Checker | Guideline |
|---|
| ALLOC.DF | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.DF | OOP54-CPP. Gracefully handle self-copy assignment |
| ALLOC.FNH | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.LEAK | MEM51-CPP. Properly deallocate dynamically allocated resources |
Checker | Guideline |
|---|
| (custom) | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| (customization) | FIO06-CPP. Create files with appropriate access permissions |
| (customization) | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| (general) | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| ALLOC.LEAK | FIO51-CPP. Close files when they are no longer needed |
| ALLOC.LEAK | ERR56-CPP. Guarantee exception safety |
| ALLOC.LEAK | ERR57-CPP. Do not leak resources when handling exceptions |
| ALLOC.LEAK | MEM12 OOP54-CPP. Do not assume infinite heap spaceGracefully handle self-copy assignment |
| ALLOC.SIZE.ADDOFLOWTM | INT18 EXP51-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeDo not delete an array through a pointer of the incorrect type |
| ALLOC.SIZE.IOFLOWTM | INT18 MEM51-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeProperly deallocate dynamically allocated resources |
| ALLOC.SIZE.MULOFLOWUAF | INT18 EXP54-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeDo not access an object outside of its lifetime |
| ALLOC.SIZE.MULOFLOWUAF | MEM07 CTR51-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t |
| ALLOC.SIZE.SUBUFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Use valid references, pointers, and iterators to reference elements of a container |
| ALLOC.UAF | STR52-CPP. Use valid references, pointers, and iterators to reference elements of a basic_string |
| ALLOC.UAF | MEM50-CPP. Do not access freed memory | ALLOC.SIZE.TRUNC | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| ALLOC.UAF | EXP54 OOP54-CPP. Do not access an object outside of its lifetime | ALLOC.UAF | Gracefully handle self-copy assignment |
| BADFUNC.ABORT | ERR50MEM50-CPP. Do not access freed memoryabruptly terminate the program |
| BADFUNC.ATOF | INT06 ERR62-CPP. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number |
| BADFUNC.ATOI | INT06 ERR62-CPP. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number |
| BADFUNC.ATOL | INT06 ERR62-CPP. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number |
| BADFUNC.ATOLL | INT06 ERR62-CPP. Use strtol() or a related function to convert a string token to an integerDetect errors when converting a string to a number |
| BADFUNC.BO.* | CTR52-CPP. Guarantee that library functions do not overflow |
| BADFUNC.EXIT | ERR50-CPP. Do not abruptly terminate the program |
| BADFUNC.LONGJMP | ERR52-CPP. Do not use setjmp() or longjmp() |
| BADFUNC.MEMSETMEMCMP | MSC06 EXP62-CPP. Be aware of compiler optimization when dealing with sensitive dataDo not access the bits of an object representation that are not part of the object's value representation |
| BADFUNC.MEMCMP | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions |
| BADFUNC.MEMSET | EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation |
| BADFUNC.MEMSET | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions | BADFUNC.PATH.SYSTEM | ENV02-CPP. Do not call system() if you do not need a command processor |
| BADFUNC.RANDOM.RAND | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers | BADFUNC.RANDOM.RAND | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| BADFUNC.SETJMP | ERR52-CPP. Do not use setjmp() or longjmp() |
| BADFUNC BADMACRO.SIGNALOFFSETOF | SIG02 EXP59-CPP. Avoid using signals to implement normal functionalityUse offsetof() on valid types and members |
| BADMACRO.STDARGBADFUNC.STDIO_H | FIO17 EXP58-CPP. Prefer streams to C-style input and output |
| BADFUNC.TEMP.* | FIO01-CPP. Be careful using functions that use file names for identification |
| BADFUNC.TEMP.* | FIO19-CPP. Do not create temporary files in shared directories |
| BADFUNC.TTYNAME | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| BADFUNC.WCHAR_H | FIO17-CPP. Prefer streams to C-style input and output |
| Pass an object of the correct type to va_start |
| CONCURRENCY.BADFUNC.CNDSIGNAL | CON55-CPP. Preserve thread safety and liveness when using condition variables |
| CONCURRENCY.BADFUNC.CNDWAIT | CON54-CPP. Wrap functions that can spuriously wake up in a loop |
| CONCURRENCY.DATARACE | CON52-CPP. Prevent data races when accessing bit-fields from multiple threads |
| CONCURRENCY.LOCALARG | CON50-CPP. Do not destroy a mutex while it is locked |
| CONCURRENCY.LOCK.NOUNLOCK | CON51-CPP. Ensure actively held locks are released on exceptional conditions | BUILD.WALL | MSC00-CPP. Compile cleanly at high warning levels |
| CONCURRENCY.LOCK.ORDER | CON53-CPP. Avoid deadlock by locking in a predefined order |
| IO CONCURRENCY.INJ.COMMANDTL | STR02 CON56-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.FMT | FIO00-CPP. Take care when creating format strings |
| IO.INJ.FMT | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.LDAP | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.LIB | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.SQL | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.RACE | FIO01-CPP. Be careful using functions that use file names for identification |
| IO.TAINT.ADDR | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| IO.TAINT.FNAME | FIO01-CPP. Be careful using functions that use file names for identification |
| IO.TAINT.FNAME | FIO02-CPP. Canonicalize path names originating from untrusted sources |
| Do not speculatively lock a non-recursive mutex that is already owned by the calling thread |
| HARDCODED.SEED | MSC51-CPP. Ensure your random number generator is properly seeded |
| IO.DC | OOP54-CPP. Gracefully handle self-copy assignment |
| IO.IOWOP | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call |
| IO.OIWOP | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call | IO.TAINT.SIZE | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| IO.UAC | EXP54-CPP. Do not access an object outside of its lifetime |
| LANG IO.CAST.COERCEUAC | INT18 OOP54-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeGracefully handle self-copy assignment |
| LANG.CAST.PC.AVCOERCE | EXP16 INT50-CPP. Avoid conversions using void pointersDo not cast to an out-of-range enumeration value |
| LANG.CAST.PC.AVOBJSLICE | INT11 OOP51-CPP. Take care when converting from pointer to integer or integer to pointerDo not slice derived objects |
| LANG.CAST.PC.INC | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| LANG.CAST.PC.INTVALUE | INT11 INT50-CPP. Take care when converting from pointer to integer or integer to pointerDo not cast to an out-of-range enumeration value |
| LANG.CASTFUNCS.PC.PVCOPINC | EXP16 OOP58-CPP. Avoid conversions using void pointersCopy operations must not mutate the source object |
| LANG.CASTID.NU.RIPMK | EXP15 DCL51-CPP. Beware of integer promotion when performing bitwise operations on chars or shortsDo not declare or define a reserved identifier |
| LANG.CASTMEM.VALUEBO | INT18 CTR50-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeGuarantee that container indices and iterators are within the valid range |
| LANG.FUNCSMEM.IRVBO | ERR10 CTR52-CPP. Check for error conditionsGuarantee that library functions do not overflow |
| LANG.FUNCSMEM.IRVBO | EXP12 CTR53-CPP. Do not ignore values returned by functions or methodsUse valid iterator ranges |
| LANG.IDMEM.AMBIGBO | DCL02 STR50-CPP. Use visually distinct identifiersGuarantee that storage for strings has sufficient space for character data and the null terminator |
| LANG.IDMEM.ND.NESTBO | DCL01 STR53-CPP. Do not reuse variable names in subscopesRange check element access |
| LANG.IDMEM.NU.MKBO | DCL51 MEM54-CPP. Do not declare or define a reserved identifierProvide placement new with properly aligned pointers to sufficient storage capacity |
| LANG.MEM.BOBU | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.BU | STR53-CPP. Range check element access |
| LANG.MEM.BONPD | STR50 EXP63-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminatorDo not rely on the value of a moved-from object |
| LANG.MEM.NPD | STR51-CPP. Do not attempt to create a std::string from a null pointer |
| LANG.MEM.NPD | OOP54-CPP. Gracefully handle self-copy assignment |
| LANG.MEM.BUTBA | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TABTBA | INT04 CTR52-CPP. Enforce limits on integer values originating from untrusted sourcesGuarantee that library functions do not overflow |
| LANG.MEM.TBA | CTR50 STR53-CPP. Guarantee that container indices and iterators are within the valid rangeRange check element access |
| LANG.MEM.TO | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TO | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| LANG.MEM.TO | STR53-CPP. Range check element access |
| LANG.MEM.TU | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TU | STR53-CPP. Range check element access |
| LANG.MEM.UVAR | EXP53-CPP. Do not read uninitialized memory |
| LANG.MEM.UVAR | MEM09 EXP63-CPP. Do not assume memory allocation routines initialize memoryrely on the value of a moved-from object |
| LANG.PREPROCMEM.MACROENDUVAR | PRE02 OOP55-CPP. Macro replacement lists should be parenthesizedDo not use pointer-to-member operators to access nonexistent members |
| LANG.PREPROCSTRUCT.MACROENDCUP | PRE11 CTR54-CPP. Do not conclude macro definitions with a semicolonnot subtract iterators that do not refer to the same container |
| LANG.STRUCT.DECL.ANH | DCL59-CPP. Do not define an unnamed namespace in a header file | LANG.PREPROC.MACROSTART | PRE02-CPP. Macro replacement lists should be parenthesized |
| LANG.STRUCT.DECL.CONDASSIGFNEST | EXP19 DCL53-CPP. Do not perform assignments in conditional expressionswrite syntactically ambiguous declarations |
| LANG.STRUCT.DECL.FAMRESERVED | CTR02 DCL51-CPP. Explicitly specify array bounds, even if implicitly defined by an initializerDo not declare or define a reserved identifier |
| LANG.STRUCT.DECL.MLSNM | DCL04 DCL58-CPP. Do not declare more than one variable per declarationmodify the standard namespaces |
| LANG.STRUCT.DEF.FDH | MSC52 DCL60-CPP. Obey the one-definition rule |
| LANG.STRUCT.DEF.ODH | MSC52 DCL60-CPP. Obey the one-definition rule |
| LANG.STRUCT.EBSDNVD | MSC12 OOP52-CPP. Detect and remove code that has no effectDo not delete a polymorphic object without a virtual destructor |
| LANG.STRUCT.INIT.ENUMELLIPSIS | INT09 DCL50-CPP. Ensure enumeration constants map to unique valuesDo not define a C-style variadic function |
| LANG.STRUCT.EXCP.MRSCATCH | MSC54 DCL57-CPP. Value-returning functions must return a value from all exit pathsDo not let exceptions escape from destructors or deallocation functions |
| LANG.STRUCT.EXCP.PBBCATCH | CTR50 ERR61-CPP. Guarantee that container indices and iterators are within the valid rangeCatch exceptions by lvalue reference |
| LANG.STRUCT.PPEEXCP.THROW | CTR50 DCL57-CPP. Guarantee that container indices and iterators are within the valid rangeDo not let exceptions escape from destructors or deallocation functions |
| LANG.STRUCT.EXCP.RCTHROW | MSC07 ERR55-CPP. Detect and remove dead codeHonor exception specifications |
| LANG.STRUCT.EXCP.RCTHROW | MSC12 ERR58-CPP. Detect and remove code that has no effectHandle all exceptions thrown before main() begins executing |
| LANG.STRUCT.RPLEXCP.THROW | EXP53 ERR61-CPP. Do not read uninitialized memoryCatch exceptions by lvalue reference |
| LANG.STRUCT.SCOPE.FILEICOL | DCL07 CON54-CPP. Minimize the scope of variables and methodsWrap functions that can spuriously wake up in a loop |
| LANG.STRUCT.SCOPEINIT.LOCALCYCLE | DCL07 DCL56-CPP. Minimize the scope of variables and methodsAvoid cycles during initialization of static objects |
| LANG.STRUCT.SEINIT.CONDOOMI | EXP19 OOP53-CPP. Do not perform assignments in conditional expressionsWrite constructor member initializers in the canonical order |
| LANG.STRUCT.SWINIT.MBUNORDERED | MSC18 DCL56-CPP. Finish every set of statements associated with a case label with a break statementAvoid cycles during initialization of static objects |
| LANG.STRUCT.UAMRS | MSC12 MSC52-CPP. Detect and remove code that has no effectValue-returning functions must return a value from all exit paths |
| LANG.STRUCT.UCNVNR | MSC07 MSC52-CPP. Detect and remove dead codeValue-returning functions must return a value from all exit paths |
| LANG.STRUCT.UCPARITH | MSC12 CTR50-CPP. Detect and remove code that has no effectGuarantee that container indices and iterators are within the valid range |
| LANG.STRUCT.UPDPARITH | MSC08 CTR56-CPP. Functions should validate their parametersDo not use pointer arithmetic on polymorphic objects |
| LANG.STRUCT.UUVALPBB | MSC13 CTR50-CPP. Detect and remove unused valuesGuarantee that container indices and iterators are within the valid range |
| LANG.TYPESTRUCT.AWIDPPE | INT18 CTR50-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeGuarantee that container indices and iterators are within the valid range |
| LANG.TYPESTRUCT.BASICRC | INT01 OOP54-CPP. Use rsize_t or size_t for all integer values representing the size of an objectGracefully handle self-copy assignment |
| LANG.TYPESTRUCT.BFSIGNRFNR | INT12 MSC53-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expressionreturn from a function declared [[noreturn]] |
| LANG.TYPESTRUCT.CSUFRPL | DCL16 EXP53-CPP. Use "L," not "l," to indicate a long valueDo not read uninitialized memory |
| LANG.TYPESTRUCT.SE.IOTDEC | INT07 EXP50-CPP. Use only explicitly signed or unsigned char type for numeric valuesDo not depend on the order of evaluation for side effects |
| LANG.TYPESTRUCT.SE.IOTINC | INT13 EXP50-CPP. Use bitwise operators only on unsigned operands |
| LANG.TYPE.MOT | FLP05-CPP. Convert integers to floating point for floating point operations |
| LANG.TYPE.NCS | STR05-CPP. Use pointers to const when referring to string literals |
| LANG.TYPE.OWID | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.FMT | FIO00-CPP. Take care when creating format strings |
| MISC.MEM.NTERM | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| MISC.MEM.NTERM | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
| MISC.MEM.SIZE.ADDOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.BAD | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.MULOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.SUBUFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.TRUNC | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.NEGCHAR | INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs |
| MISC.NEGCHAR | STR00-CPP. Represent characters using an appropriate type |
| MISC.NOEFFECT | MSC12-CPP. Detect and remove code that has no effect |
