SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 28

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
Info
titleGenerated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

...

was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
Rose_V
Rose_V

Checker

Guideline

EXP50-CPP. Do not depend on the order of evaluation for side effects MEM50-CPP. Do not access freed memory
MEM52-CPP. Detect and handle memory allocation errors
MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers CTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an arrayCTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializerDCL01-CPP. Do not reuse variable names in subscopesDCL02-CPP. Use visually distinct identifiersDCL06-CPP. Use meaningful symbolic constants to represent literal values in program logicDCL13-CPP. Declare function parameters that are pointers to values not changed by the function as constENV00-CPP. Beware of multiple environment variables with the same effective nameENV02-CPP. Do not call system() if you do not need a command processorERR05-CPP. Application-independent code should provide error detection without dictating error handlingEXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to typeEXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operatorsEXP09-CPP. Use sizeof to determine the size of a type or variableEXP12-CPP. Do not ignore values returned by functions or methodsEXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shortsEXP19-CPP. Do not perform assignments in conditional expressionsFIO01-CPP. Be careful using functions that use file names for identificationFIO02-CPP. Canonicalize path names originating from untrusted sourcesFIO04-CPP. Detect and handle input and output errorsFIO07-CPP. Prefer fseek() to rewind()FIO12-CPP. Prefer setvbuf() to setbuf()FIO19-CPP. Do not create temporary files in shared directoriesFLP02-CPP. Avoid using floating point numbers when precise computation is neededFLP03-CPP. Detect and handle floating point errorsFLP05-CPP. Convert integers to floating point for floating point operationsINT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputsINT06-CPP. Use strtol() or a related function to convert a string token to an integerINT07-CPP. Use only explicitly signed or unsigned char type for numeric valuesINT09-CPP. Ensure enumeration constants map to unique valuesINT11-CPP. Take care when converting from pointer to integer or integer to pointerINT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expressionINT13-CPP. Use bitwise operators only on unsigned operandsINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that sizeMEM01-CPP. Store a valid value in pointers immediately after deallocationMEM02-CPP. Immediately cast the result of a memory allocation function call into a pointer to the allocated typeMEM11-CPP. Allocate and free memory in the same module, at the same level of abstractionMSC02-CPP. Avoid errors of omissionMSC03-CPP. Avoid errors of additionMSC05-CPP. Do not manipulate time_t typed values directlyMSC18-CPP. Finish every set of statements associated with a case label with a break statementMSC21-CPP. Use inequality to terminate a loop whose counter changes by more than oneSIG01-CPP. Understand implementation-specific details regarding signal handler persistenceSTR03-CPP. Do not inadvertently truncate a null-terminated character arraySTR04-CPP. Use plain char for characters in the basic character setSTR08-CPP. Do not specify the bound of a character array initialized with a string literal

...

Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator EXP50-CPP. Do not depend on the order of evaluation for side effects