Checker | Guideline |
---|
CODSTA-122_{a,b} | FIO04-CPP. Detect and handle input and output errors |
JSF-166_{b,c} | EXP52-CPP. Do not rely on side effects in unevaluated operands |
JSF-186_{a, b, c, d, e, f, g} | MSC07-CPP. Detect and remove dead code |
JSF-186_{a,b,c,d,e,f,g} | MSC12-CPP. Detect and remove code that has no effect |
MISRA2004-10_2_{b,c,d} | FLP03-CPP. Detect and handle floating point errors |
BD-PB-ARRAY | EXP08-CPP. Ensure pointer arithmetic is used correctly |
BD-PB-NOTINIT | EXP53-CPP. Do not read uninitialized memory |
BD-PB-NP | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members |
BD-PB-NP | MSC08-CPP. Functions should validate their parameters |
BD-PB-OVERFWR | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
BD-PB-OVERF{RD, WR, FMT, NZT} | CTR52-CPP. Guarantee that library functions do not form invalid iteratorsoverflow |
BD-PB-OVERF{RD, WR, FMT, NZT} | STR53-CPP. Range check element access |
BD-PB-OVERNZT | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
BD-PB-SWITCH | MSC07-CPP. Detect and remove dead code |
BD-PB-SWITCH | MSC12-CPP. Detect and remove code that has no effect |
BD-PB-ZERO | FLP03-CPP. Detect and handle floating point errors |
BD-RES-FREE | EXP54-CPP. Do not access an object outside of its lifetime |
BD-RES-FREE | MEM50-CPP. Do not access freed memory |
BD-RES-LEAKS | FIO51-CPP. Close files when they are no longer needed |
BD-RES-LEAKS | ERR56-CPP. Guarantee exception safety |
BD-RES-LEAKS | ERR57-CPP. Do not leak resources when handling exceptions |
BD-SECURITY-INTOVERF | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
BD-SECURITY-OVERFRD | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
BD-SECURITY-OVERFWR | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
BD-SECURITY-TDFNAMES | FIO02-CPP. Canonicalize path names originating from untrusted sources |
BD-SECURITY-TDFNAMES | MSC09-CPP. Character encoding: Use subset of ASCII for safety |
BD-SECURITY-TDFNAMES | MSC10-CPP. Character encoding: UTF8-related issues |
BD-SECURITY-{TDCMD, TDFNAMES, TDSQL} | STR02-CPP. Sanitize data passed to complex subsystems |
BD-TRS-DLOCK | CON53-CPP. Avoid deadlock by locking in a predefined order |
CODSTA-11 | MSC11-CPP. Incorporate diagnostic tests using assertions |
CODSTA-122_{a,b} | ERR10-CPP. Check for error conditions |
CODSTA-122{a,b} | EXP12-CPP. Do not ignore values returned by functions or methods |
CODSTA-198 | MSC01-CPP. Strive for logical completeness |
CODSTA-26 | DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic |
CODSTA-34 | DCL05-CPP. Use typedefs to improve code readability |
CODSTA-63 | EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts |
CODSTA-69 | STR07-CPP. Don't assume numeric values for expressions with type plain character |
CODSTA-74 | DCL59DCL58-CPP. Do not define an unnamed namespace in a header file |
CODSTA-97 | EXP00-CPP. Use parentheses for precedence of operation |
CODSTA-CPP-01 | FIO17-CPP. Prefer streams to C-style input and output |
CODSTA-CPP-05 | OOP01-CPP. Be careful with the definition of conversion operators |
CODSTA-CPP-09 | EXP13-CPP. Prefer dynamic_cast over static_cast over reinterpret_cast |
CODSTA-CPP-09 | EXP14-CPP. Do not use reinterpret_cast on pointers to class objects with multiple inheritence |
CODSTA-CPP-70 | MSC21-CPP. Use inequality to terminate a loop whose counter changes by more than one |
CODSTA-CPP04 | OOP09-CPP. Ensure that single-argument constructors are marked "explicit" |
CPP-83 | DCL01-CPP. Do not reuse variable names in subscopes |
CPP-84 | DCL01-CPP. Do not reuse variable names in subscopes |
EXCEPT-02 | ERR09-CPP. Throw anonymous temporaries |
EXCEPT-13 | ERR51-CPP. Handle all exceptions |
EXCEPT-14 | ERR55-CPP. Honor exception specifications |
EXCEPT-16 | ERR53-CPP. Do not reference base classes or class data members in a constructor or destructor function-try-block handler |
EXCEPT-17 | ERR54-CPP. Catch handlers should order their parameter types from most derived to least derived |
EXCEPT-18 | ERR58-CPP. Constructors of objects with static or thread storage duration must not throw exceptions |
FORMAT-29 | DCL04-CPP. Do not declare more than one variable per declaration |
FORMAT-31 | EXP17-CPP. Treat relational and equality operators as if they were nonassociative |
INIT-03 | DCL19-CPP. Initialize automatic local variables on declaration |
INIT-04 | DCL19-CPP. Initialize automatic local variables on declaration |
INIT-10 | OOP53-CPP. Write constructor member initializers in the canonical order |
INIT-12 | DCL14-CPP. Avoid assumptions about the initialization order between translation units |
JSF-009 | MSC09-CPP. Character encoding: Use subset of ASCII for safety |
JSF-014 | DCL16-CPP. Use "L," not "l," to indicate a long value |
JSF-020 | ERR52-CPP. Do not use setjmp() or longjmp() |
JSF-094 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
JSF-094_b | OOP02-CPP. Do not hide inherited non-virtual member functions |
JSF-114 | MSC54-CPP. Value-returning functions must return a value from all exit paths |
JSF-117_a | OOP51-CPP. Do not slice derived objects |
JSF-118 | DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const |
JSF-126 | MSC04-CPP. Use comments consistently and in a readable fashion |
JSF-136_{a,b} | DCL07-CPP. Minimize the scope of variables and methods |
JSF-137 | DCL15-CPP. Declare file-scope objects or functions that do not need external linkage in an unnamed namespace |
JSF-147 | MSC14-CPP. Do not introduce unnecessary platform dependencies |
JSF-157 | EXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operators |
JSF-159 | DCL10-CPP. Do not overload the ampersand, comma, logical AND or logical OR operators |
JSF-159b | DCL10-CPP. Do not overload the ampersand, comma, logical AND or logical OR operators |
JSF-166 | EXP52-CPP. Do not rely on side effects in unevaluated operands |
JSF-187 | MSC03-CPP. Avoid errors of addition |
JSF-193 | MSC18-CPP. Finish every set of statements associated with a case label with a break statement |
JSF-194 | MSC01-CPP. Strive for logical completeness |
JSF-203 | MSC15-CPP. Do not depend on undefined behavior |
JSF-204.1{a,b,c,d,g} | EXP50-CPP. Do not depend on the order of evaluation for side effects |
MEM-06 | MEM51-CPP. Properly deallocate dynamically allocated resources |
MEM-12 | MEM51-CPP. Properly deallocate dynamically allocated resources |
MEM-28 | MEM51-CPP. Properly deallocate dynamically allocated resources |
MEM-29 | MEM51-CPP. Properly deallocate dynamically allocated resources |
MISRA-043_{c,d} | FLP05-CPP. Convert integers to floating point for floating point operations |
MISRA-043{b} | INT02-CPP. Understand integer conversion rules |
MISRA-043{b} | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
MISRA-096 | PRE02-CPP. Macro replacement lists should be parenthesized |
MISRA-101 | EXP08-CPP. Ensure pointer arithmetic is used correctly |
MISRA2004-11_4 | EXP56-CPP. Do not cast pointers into more strictly aligned pointer types |
MISRA2004-13_3 | FLP00-CPP. Understand the limitations of floating-point numbers |
MISRA2004-13_3 | FLP02-CPP. Avoid using floating point numbers when precise computation is needed |
MISRA2004-14_2 | MSC13-CPP. Detect and remove unused values |
MISRA2004-16_1 | DCL50-CPP. Do not define a C-style variadic function |
MISRA2004-19_10 | PRE01-CPP. Use parentheses within macros around parameter names |
MISRA2004-19_7 | PRE00-CPP. Avoid defining macros |
MISRA2004-20_10 | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
MISRA2004-4_2-3 | PRE07-CPP. Avoid using repeated question marks |
MISRA2004-6_1 | STR00-CPP. Represent characters using an appropriate type |
MISRA2004-6_1 | STR04-CPP. Use plain char for characters in the basic character set |
MISRA2004-6_4 | INT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression |
MISRA2004-6_{1,2} | INT07-CPP. Use only explicitly signed or unsigned char type for numeric values |
MISRA2008-15_3_1 | ERR58-CPP. Constructors of objects with static or thread storage duration must not throw exceptions |
MISRA2008-15_5_2 | ERR55-CPP. Honor exception specifications |
MISRA2008-17_0_1_{a, b} | DCL51-CPP. Do not declare or define a reserved identifier |
MISRA2008-5_0_21 | INT13-CPP. Use bitwise operators only on unsigned operands |
MISRA2008-5_0_21 | INT16-CPP. Do not make assumptions about representation of signed integers |
MISRA2008-5_2_8 | EXP16-CPP. Avoid conversions using void pointers |
MISRA2008-5_2_8 | INT11-CPP. Take care when converting from pointer to integer or integer to pointer | MISRA2008-7_1_1 | DCL00-CPP. Const-qualify immutable objects |
MISRA2012-RULE-21_4_{a,b} | ERR52-CPP. Do not use setjmp() or longjmp() |
MISRA2012-RULE-21_5_b | MSC56-CPP. A signal handler must be a plain old function |
MISRA2012-RULE-21_5_b | SIG00-CPP. Mask signals handled by noninterruptible signal handlers |
MISRA2012-RULE-21_5_b | SIG01-CPP. Understand implementation-specific details regarding signal handler persistence |
MISRA2012-RULE-21_5_b | SIG02-CPP. Avoid using signals to implement normal functionality |
MISRA2012-RULE-21_8 | ENV02-CPP. Do not call system() if you do not need a command processor |
MISRA2012-RULE-21_8 | ERR04-CPP. Choose an appropriate termination strategy |
MISRA2012-RULE-21_8 | ERR05-CPP. Application-independent code should provide error detection without dictating error handling |
MISRA2012-RULE-8_12 | INT09-CPP. Ensure enumeration constants map to unique values |
MRM-09 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
MRM-10 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
MRM-11 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
MRM-14 | MEM55-CPP. Honor replacement dynamic storage management requirements |
MRM-15 | MEM55-CPP. Honor replacement dynamic storage management requirements |
MRM-18 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
MRM-19 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
MRM-20 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
MRM-26 | DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope |
MRM-27 | DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope |
MRM-34 | MEM52-CPP. Detect and handle memory allocation errors |
MRM-39 | FIO04-CPP. Detect and handle input and output errors |
MRM-45 | EXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to type |
MRM-50 | OOP06-CPP. Create a private copy constructor and assignment operator for non copyable objects |
NAMING-45 | DCL02-CPP. Use visually distinct identifiers |
OOP-02 | OOP51-CPP. Do not slice derived objects |
OOP-03 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
OOP-04 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
OOP-07 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
OOP-12 | OOP08-CPP. Do not return references to private data |
OOP-13 | OOP04-CPP. Prefer not to give virtual functions default argument initializers |
OOP-16 | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
OOP-17 | OOP03-CPP. Prefer not to overload virtual functions |
OOP-22 | OOP52-CPP. Do not delete a polymorphic object without a virtual destructor |
OOP-34 | OOP54-CPP. Gracefully handle self-assignment |
OOP-48 | OOP00-CPP. Declare data members private |
OPT-04 | EXP18-CPP. Prefer the prefix forms of ++ and -- |
OPT-14 | DCL17-CPP. Declare function parameters that are large data structures and are not changed by the function as const references |
PB-10 | EXP51-CPP. Do not delete an array through a pointer of the incorrect type |
PB-10 | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
PB-32 | CTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array |
PB-32 | EXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to type |
PB-35 | MSC02-CPP. Avoid errors of omission |
PB-45 | FIO00-CPP. Take care when creating format strings |
PB-46 | FIO00-CPP. Take care when creating format strings |
PB-47 | FIO00-CPP. Take care when creating format strings |
PB-48 | FIO00-CPP. Take care when creating format strings |
PB-49 | FIO00-CPP. Take care when creating format strings |
PB-50 | FIO00-CPP. Take care when creating format strings |
PB-54 | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
PB-55 | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
PB-BD-CC | MSC02-CPP. Avoid errors of omission |
PFO-02 | PRE06-CPP. Enclose header files in an inclusion guard |
Runtime detection | EXP51-CPP. Do not delete an array through a pointer of the incorrect type |
Runtime detection | EXP53-CPP. Do not read uninitialized memory |
Runtime detection | EXP54-CPP. Do not access an object outside of its lifetime |
Runtime detection | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
Runtime detection | MEM50-CPP. Do not access freed memory |
Runtime detection | MEM51-CPP. Properly deallocate dynamically allocated resources |
Runtime detection | MEM52-CPP. Detect and handle memory allocation errors |
Runtime detection | FIO51-CPP. Close files when they are no longer needed |
Runtime detection | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members |
Runtime detection | DCL19-CPP. Initialize automatic local variables on declaration |
Runtime detection | FIO04-CPP. Detect and handle input and output errors |
Runtime detection | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
Runtime detection | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
SECURITY-02 | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers |
SECURITY-03 | ENV00-CPP. Beware of multiple environment variables with the same effective name |
SECURITY-12 | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
SECURITY-13 | INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs |
SECURITY-15 | ERR12-CPP. Do not allow exceptions to transmit sensitive information |
SECURITY-19 | FIO19-CPP. Do not create temporary files in shared directories |
SECURITY-25 | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
SECURITY-27 | FIO01-CPP. Be careful using functions that use file names for identification |
SECURITY-40 | FIO06-CPP. Create files with appropriate access permissions |
STL-02 | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
STL-07 | CTR04-CPP. Assume responsibility for cleaning up data referenced by a container of pointers |
STL-10 | CTR00-CPP. Understand when to prefer vectors over arrays |
STL-36 | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
STL-36 | CTR53-CPP. Use valid iterator ranges |