Checker | Guideline |
|---|
| CertC-ARR01 | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
| CertC-ARR02 | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
| CertC-ARR30 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| CertC-ARR36 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| CertC-ARR37 | ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
| CertC-ARR39 | ARR39-C. Do not add or subtract a scaled integer to a pointer |
| CertC-CON32 | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
| CertC-CON40 | CON40-C. Do not refer to an atomic variable twice in an expression |
| CertC-DCL00 | DCL00-C. Const-qualify immutable objects |
| CertC-DCL01 | DCL01-C. Do not reuse variable names in subscopes |
| CertC-DCL02 | DCL02-C. Use visually distinct identifiers |
| CertC-DCL03 | DCL03-C. Use a static assertion to test the value of a constant expression |
| CertC-DCL04 | DCL04-C. Do not declare more than one variable per declaration |
| CertC-DCL05 | DCL05-C. Use typedefs of non-pointer types only |
| CertC-DCL06 | DCL06-C. Use meaningful symbolic constants to represent literal values |
| CertC-DCL07 | DCL07-C. Include the appropriate type information in function declarators |
| CertC-DCL09 | DCL09-C. Declare functions that return errno with a return type of errno_t |
| CertC-DCL11 | DCL11-C. Understand the type issues associated with variadic functions |
| CertC-DCL12 | DCL12-C. Implement abstract data types using opaque types |
| CertC-DCL13 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
| CertC-DCL15 | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
| CertC-DCL16 | DCL16-C. Use "L," not "l," to indicate a long value |
| CertC-DCL18 | DCL18-C. Do not begin integer constants with 0 when specifying a decimal value |
| CertC-DCL19 | DCL19-C. Minimize the scope of variables and functions |
| CertC-DCL20 | DCL20-C. Explicitly specify void when a function accepts no arguments |
| CertC-DCL21 | DCL21-C. Understand the storage of compound literals |
| CertC-DCL23 | DCL23-C. Guarantee that mutually visible identifiers are unique |
| CertC-DCL30 | DCL30-C. Declare objects with appropriate storage durations |
| CertC-DCL31 | DCL31-C. Declare identifiers before using them |
| CertC-DCL36 | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| CertC-DCL37 | DCL37-C. Do not declare or define a reserved identifier |
| CertC-DCL38 | DCL38-C. Use the correct syntax when declaring a flexible array member |
| CertC-DCL39 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| CertC-DCL40 | DCL40-C. Do not create incompatible declarations of the same function or object |
| CertC-DCL41 | DCL41-C. Do not declare variables inside a switch statement before the first case label |
| CertC-ENV30 | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| CertC-ENV32 | ENV32-C. All exit handlers must return normally |
| CertC-ENV33 | ENV33-C. Do not call system() |
| CertC-ERR07 | ERR07-C. Prefer functions that support error checking over equivalent functions that don't |
| CertC-ERR30 | ERR30-C. Take care when reading errno |
| CertC-ERR32 | ERR32-C. Do not rely on indeterminate values of errno |
| CertC-ERR33 | ERR33-C. Detect and handle standard library errors |
| CertC-ERR34 | ERR34-C. Detect errors when converting a string to a number |
| CertC-EXP00 | EXP00-C. Use parentheses for precedence of operation |
| CertC-EXP02 | EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
| CertC-EXP05 | EXP05-C. Do not cast away a const qualification |
| CertC-EXP07 | EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions |
| CertC-EXP10 | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
| CertC-EXP12 | EXP12-C. Do not ignore values returned by functions |
| CertC-EXP14 | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
| CertC-EXP15 | EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement |
| CertC-EXP19 | EXP19-C. Use braces for the body of an if, for, or while statement |
| CertC-EXP20 | EXP20-C. Perform explicit tests to determine success, true and false, and equality |
| CertC-EXP30 | EXP30-C. Do not depend on the order of evaluation for side effects |
| CertC-EXP32 | EXP32-C. Do not access a volatile object through a nonvolatile reference |
| CertC-EXP33 | EXP33-C. Do not read uninitialized memory |
| CertC-EXP34 | EXP34-C. Do not dereference null pointers |
| CertC-EXP35 | EXP35-C. Do not modify objects with temporary lifetime |
| CertC-EXP36 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| CertC-EXP37 | EXP37-C. Call functions with the correct number and type of arguments |
| CertC-EXP40 | EXP40-C. Do not modify constant objects |
| CertC-EXP42 | EXP42-C. Do not compare padding data |
| CertC-EXP44 | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
| CertC-EXP45 | EXP45-C. Do not perform assignments in selection statements |
| CertC-EXP46 | EXP46-C. Do not use a bitwise operator with a Boolean-like operand |
| CertC-EXP47 | EXP47-C. Do not call va_arg with an argument of the incorrect type |
| CertC-FIO30 | FIO30-C. Exclude user input from format strings |
| CertC-FIO34 | FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
| CertC-FIO37 | FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful |
| CertC-FIO38 | FIO38-C. Do not copy a FILE object |
| CertC-FIO39 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| CertC-FIO41 | FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
| CertC-FIO47 | FIO47-C. Use valid format strings |
| CertC-FLP02 | FLP02-C. Avoid using floating-point numbers when precise computation is needed |
| CertC-FLP06 | FLP06-C. Convert integers to floating point for floating-point operations |
| CertC-FLP07 | FLP07-C. Cast the return value of a function that returns a floating-point type |
| CertC-FLP30 | FLP30-C. Do not use floating-point variables as loop counters |
| CertC-FLP32 | FLP32-C. Prevent or detect domain and range errors in math functions |
| CertC-FLP37 | FLP37-C. Do not use object representations to compare floating-point values |
| CertC-INT00 | INT00-C. Understand the data model used by your implementation(s) |
| CertC-INT01 | INT01-C. Use rsize_t or size_t for all integer values representing the size of an object |
| CertC-INT05 | INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs |
| CertC-INT07 | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
| CertC-INT08 | INT08-C. Verify that all integer values are in range |
| CertC-INT09 | INT09-C. Ensure enumeration constants map to unique values |
| CertC-INT12 | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
| CertC-INT13 | INT13-C. Use bitwise operators only on unsigned operands |
| CertC-INT15 | INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types |
| CertC-INT17 | INT17-C. Define integer constants in an implementation-independent manner |
| CertC-INT30 | INT30-C. Ensure that unsigned integer operations do not wrap |
| CertC-INT33 | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| CertC-INT34 | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| CertC-INT36 | INT36-C. Converting a pointer to integer or integer to pointer |
| CertC-MEM01 | MEM01-C. Store a new value in pointers immediately after free() |
| CertC-MEM02 | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
| CertC-MEM30 | MEM30-C. Do not access freed memory |
| CertC-MEM31 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CertC-MEM33 | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
| CertC-MEM34 | MEM34-C. Only free memory allocated dynamically |
| CertC-MEM35 | MEM35-C. Allocate sufficient memory for an object |
| CertC-MEM36 | MEM36-C. Do not modify the alignment of objects by calling realloc() |
| CertC-MSC24 | MSC24-C. Do not use deprecated or obsolescent functions |
| CertC-MSC30 | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| CertC-MSC32 | MSC32-C. Properly seed pseudorandom number generators |
| CertC-MSC33 | MSC33-C. Do not pass invalid data to the asctime() function |
| CertC-MSC37 | MSC37-C. Ensure that control never reaches the end of a non-void function |
| CertC-POS30 | POS30-C. Use the readlink() function properly |
| CertC-POS34 | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
| CertC-POS35 | POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
| CertC-POS36 | POS36-C. Observe correct revocation order while relinquishing privileges |
| CertC-POS37 | POS37-C. Ensure that privilege relinquishment is successful |
| CertC-POS39 | POS39-C. Use the correct byte ordering when transferring data between systems |
| CertC-POS47 | POS47-C. Do not use threads that can be canceled asynchronously |
| CertC-POS49 | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
| CertC-POS54 | POS54-C. Detect and handle POSIX library errors |
| CertC-PRE00 | PRE00-C. Prefer inline or static functions to function-like macros |
| CertC-PRE01 | PRE01-C. Use parentheses within macros around parameter names |
| CertC-PRE02 | PRE02-C. Macro replacement lists should be parenthesized |
| CertC-PRE03 | PRE03-C. Prefer typedefs to defines for encoding non-pointer types |
| CertC-PRE04 | PRE04-C. Do not reuse a standard header file name |
| CertC-PRE05 | PRE05-C. Understand macro replacement when concatenating tokens or performing stringification |
| CertC-PRE06 | PRE06-C. Enclose header files in an include guard |
| CertC-PRE07 | PRE07-C. Avoid using repeated question marks |
| CertC-PRE08 | PRE08-C. Guarantee that header file names are unique |
| CertC-PRE09 | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
| CertC-PRE10 | PRE10-C. Wrap multistatement macros in a do-while loop |
| CertC-PRE11 | PRE11-C. Do not conclude macro definitions with a semicolon |
| CertC-PRE12 | PRE12-C. Do not define unsafe macros |
| CertC-PRE13 | PRE13-C. Use the Standard predefined macros to test for versions and features. |
| CertC-PRE30 | PRE30-C. Do not create a universal character name through concatenation |
| CertC-PRE31 | PRE31-C. Avoid side effects in arguments to unsafe macros |
| CertC-PRE32 | PRE32-C. Do not use preprocessor directives in invocations of function-like macros |
| CertC-SIG30 | SIG30-C. Call only asynchronous-safe functions within signal handlers |
| CertC-SIG31 | SIG31-C. Do not access shared objects in signal handlers |
| CertC-SIG34 | SIG34-C. Do not call signal() from within interruptible signal handlers |
| CertC-SIG35 | SIG35-C. Do not return from a computational exception signal handler |
| CertC-STR04 | STR04-C. Use plain char for characters in the basic character set |
| CertC-STR05 | STR05-C. Use pointers to const when referring to string literals |
| CertC-STR07 | STR07-C. Use the bounds-checking interfaces for string manipulation |
| CertC-STR09 | STR09-C. Don't assume numeric values for expressions with type plain character |
| CertC-STR10 | STR10-C. Do not concatenate different type of string literals |
| CertC-STR11 | STR11-C. Do not specify the bound of a character array initialized with a string literal |
| CertC-STR30 | STR30-C. Do not attempt to modify string literals |
| CertC-STR31 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CertC-STR32 | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| CertC-STR34 | STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
| CertC-STR37 | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
| CertC-STR38 | STR38-C. Do not confuse narrow and wide character strings and functions |
