Checker | Guideline |
|---|
| ALLOC.DF | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.DF | OOP54-CPP. Gracefully handle self-copy assignment |
| ALLOC.FNH | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.LEAK |
Checker | Guideline |
|---|
| (custom) | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| (customization) | FIO06-CPP. Create files with appropriate access permissions |
| (customization) | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| (general) | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| ALLOC.DF | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| ALLOC.FNH | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.LEAK | FIO51-CPP. Close files when they are no longer needed |
| ALLOC.LEAK | ERR56-CPP. Guarantee exception safety |
| ALLOC.LEAK | ERR57-CPP. Do not leak resources when handling exceptions |
| ALLOC.LEAK | MEM11 OOP54-CPP. Allocate and free memory in the same module, at the same level of abstractionGracefully handle self-copy assignment |
| ALLOC.LEAKTM | MEM12 EXP51-CPP. Do not assume infinite heap spacedelete an array through a pointer of the incorrect type |
| ALLOC.SIZE.ADDOFLOWTM | INT08 MEM51-CPP. Verify that all integer values are in rangeProperly deallocate dynamically allocated resources |
| ALLOC.SIZE.ADDOFLOWUAF | INT18 EXP54-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeDo not access an object outside of its lifetime |
| ALLOC.SIZE.IOFLOWUAF | INT08 CTR51-CPP. Verify that all integer values are in range |
| ALLOC.SIZE.IOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| ALLOC.SIZE.MULOFLOW | INT08-CPP. Verify that all integer values are in range |
| ALLOC.SIZE.MULOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| ALLOC.SIZE.MULOFLOW | MEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t |
| ALLOC.SIZE.SUBUFLOW | INT08-CPP. Verify that all integer values are in range |
| ALLOC.SIZE.SUBUFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| ALLOC.SIZE.TRUNC | INT02-CPP. Understand integer conversion rules |
| ALLOC.SIZE.TRUNC | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| ALLOC.TM | MEM51-CPP. Properly deallocate dynamically allocated resources |
| ALLOC.UAF | EXP54-CPP. Do not access an object outside of its lifetime |
| ALLOC.UAF | MEM50-CPP. Do not access freed memory |
| BADFUNC.ATOF | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| BADFUNC.ATOI | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| BADFUNC.ATOL | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| Use valid references, pointers, and iterators to reference elements of a container |
| ALLOC.UAF | STR52-CPP. Use valid references, pointers, and iterators to reference elements of a basic_string |
| ALLOC.UAF | MEM50-CPP. Do not access freed memory |
| ALLOC.UAF | OOP54-CPP. Gracefully handle self-copy assignment |
| BADFUNC.ABORT | ERR50-CPP. Do not abruptly terminate the program |
| BADFUNC.ATOF | ERR62-CPP. Detect errors when converting a string to a number |
| BADFUNC.ATOI | ERR62-CPP. Detect errors when converting a string to a number |
| BADFUNC.ATOL | ERR62-CPP. Detect errors when converting a string to a number |
| BADFUNC.ATOLL | ERR62-CPP. Detect errors when converting a string to a number |
| BADFUNC.BO.* | CTR52-CPP. Guarantee that library functions do not overflow |
| BADFUNC.EXIT | ERR50-CPP. Do not abruptly terminate the program | BADFUNC.ATOLL | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| BADFUNC.LONGJMP | ERR52-CPP. Do not use setjmp() or longjmp() |
| BADFUNC.MEMSETMEMCMP | MSC06 EXP62-CPP. Be aware of compiler optimization when dealing with sensitive dataDo not access the bits of an object representation that are not part of the object's value representation |
| BADFUNC.MEMCMP | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions |
| BADFUNC.MEMSET | EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation |
| BADFUNC.MEMSET | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions | BADFUNC.PATH.SYSTEM | ENV02-CPP. Do not call system() if you do not need a command processor |
| BADFUNC.RANDOM.RAND | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers |
| BADFUNC.RANDOM.RANDCON00-CPP. Avoid assuming functions are thread safe unless otherwise specifiedBADFUNC.SETJMP | ERR52-CPP. Do not use setjmp() or longjmp() |
| BADFUNC BADMACRO.SIGNALOFFSETOF | SIG02 EXP59-CPP. Avoid using signals to implement normal functionalityUse offsetof() on valid types and members |
| BADMACRO.STDARGBADFUNC.STDIO_H | FIO17 EXP58-CPP. Prefer streams to C-style input and output |
| BADFUNC.TEMP.* | FIO01-CPP. Be careful using functions that use file names for identification |
| BADFUNC.TEMP.* | FIO19-CPP. Do not create temporary files in shared directories |
| BADFUNC.TTYNAME | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| BADFUNC.WCHAR_H | FIO17-CPP. Prefer streams to C-style input and output |
| BUILD.WALL | MSC00-CPP. Compile cleanly at high warning levels |
| Pass an object of the correct type to va_start |
| CONCURRENCY.BADFUNC.CNDSIGNAL | CON55-CPP. Preserve thread safety and liveness when using condition variables |
| CONCURRENCY.BADFUNC.CNDWAIT | CON54-CPP. Wrap functions that can spuriously wake up in a loop |
| CONCURRENCY.DATARACE | CON52-CPP. Prevent data races when accessing bit-fields from multiple threads |
| CONCURRENCY.LOCALARG | CON50-CPP. Do not destroy a mutex while it is locked |
| CONCURRENCY.LOCK.NOUNLOCK | CON51-CPP. Ensure actively held locks are released on exceptional conditions | CONCURRENCY.DATARACE | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| CONCURRENCY.LOCK.ORDER | CON53-CPP. Avoid deadlock by locking in a predefined order |
| IO CONCURRENCY.INJ.COMMANDTL | STR02 CON56-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.FMT | FIO00-CPP. Take care when creating format strings |
| IO.INJ.FMT | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.LDAP | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.LIB | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.INJ.SQL | STR02-CPP. Sanitize data passed to complex subsystems |
| IO.RACE | FIO01-CPP. Be careful using functions that use file names for identification |
| IO.TAINT.ADDR | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| IO.TAINT.FNAME | FIO01-CPP. Be careful using functions that use file names for identification |
| IO.TAINT.FNAME | FIO02-CPP. Canonicalize path names originating from untrusted sources |
| Do not speculatively lock a non-recursive mutex that is already owned by the calling thread |
| HARDCODED.SEED | MSC51-CPP. Ensure your random number generator is properly seeded |
| IO.DC | OOP54-CPP. Gracefully handle self-copy assignment |
| IO.IOWOP | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call |
| IO.OIWOP | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call | IO.TAINT.SIZE | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| IO.UAC | EXP54-CPP. Do not access an object outside of its lifetime |
| LANG IO.CAST.COERCEUAC | INT02 OOP54-CPP. Understand integer conversion rulesGracefully handle self-copy assignment |
| LANG.CAST.COERCE | INT18 INT50-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size | LANG.CAST.PC.AV | EXP16-CPP. Avoid conversions using void pointersDo not cast to an out-of-range enumeration value |
| LANG.CAST.PC.AVOBJSLICE | INT11 OOP51-CPP. Take care when converting from pointer to integer or integer to pointerDo not slice derived objects |
| LANG.CAST.PC.INC | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| LANG.CAST.PC.INTVALUE | INT11 INT50-CPP. Take care when converting from pointer to integer or integer to pointer |
| LANG.CAST.PC.PV | EXP16-CPP. Avoid conversions using void pointers |
| LANG.CAST.RIP | EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts |
| LANG.CAST.VALUE | INT02-CPP. Understand integer conversion rules |
| LANG.CAST.VALUE | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| LANG.FUNCS.IRV | ERR10-CPP. Check for error conditions |
| LANG.FUNCS.IRV | EXP12-CPP. Do not ignore values returned by functions or methods |
| LANG.FUNCS.IRV | FIO04-CPP. Detect and handle input and output errors |
| LANG.ID.AMBIG | DCL02-CPP. Use visually distinct identifiers |
| LANG.ID.ND.NEST | DCL01-CPP. Do not reuse variable names in subscopes |
| Do not cast to an out-of-range enumeration value |
| LANG.FUNCS.COPINC | OOP58-CPP. Copy operations must not mutate the source object |
| LANG.ID.LANG.ID.NU.MK | DCL51-CPP. Do not declare or define a reserved identifier |
| LANG.MEM.BO | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.BO | CTR52-CPP. Guarantee that library functions do not overflow |
| LANG.MEM.BO | CTR53-CPP. Use valid iterator ranges |
| LANG.MEM.BO | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| LANG.MEM.BO | STR53-CPP. Range check element access |
| LANG.MEM.BO | MEM54-CPP. Provide placement new with properly aligned pointers to sufficient storage capacity |
| LANG.MEM.BU | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.BU | STR53-CPP. Range check element access |
| LANG.MEM.NPD | EXP63-CPP. Do not rely on the value of a moved-from object |
| LANG.MEM.NPD | STR51-CPP. Do not attempt to create a std::string from a null pointer |
| LANG.MEM.NPD | OOP54-CPP. Gracefully handle self-copy assignment |
| LANG.MEM.TBA | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TBA | STR53 CTR52-CPP. Range check element accessGuarantee that library functions do not overflow |
| LANG.MEM.TBA | INT04 STR53-CPP. Enforce limits on integer values originating from untrusted sourcesRange check element access |
| LANG.MEM.TO | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TO | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| LANG.MEM.TO | STR53-CPP. Range check element access |
| LANG.MEM.TU | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.MEM.TU | STR53-CPP. Range check element access |
| LANG.MEM.UVAR | EXP53-CPP. Do not read uninitialized memory |
| LANG.MEM.UVAR | MEM09 EXP63-CPP. Do not assume memory allocation routines initialize memory | LANG.PREPROC.MACROEND | PRE02-CPP. Macro replacement lists should be parenthesizedrely on the value of a moved-from object |
| LANG.PREPROCMEM.MACROENDUVAR | PRE11 OOP55-CPP. Do not conclude macro definitions with a semicolon | LANG.PREPROC.MACROSTART | PRE02-CPP. Macro replacement lists should be parenthesizeduse pointer-to-member operators to access nonexistent members |
| LANG.PREPROCSTRUCT.PASTECUP | PRE05 CTR54-CPP. Understand macro replacement when concatenating tokens or performing stringificationDo not subtract iterators that do not refer to the same container |
| LANG.STRUCT.DECL.CONDASSIGANH | EXP19 DCL59-CPP. Do not perform assignments in conditional expressionsdefine an unnamed namespace in a header file |
| LANG.STRUCT.CONDASSIGDECL.FNEST | MSC02 DCL53-CPP. Avoid errors of omissionDo not write syntactically ambiguous declarations |
| LANG.STRUCT.DECL.FAMRESERVED | CTR02 DCL51-CPP. Explicitly specify array bounds, even if implicitly defined by an initializerDo not declare or define a reserved identifier |
| LANG.STRUCT.DECL.MLSNM | DCL04 DCL58-CPP. Do not declare more than one variable per declarationmodify the standard namespaces |
| LANG.STRUCT.DEF.FDH | MSC52 DCL60-CPP. Obey the one-definition rule |
| LANG.STRUCT.DEF.ODH | MSC52 DCL60-CPP. Obey the one-definition rule |
| LANG.STRUCT.EBSDNVD | MSC12 OOP52-CPP. Detect and remove code that has no effectDo not delete a polymorphic object without a virtual destructor |
| LANG.STRUCT.INIT.ENUMELLIPSIS | INT09 DCL50-CPP. Ensure enumeration constants map to unique valuesDo not define a C-style variadic function |
| LANG.STRUCT.MRSEXCP.CATCH | MSC54 DCL57-CPP. Value-returning functions must return a value from all exit pathsDo not let exceptions escape from destructors or deallocation functions |
| LANG.STRUCT.PBB | CTR50-CPP. Guarantee that container indices and iterators are within the valid range | LANG.STRUCT.PPE | EXCP.CATCH | ERR61-CPP. Catch exceptions by lvalue reference CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| LANG.STRUCT.RC | MSC02-CPP. Avoid errors of omission | EXCP.THROW | DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions | LANG.STRUCT.RC | MSC03-CPP. Avoid errors of addition |
| LANG.STRUCT.RC | MSC07-CPP. Detect and remove dead code | EXCP.THROW | ERR55-CPP. Honor exception specifications | LANG.STRUCT.RC | MSC12-CPP. Detect and remove code that has no effect |
| LANG.STRUCT.RPL | EXP53-CPP. Do not read uninitialized memory | EXCP.THROW | ERR58-CPP. Handle all exceptions thrown before main() begins executing | LANG.STRUCT.SCOPE.FILE | DCL07-CPP. Minimize the scope of variables and methods |
| LANG.STRUCT.SCOPEEXCP.LOCALTHROW | DCL07 ERR61-CPP. Minimize the scope of variables and methodsCatch exceptions by lvalue reference |
| LANG.STRUCT.SE.CONDICOL | EXP19 CON54-CPP. Do not perform assignments in conditional expressionsWrap functions that can spuriously wake up in a loop |
| LANG.STRUCT.SWINIT.MBCYCLE | MSC02 DCL56-CPP. Avoid errors of omissioncycles during initialization of static objects |
| LANG.STRUCT.SWINIT.MBOOMI | MSC18 OOP53-CPP. Finish every set of statements associated with a case label with a break statementWrite constructor member initializers in the canonical order |
| LANG.STRUCT.UA | MSC12-CPP. Detect and remove code that has no effect | INIT.UNORDERED | DCL56 | LANG.STRUCT.UC | MSC02-CPP. Avoid errors of omissioncycles during initialization of static objects |
| LANG.STRUCT.UCMRS | MSC03 MSC52-CPP. Avoid errors of additionValue-returning functions must return a value from all exit paths |
| LANG.STRUCT.UCNVNR | MSC07 MSC52-CPP. Detect and remove dead codeValue-returning functions must return a value from all exit paths |
| LANG.STRUCT.UCPARITH | MSC12 CTR50-CPP. Detect and remove code that has no effectGuarantee that container indices and iterators are within the valid range |
| LANG.STRUCT.UPDPARITH | MSC08 CTR56-CPP. Functions should validate their parametersDo not use pointer arithmetic on polymorphic objects |
| LANG.STRUCT.UULABELPBB | MSC12 CTR50-CPP. Detect and remove code that has no effectGuarantee that container indices and iterators are within the valid range |
| LANG.STRUCT.UUMACROPPE | MSC12 CTR50-CPP. Detect and remove code that has no effectGuarantee that container indices and iterators are within the valid range |
| LANG.STRUCT.UUPARAMRC | MSC12 OOP54-CPP. Detect and remove code that has no effect | LANG.STRUCT.UUTAG | MSC12-CPP. Detect and remove code that has no effectGracefully handle self-copy assignment |
| LANG.STRUCT.UUTYPERFNR | MSC12 MSC53-CPP. Detect and remove code that has no effectDo not return from a function declared [[noreturn]] |
| LANG.STRUCT.UUVALRPL | MSC13 EXP53-CPP. Detect and remove unused valuesDo not read uninitialized memory |
| LANG.STRUCT.UUVAR | MSC12-CPP. Detect and remove code that has no effect |
| LANG.TYPE.AWID | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| LANG.TYPE.BASIC | INT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object |
| SE.DEC | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| LANG.STRUCT.SE.INC | EXP50 | LANG.TYPE.BFSIGN | INT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression |
| LANG.TYPE.CSUF | DCL16-CPP. Use "L," not "l," to indicate a long value |
| LANG.TYPE.IAT | STR04-CPP. Use plain char for characters in the basic character set |
| LANG.TYPE.ICT | STR04-CPP. Use plain char for characters in the basic character set |
| LANG.TYPE.IOT | INT07-CPP. Use only explicitly signed or unsigned char type for numeric values |
| LANG.TYPE.IOT | INT13-CPP. Use bitwise operators only on unsigned operands |
| LANG.TYPE.IOT | STR04-CPP. Use plain char for characters in the basic character set |
| LANG.TYPE.MOT | FLP05-CPP. Convert integers to floating point for floating point operations |
| LANG.TYPE.MOT | STR04-CPP. Use plain char for characters in the basic character set |
| LANG.TYPE.NCS | STR05-CPP. Use pointers to const when referring to string literals |
| LANG.TYPE.OWID | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| depend on the order of evaluation for side effects |
| LANG.STRUCT.SE.SIZEOF | EXP52-CPP. Do not rely on side effects in unevaluated operands |
| LANG.STRUCT.SUP | CTR54-CPP. Do not subtract iterators that do not refer to the same container |
| LANG.STRUCT.UCTCH | ERR51-CPP. Handle all exceptions |
| LANG.STRUCT.UCTCH | ERR54-CPP. Catch handlers should order their parameter types from most derived to least derived |
| LANG.STRUCT.VCALL_IN_CTOR | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
| LANG.STRUCT.VCALL_IN_DTOR | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
| MISC.CRYPTO.TIMESEED | MSC51-CPP. Ensure your random number generator is properly seeded | MISC.FMT | FIO00-CPP. Take care when creating format strings |
| MISC.MEM.NTERM | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| MISC.MEMPADDING.NTERMPOTB | STR03 DCL55-CPP. Do not inadvertently truncate a null-terminated character array |
| MISC.MEM.SIZE.ADDOFLOW | INT08-CPP. Verify that all integer values are in range |
| MISC.MEM.SIZE.ADDOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.BAD | INT08-CPP. Verify that all integer values are in range |
| MISC.MEM.SIZE.BAD | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.MULOFLOW | INT08-CPP. Verify that all integer values are in range |
| MISC.MEM.SIZE.MULOFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.SUBUFLOW | INT08-CPP. Verify that all integer values are in range |
| MISC.MEM.SIZE.SUBUFLOW | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.MEM.SIZE.TRUNC | INT02-CPP. Understand integer conversion rules |
| MISC.MEM.SIZE.TRUNC | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISC.NEGCHAR | INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs |
| MISC.NEGCHAR | STR00-CPP. Represent characters using an appropriate type |
| MISC.NOEFFECT | MSC12-CPP. Detect and remove code that has no effect |
