Checker | Guideline |
---|
| DCL00-C. Const-qualify immutable objects | DCL01-C. Do not reuse variable names in subscopes | DCL02-C. Use visually distinct identifiers | DCL03-C. Use a static assertion to test the value of a constant expression | DCL05-C. Use typedefs of non-pointer types only | DCL06-C. Use meaningful symbolic constants to represent literal values | DCL11-C. Understand the type issues associated with variadic functions | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const | DCL30-C. Declare objects with appropriate storage durations |
| DCL31-C. Declare identifiers before using them | DCL23-C. Guarantee that mutually visible identifiers are unique |
| DCL37-C. Do not declare or define a reserved identifier |
| DCL38-C. Use the correct syntax when declaring a flexible array member | EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators | EXP05-C. Do not cast away a const qualification |
| EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic | EXP09-C. Use sizeof to determine the size of a type or variable | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place | EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields | EXP12-C. Do not ignore values returned by functions | EXP30-C. Do not depend on the order of evaluation for side effects |
| EXP32-C. Do not access a volatile object through a nonvolatile reference |
| EXP33-C. Do not read uninitialized memory |
| EXP34-C. Do not dereference null pointers |
| EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| EXP37-C. Call functions with the correct number and type of arguments |
| EXP45EXP44-C. Do not perform assignments in selection statements | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int | INT01-C. Use rsize_t or size_t for all integer values representing the size of an object | INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs | INT06-C. Use strtol() or a related function to convert a string token to an integer | INT07-C. Use only explicitly signed or unsigned char type for numeric values | INT08-C. Verify that all integer values are in range | INT09-C. Ensure enumeration constants map to unique values | INT10-C. Do not assume a positive remainder when using the % operator | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression | INT13-C. Use bitwise operators only on unsigned operands | INT14-C. Avoid performing bitwise and arithmetic operations on the same data | rely on side effects in operands to sizeof, _Alignof, or _Generic |
| EXP45-C. Do not perform assignments in selection statements |
| INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size | INT30-C. Ensure that unsigned integer operations do not wrap |
| INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| INT36-C. Converting a pointer to integer or integer to pointer |
| FLP02-C. Avoid using floating-point numbers when precise computation is needed | FLP03-C. Detect and handle floating-point errors | FLP30-C. Do not use floating-point variables as loop countersFLP06-C. Convert integers to floating point for floating-point operations |
| FLP34-C. Ensure that floating-point conversions are within range of the new type | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
| ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
| ARR38-C. Guarantee that library functions do not form invalid pointers | STR03-C. Do not inadvertently truncate a string | STR04-C. Use plain char for characters in the basic character set |
| STR05-C. Use pointers to const when referring to string literals | STR06-C. Do not assume that strtok() leaves the parse string unchanged | STR30-C. Do not attempt to modify string literals |
| STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
| STR11-C. Do not specify the bound of a character array initialized with a string literal | STR37-C. Arguments to character-handling functions must be representable as an unsigned char | MEM00-C. Allocate and free memory in the same module, at the same level of abstraction | MEM01-C. Store a new value in pointers immediately after free() | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type | MEM03-C. Clear sensitive information stored in reusable resources |
| MEM04-C. Beware of zero-length allocations | MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap | MEM30-C. Do not access freed memory |
| MEM31-C. Free dynamically allocated memory when no longer needed |
| MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
| MEM34-C. Only free memory allocated dynamically |
| MEM35-C. Allocate sufficient memory for an object | FIO01-C. Be careful using functions that use file names for identification | FIO02-C. Canonicalize path names originating from tainted sources | FIO05-C. Identify files using multiple file attributes | FIO08-C. Take care when calling remove() on an open file | FIO09-C. Be careful with binary data when transferring data across systems | FIO11-C. Take care when specifying the mode parameter of fopen() |
| FIO13-C. Never push back anything other than one read character | FIO21-C. Do not create temporary files in shared directories | FIO22-C. Close files before spawning processes | FIO30-C. Exclude user input from format strings |
| FIO32-C. Do not perform operations on devices that are only appropriate for files |
| FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
| FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful |
| FIO38-C. Do not copy a FILE object |
| FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| FIO42-C. Close files when they are no longer needed |
| FIO44-C. Only use values for fsetpos() that are returned from fgetpos() |
| FIO46-C. Do not access a closed file | ENV01-C. Do not make assumptions about the size of an environment variable | ENV02-C. Beware of multiple environment variables with the same effective name |
| ENV30-C. Do not modify the object referenced by the return value of certain functions |
| ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
| ENV32-C. All exit handlers must return normally |
| ENV33-C. Do not call system() |
| ENV34-C. Do not store pointers returned by certain functions |
| SIG01-C. Understand implementation-specific details regarding signal handler persistence | SIG30-C. Call only asynchronous-safe functions within signal handlers |
| SIG31-C. Do not access shared objects in signal handlers |
| SIG34-C. Do not call signal() from within interruptible signal handlers | ERR05-C. Application-independent code should provide error detection without dictating error handling | ERR06-C. Understand the termination behavior of assert() and abort() |
| ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
| ERR32-C. Do not rely on indeterminate values of errno |
| ERR33-C. Detect and handle standard library errors |
| CON33-C. Avoid race conditions when using library functionsMSC21-C. Use robust loop termination conditions |
| MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| POS30-C. Use the readlink() function properly |
| POS33-C. Do not use vfork() |
| POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
| POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
| POS36-C. Observe correct revocation order while relinquishing privileges |
| POS54-C. Detect and handle POSIX library errors |
| ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
| ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
| DCL00-C. Const-qualify immutable objects |
| DCL01-C. Do not reuse variable names in subscopes |
| DCL02-C. Use visually distinct identifiers |
| DCL03-C. Use a static assertion to test the value of a constant expression |
| DCL05-C. Use typedefs of non-pointer types only |
| DCL06-C. Use meaningful symbolic constants to represent literal values |
| DCL11-C. Understand the type issues associated with variadic functions |
| DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
| DCL23-C. Guarantee that mutually visible identifiers are unique |
| ENV01-C. Do not make assumptions about the size of an environment variable |
| ENV02-C. Beware of multiple environment variables with the same effective name |
| ERR05-C. Application-independent code should provide error detection without dictating error handling |
| ERR06-C. Understand the termination behavior of assert() and abort() |
| EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
| EXP05-C. Do not cast away a const qualification |
| EXP09-C. Use sizeof to determine the size of a type or variable |
| EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
| EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields |
| EXP12-C. Do not ignore values returned by functions |
| EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
| FIO01-C. Be careful using functions that use file names for identification |
| FIO02-C. Canonicalize path names originating from tainted sources |
| FIO05-C. Identify files using multiple file attributes |
| FIO08-C. Take care when calling remove() on an open file |
| FIO09-C. Be careful with binary data when transferring data across systems |
| FIO11-C. Take care when specifying the mode parameter of fopen() |
| FIO13-C. Never push back anything other than one read character |
| FIO21-C. Do not create temporary files in shared directories |
| FIO22-C. Close files before spawning processes |
| FLP02-C. Avoid using floating-point numbers when precise computation is needed |
| FLP03-C. Detect and handle floating-point errors |
| FLP06-C. Convert integers to floating point for floating-point operations |
| INT01-C. Use rsize_t or size_t for all integer values representing the size of an object |
| INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs |
| INT06-C. Use strtol() or a related function to convert a string token to an integer |
| INT07-C. Use only explicitly signed or unsigned char type for numeric values |
| INT08-C. Verify that all integer values are in range |
| INT09-C. Ensure enumeration constants map to unique values |
| INT10-C. Do not assume a positive remainder when using the % operator |
| INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
| INT13-C. Use bitwise operators only on unsigned operands |
| INT14-C. Avoid performing bitwise and arithmetic operations on the same data |
| INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types |
| INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MEM00-C. Allocate and free memory in the same module, at the same level of abstraction |
| MEM01-C. Store a new value in pointers immediately after free() |
| MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
| MEM03-C. Clear sensitive information stored in reusable resources |
| MEM04-C. Beware of zero-length allocations |
| MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap |
| MSC01-C. Strive for logical completeness |
| MSC05-C. Do not manipulate time_t typed values directly |
| MSC17-C. Finish every set of statements associated with a case label with a break statement |
| MSC30MSC21-C. Do not use the rand() function for generating pseudorandom numbersUse robust loop termination conditions |
| POS01-C. Check for the existence of links when dealing with filesPOS30 |
| SIG01-C. Use the readlink() Understand implementation-specific details regarding signal handler persistence |
| STR03 function properlyPOS33-C. Do not use vfork() | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument | inadvertently truncate a string |
| STR04-C. Use plain char for characters in the basic character set |
| STR05-C. Use pointers to const when referring to string literals |
| STR06-C. Do not assume that strtok() leaves the parse string unchanged |
| STR11-C. Do not specify the bound of a character array initialized with a string literal | POS36-C. Observe correct revocation order while relinquishing privileges | POS35-C. Avoid race conditions while checking for the existence of a symbolic link | POS54-C. Detect and handle POSIX library errors |