Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
array_out_of_bounds

Supported

Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions.

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE




Coverity
Include Page
Coverity_V
Coverity_V

BUFFER_SIZE

BAD_SIZEOF

BAD_ALLOC_STRLEN

BAD_ALLOC_ARITHMETIC

Implemented

Fortify SCA

5.0


Can detect violations of this rule with CERT C Rule Pack

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C2840

C++2840, C++2841, C++2842, C++2843, C++2845, C++2846, C++2847, C++2848, C++2935, C++2936, C++2937, C++2938, C++4880, C++4881, C++4882, C++4883

DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883


Klocwork

Include Page
Klocwork_V
Klocwork_V

ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION


LDRA tool suite
Include Page
LDRA_V
LDRA_V
64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X
Partially Implmented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ARR38-a
CERT_C-ARR38-b
CERT_C-ARR38-c
CERT_C-ARR38-d

Avoid overflow when reading from a buffer
Avoid overflow when writing to a buffer
Avoid buffer overflow due to defining incorrect format limits
Avoid overflow due to reading a not zero terminated string

Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

419, 420

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ARR38-C

Checks for:

  • Mismatch between data length and size
  • Invalid use of standard library memory routine
  • Possible misuse of sizeof
  • Buffer overflow from incorrect string format specifier
  • Invalid use of standard library string routine
  • Destination buffer overflow in string manipulation
  • Destination buffer underflow in string manipulation

Rule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v

2840, 2841, 2842, 2843, 2845, 2846,

2847, 2848, 2935, 2936, 2937, 2938

Fully implementedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

2840, 2841, 2842, 2843, 2845, 2846,

2847, 2848, 2935, 2936, 2937, 2938

Fully implemented

Splint

Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

out of bounds readPartially verified.

...