...
Noncompliant Code Example
The following This noncompliant code example simply shows the standard string-handling function strlen() being called with a plain character string, a signed character string, and an unsigned character string. The strlen() function takes a single argument of type const char *:
...
Failing to use plain char for characters in the basic character set can lead to excessive casts and less effective compiler diagnostics.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR04-C |
Low |
Unlikely |
Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported indirectly via MISRA C:2004 rule 6.1. | |||||||
| Axivion Bauhaus Suite |
| CertC-STR04 | |||||||
| CodeSonar |
| LANG.TYPE.IAT LANG.TYPE.ICA LANG.TYPE.IOT LANG.TYPE.MOT | Inappropriate assignment type Inappropriate character arithmetic Inappropriate operand type Mismatched operand types | ||||||
| Compass/ROSE |
| ECLAIR |
| CC2.STR04 | Fully implemented | ||||||
| EDG |
5.0
Can detect violations of this rule with CERT C Rule Pack, except cases involving signed char
| Helix QAC |
| C0432, C0674, C0699 | |||||||
| LDRA tool suite |
| 93 S, 101 S, 329 S, 432 S, 458 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_C-STR04-a | The plain char type shall be used only for the storage and use of character values | ||||||
| RuleChecker |
| Supported indirectly via MISRA C:2004 rule 6.1. | |||||||
| SonarQube C/C++ Plugin |
| S810 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | VOID STR04-CPP. Use plain char for characters in the basic character set |
| MISRA C:2012 | Rule 10.1 |
(required) |
...
...