type should always be used where an operand is interpreted as a Boolean value
An operand of essentially Boolean type should not be used where an operand is interpreted as a numeric value
An operand of essentially character type should not be used where an operand is interpreted as a numeric value
An operand of essentially enum type should not be used in an arithmetic operation
Shift and bitwise operations should not be performed on operands of essentially signed or enum type
An operand of essentially signed or enum type should not be used as the right hand operand to the bitwise shifting operator
An operand of essentially unsigned type should not be used as the operand to the unary minus operator
The value of an expression shall not be assigned to an object with a narrower essential type
The value of an expression shall not be assigned to an object of a different essential type category
Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category
The second and third operands of the ternary operator shall have the same essential type category
The value of a composite expression shall not be assigned to an object with wider essential type
If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type
If a composite expression is used as one (second or third) operand of a conditional operator then the other operand shall not have wider essential type

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule INT31-C


Checks for:

  • Integer conversion overflow
  • Call to memset with unintended value
  • Sign change integer conversion overflow
  • Tainted sign change conversion
  • Unsigned integer conversion overflow

MISRA C:2012 Rule 10.1

MISRA C:2012 Rule 10.3

MISRA C:2012 Rule 10.4

MISRA C:2012 Rule 10.6

MISRA C:2012 Rule 10.7

Overflow when converting between integer types

memset or wmemset used with possibly incorrect arguments

Overflow when converting between signed and unsigned integers

 Value from an unsecure source changes sign

 Overflow when converting between unsigned integer types

Operands shall not be of an inappropriate essential type

The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category

Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category

The value of a composite expression shall not be assigned to an object with wider essential type

If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential typeRule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908

Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898,

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908,

3000, 3010


PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V569, V642, V724, V739
RuleChecker

Include Page
RuleChecker_V
RuleChecker_V


Supported via MISRA C:2012 Rules 10.1, 10.3, 10.4, 10.6 and 10.7
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

signed_downcastExhaustively verified.

...