SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 214

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 215

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Klocwork

CERT_C-INT31-a
CERT_C-INT31-b
CERT_C-INT31-c
CERT_C-INT31-d
CERT_C-INT31-e
CERT_C-INT31-f
CERT_C-INT31-g
CERT_C-INT31-h
CERT_C-INT31-ib
CERT_C-INT31-jc
CERT_C-INT31-kd
CERT_C-INT31-le
CERT_C-INT31-mf
CERT_C-INT31-ng
CERT_C-INT31-o
h
CERT_C-INT31-i
CERT_C-INT31-j
CERT_C-INT31-k
CERT_C-INT31-l
CERT_C-INT31-m
CERT_C-INT31-n
CERT_C-INT31-o

CERT C: Rule INT31-C

C: ,

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported via MISRA C:2012 Rules 10.1, 10.3, 10.4, 10.6 and 10.7
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.CAST.PC.AV
LANG.CAST.PC.CONST2PTR
LANG.CAST.PC.INT

LANG.CAST.COERCE
LANG.CAST.VALUE

ALLOC.SIZE.TRUNC
MISC.MEM.SIZE.TRUNC

LANG.MEM.TBA

Cast: arithmetic type/void pointer
Conversion: integer constant to pointer
Conversion: pointer/integer

Coercion alters value
Cast alters value

Truncation of allocation size
Truncation of size

Tainted buffer access

Compass/ROSE

Can detect violations of this rule. However, false warnings may be raised if limits.h is included

Coverity*

Include Page
Coverity_V
Coverity_V

NEGATIVE_RETURNS

REVERSE_NEGATIVE

MISRA_CAST

Can find array accesses, loop bounds, and other expressions that may contain dangerous implied integer conversions that would result in unexpected behavior

Can find instances where a negativity check occurs after the negative value has been used for something else

Can find instances where an integer expression is implicitly converted to a narrower integer type, where the signedness of an integer value is implicitly converted, or where the type of a complex expression is implicitly converted

 Cppcheck
 
Include Page
Cppcheck_V
Cppcheck_V
memsetValueOutOfRangeThe second argument to memset() cannot be represented as unsigned char
Helix QAC

Include Page

Klocwork

Helix QAC_V

Klocwork_V

PRECISION.LOSS
PRECISION.LOSS.CALL

LDRA tool suite
Include Page
LDRA_VLDRA_V

93 S, 433 S, 434 S

Partially implemented

Helix QAC_V

C: 2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858, 2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898, 2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908

C++: 2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858, 2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898, 2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908, 3000, 3010


Klocwork
Include Page
Klocwork_V
Klocwork_V

PRECISION.LOSS
PRECISION.LOSS.CALL


LDRA tool suite
Include Page
LDRA_V
LDRA_V

93 S, 433 S, 434 S

Partially implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-INT31-a

Parasoft C/C++test
Include Page
Parasoft_VParasoft_V

An expression An expression of essentially Boolean type should always be used where an operand is interpreted as a Boolean value
An operand of essentially Boolean type should not be used where an operand is interpreted as a numeric value
An operand of essentially character type should not be used where an operand is interpreted as a numeric value
An operand of essentially enum type should not be used in an arithmetic operation
Shift and bitwise operations should not be performed on operands of essentially signed or enum type
An operand of essentially signed or enum type should not be used as the right hand operand to the bitwise shifting operator
An operand of essentially unsigned type should not be used as the operand to the unary minus operator
The value of an expression shall not be assigned to an object with a narrower essential type
The value of an expression shall not be assigned to an object of a different essential type category
Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category
The second and third operands of the ternary operator shall have the same essential type category
The value of a composite expression shall not be assigned to an object with wider essential type
If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type
If a composite expression is used as one (second or third) operand of a conditional operator then the other operand shall not have wider essential type
Avoid integer overflowsto the unary minus operator
The value of an expression shall not be assigned to an object with a narrower essential type
The value of an expression shall not be assigned to an object of a different essential type category
Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category
The second and third operands of the ternary operator shall have the same essential type category
The value of a composite expression shall not be assigned to an object with wider essential type
If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type
If a composite expression is used as one (second or third) operand of a conditional operator then the other operand shall not have wider essential type
Avoid integer overflows

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule INT31-C


Checks for:

  • Integer conversion overflow
  • Call to memset with unintended value
  • Sign change integer conversion overflow
  • Tainted sign change conversion
  • Unsigned integer conversion overflow

Rule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
Polyspace Bug Finder
Include Page
Polyspace Bug Finder_VPolyspace Bug Finder_V

Checks for:

  • Integer conversion overflow
  • Call to memset with unintended value
  • Sign change integer conversion overflow
  • Tainted sign change conversion
  • Unsigned integer conversion overflow

Rule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908

Partially implementedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898,

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908,

3000, 3010

PVS-Studio
Include Page
PVS-Studio_VPVS-Studio_VV569, V642, V724, V739, V1029, V1046
RuleChecker
Include Page
RuleChecker_VRuleChecker_VSupported via MISRA C:2012 Rules 10.1, 10.3, 10.4, 10.6 and 10.7TrustInSoft Analyzer
Include Page
TrustInSoft Analyzer_VTrustInSoft Analyzer_Vsigned_downcastExhaustively verified.Helix QAC
Include Page
Helix QAC_VHelix QAC_V

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908

Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++
_V
cplusplus:PRQA QA-C++_V

2850, 2851, 2852, 2853, 2855, 2856, 2857, 2858,

2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898,

2900, 2901, 2902, 2903, 2905, 2906, 2907, 2908,

3000, 3010


PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V569, V642, V724, V739, V1029, V1046

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V


Supported via MISRA C:2012 Rules 10.1, 10.3, 10.4, 10.6 and 10.7
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

signed_downcastExhaustively verified., 2901, 2902, 2903, 2905, 2906, 2907, 2908, 3000, 3010

* Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

...