Summary of checks
This table summarizes the C-STAT® checks.To see the reference information for a check, click the link in the table below or use the search function.
Check | Synopsis |
|---|---|
An array access might be out of bounds, depending on which path is executed. | |
A pointer to an array is potentially used outside the array bounds. | |
A pointer to an array is used outside the array bounds. | |
An array access is out of bounds. | |
An array is accessed with a negative subscript value. | |
An array is indexed with an uninitialized variable | |
Floating point comparisons using == or != | |
An unsigned value is compared to see whether it is negative. | |
An unsigned value is compared to see whether it is greater than or equal to | |
A variable is assigned the value | |
After a successful comparison with | |
A variable used as a divisor is afterwards compared with | |
Interval analysis has found a value that is | |
Interval analysis has found an expression that might be | |
A global variable is used as a divisor without having been determined to be non-zero. | |
A local variable is used as a divisor without having been determined to be non-zero. | |
A parameter is used as a divisor without having been determined to be non-zero. | |
An expression that results in | |
Deprecated operation on | |
The size of memory passed to malloc to allocate overflows. | |
A variable is checked for a non-negative value after being used, instead of before. | |
A variable is checked for a positive value after being used, instead of before. | |
An arithmetic overflow is caused by an allocation using new[]. | |
An expression is cast to a different type, resulting in an overflow or underflow of its value. | |
An expression is implicitly converted to a narrower type, resulting in an overflow or underflow of its value. | |
Out of range shifts were found. | |
The left-hand side of a right shift operation might be a negative value. | |
Multiplying | |
Old style casts (other than void casts) are used | |
Exception objects are caught by value | |
Exception handler in constructor or destructor accesses non-static member variable that might not exist. | |
Overloaded comma operator | |
Appearances of /* inside comments | |
A member function qualified as | |
A class member is deallocated in the class' destructor, but not allocated in a constructor or assignment operator. | |
An assignment operator of a C++ class does not return a non- | |
Assignment operator does not check for self-assignment before allocating member functions | |
There is no assignment operator defined for a class whose destructor deallocates memory. | |
A class which uses dynamic memory allocation does not have a user-defined copy constructor. | |
A class member has memory allocated in a constructor or an assignment operator, that is not released in the destructor. | |
An exception is thrown, or might be thrown, in a class destructor. | |
A class which dynamically allocates memory in its copy control functions does not have a destructor. | |
Data members are initialized with other data members that are in the same initialization list. | |
An initializer list reads the values of still uninitialized members. | |
A member of a class is not initialized in one of the class constructors. | |
A virtual member function is called in a class constructor. | |
Constructors that are callable with a single argument are not declared | |
An exception is thrown, or might be thrown, in an overloaded | |
A pointer to void is used in | |
A virtual member function is called in a class destructor. | |
An allocation of a class instance with | |
A public non-virtual destructor is defined in a class with virtual methods. | |
Member functions return non- | |
An object or function of the type | |
Multiple | |
Conversions to | |
An assignment might be mistakenly used as the condition for an | |
An | |
An unconditional | |
The return type of | |
The body of an | |
Stray semicolons on the same line as other code | |
A constant unsigned integer expression overflows. | |
The address of a function is compared with | |
A function pointer that refers to a literal address is dereferenced. | |
A function pointer is used in an invalid context. | |
Functions are used without prototyping. | |
Functions are declared with an empty () parameter list that does not form a valid prototype. | |
Arguments are passed to functions without a valid prototype. | |
A .c file includes one or more .c files. | |
A negative signed integer is implicitly cast to an unsigned integer. | |
A negative signed integer is implicitly cast to an unsigned integer. | |
An iterator is used, then compared with | |
An iterator is compared with | |
An iterator assigned to point into a container is used or dereferenced even though it might be invalidated. | |
A pair of iterators passed to an STL algorithm function point to different containers. | |
A container's | |
An iterator is dereferenced or incremented before it is assigned to point into a container. | |
Arguments passed to | |
Arguments passed to | |
A potentially unsafe library function is used. | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
putenv used to set environment variable values. | |
Arguments passed to | |
Arguments passed to | |
The return value of a | |
The return value for a library function that might return an error value is not used. | |
The return values from one or more library functions were not stored, returned, or passed as a parameter. | |
A variable assigned using a library function that can return -1 as an error value is subsequently used where the value must be non-negative. | |
A pointer is assigned using a library function that can return | |
A call to | |
Using | |
A buffer overrun is caused by use of | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A call to | |
A buffer overrun is caused by a call to | |
A call to | |
A call to | |
Overloaded && and || operators | |
A memory location allocated with | |
A memory location allocated with | |
Freeing a memory location more than once. | |
A memory location is freed more than once on some paths but not on others. | |
A memory location is freed more than once. | |
A struct or a class field is possibly freed. | |
A function pointer is deallocated. | |
A struct field is deallocated without first having been allocated. | |
A pointer is freed without having been allocated. | |
Memory is allocated and then freed without being used. | |
Memory allocated with | |
A struct's field is deallocated, but is not dynamically allocated. | |
A stack address might be freed. | |
Incorrect deallocation causes memory leak. | |
Incorrect deallocation causes memory leak. | |
An assignment contains both a | |
An allocation call tries to allocate memory based on a | |
| |
Allocating memory with | |
Dangerous arithmetic with | |
The type of the pointer that stores the result of | |
A function deallocates memory, then returns a pointer to that memory. | |
A function that allocates memory's return value is not stored. | |
A stack address is stored in the field of a global struct. | |
A stack address is stored in a global pointer. | |
Stack address is stored via reference parameter. | |
A stack address is stored outside a function via a parameter. | |
Might return address on the stack. | |
A stack object is returned from a function as a reference. | |
Might return address on the stack. | |
A pointer is used after it has been freed. | |
A pointer is used after it has been freed. | |
Direct access to a field of a struct, using an offset from the address of the struct. | |
Pointer arithmetic applied to a pointer that references a stack address | |
Invalid pointer arithmetic with an automatic variable that is neither an array nor a pointer. | |
A variable is tested for equality with a string literal. | |
Possible | |
A pointer is assigned a value that might be | |
A pointer is assigned the value | |
A pointer is dereferenced, then compared with | |
A pointer is compared with | |
A pointer is compared with | |
A possible | |
A literal pointer expression (like | |
An | |
Pointer arithmetic might be performed on a pointer that points to a single object. | |
Pointer arithmetic is performed on a pointer that points to a single object. | |
A pointer is dereferenced after being determined not to be | |
A pointer parameter is not compared to | |
Possible dereference of an uninitialized or | |
Dereference of an uninitialized or | |
Checks that an allocation does not allocate zero bytes | |
A case statement within a switch statement cannot be reached. | |
A comparison using ==, | |
A comparison using ==, | |
The condition in an if, for, while, do-while, or ternary operator will always be true. | |
A constant assignment in a conditional expression. | |
A conditional expression with a constant value | |
A constant value is used as the condition for a loop or | |
The condition in if, for, while, do-while, or ternary operator will never be true. | |
A part of the application is never executed. | |
Some expressions, such as | |
A function is declared that has no return type and creates no side effects. | |
The definition of a local variable hides a global definition. | |
The definition of a local variable hides a previous local definition. | |
The definition of a local variable hides a member of the class. | |
A variable declaration hides a parameter of the function | |
A statement potentially contains no side effects. | |
In a C++ class member function, a variable is assigned to itself. | |
A variable is assigned a non-trivial value that is never used. | |
An enumerated value is not used. This is a link analysis check. | |
A function parameter is declared but not used. | |
There are unused function return values (other than overloaded operators). | |
A variable is assigned a value that is never used. | |
A variable is neither read nor written for any execution path. | |
A pointer to a FILE object is dereferenced. | |
A file resource is closed multiple times | |
A file pointer is never closed. | |
A file handler might be negative | |
A file resource is used after it has been closed. | |
A file pointer is implicitly dereferenced by a library function. | |
A file opened as read-only is written to. | |
| |
Expressions that depend on order of evaluation were found. | |
Reads from local buffers are not preceded by writes. | |
A field of a dynamically allocated struct is read before it is initialized. | |
A field of a local struct is read before it is initialized. | |
A variable is read before it is assigned a value. | |
A variable is read before it is assigned a value. | |
There are multiple read accesses with volatile-qualified type within one and the same sequence point. | |
There are multiple write accesses with volatile-qualified type within one and the same sequence point. | |
There are signed single-bit fields (excluding anonymous fields). | |
There are non-empty switch cases not terminated by break and without 'fallthrough' comment. | |
A switch case uses only a subset of an enumeration. | |
Unsafe rethrow of exception. | |
No default exception handler for | |
Throw of NULL integer constant | |
Throw of exceptions by pointer | |
Exceptions thrown without a handler in some call paths that lead to that point. | |
There are calls to functions explicitly declared to throw an exception type that is not handled (or declared as thrown) by the caller. | |
Assignments from one field of a union to another. | |
Writing to a field of a union after reading from a different field, effectively re-interpreting the bit pattern with a different type. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Do not form or use out-of-bounds pointers or array subscripts. | |
Ensure size arguments for variable length arrays are in a valid range. | |
Do not subtract two pointers that do not refer to the same array. | |
Do not compare two pointers that do not refer to the same array. | |
Do not add or subtract an integer to a pointer to a non-array object. | |
Guarantee that library functions do not form invalid pointers. | |
Guarantee that library functions do not form invalid pointers. | |
Guarantee that library functions do not form invalid pointers. | |
Guarantee that library functions do not form invalid pointers. | |
Guarantee that library functions do not form invalid pointers. | |
Guarantee that library functions do not form invalid pointers. | |
Do not add or subtract a scaled integer to a pointer. | |
Do not declare more than one variable per declaration. | |
Declare objects with appropriate storage durations. | |
Declare objects with appropriate storage durations. | |
Declare objects with appropriate storage durations. | |
Declare objects with appropriate storage durations. | |
Declare objects with appropriate storage durations. | |
Declare identifiers before using them. | |
Do not declare an identifier with conflicting linkage classifications. | |
Do not declare or define a reserved identifier | |
Do not declare or define a reserved identifier | |
Do not declare or define a reserved identifier | |
Use the correct syntax when declaring a flexible array member. | |
Avoid information leakage when passing a structure across a trust boundary. | |
Do not create incompatible declarations of the same function or object. This is a link analysis check. | |
Do not declare variables inside a switch statement before the first case label | |
Do not modify the object referenced by the return value of certain functions. | |
Do not rely on an environment pointer following an operation that may invalidate it | |
All exit handlers must return normally | |
Do not call system(). | |
Do not store pointers returned by certain functions. | |
Set errno to zero before calling a library function known to set errno. | |
Check errno only after the function returns a value indicating failure. | |
Check errno only after the function called is an errno-setting function. | |
Check return of errno setting functions for values indicating failure. | |
Only check errno when neccessary. | |
Do not rely on indeterminate values of errno. | |
Detect and handle standard library errors. | |
Detect and handle standard library errors. | |
Detect and handle standard library errors. | |
Detect and handle standard library errors. | |
Detect errors when converting a string to a number. | |
Detect errors when converting a string to a number. | |
No braces for the body of an if, for, or while statement | |
Do not depend on the order of evaluation for side effects. | |
Do not depend on the order of evaluation for side effects. | |
Do not access a volatile object through a nonvolatile reference. | |
Do not read uninitialized memory. | |
Do not read uninitialized memory. | |
Do not read uninitialized memory. | |
Do not read uninitialized memory. | |
Do not read uninitialized memory. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not dereference null pointers. | |
Do not modify objects with temporary lifetime | |
Do not cast pointers into more strictly aligned pointer types. | |
Do not cast pointers into more strictly aligned pointer types. | |
Call functions with the correct number and type of arguments. | |
Call functions with the correct number and type of arguments. This is a link analysis check. | |
Call functions with the correct number and type of arguments. | |
Do not access a variable through a pointer of an incompatible type. | |
Do not access a variable through a pointer of an incompatible type. | |
Do not access a variable through a pointer of an incompatible type. | |
Do not access a variable through a pointer of an incompatible type. | |
Do not access a variable through a pointer of an incompatible type. | |
Do not modify constant objects. | |
Do not modify constant objects. | |
Do not compare padding data. | |
Avoid undefined behavior when using restrict-qualified pointers. | |
Avoid undefined behavior when using restrict-qualified pointers. | |
Avoid undefined behavior when using restrict-qualified pointers. | |
Avoid undefined behavior when using restrict-qualified pointers. | |
Do not rely on side effects in operands to sizeof, _Alignof, or _Generic. | |
Do not perform assignments in selection statements | |
Do not use a bitwise operator with a Boolean-like operand. | |
Do not call va_arg with an argument of the incorrect type | |
Do not call va_arg with an argument of the incorrect type | |
Exclude user input from format strings. | |
Do not perform operations on devices that are only appropriate for files | |
Distinguish between characters read from a file and EOF or WEOF. | |
A string returned by fgets() and fgetsws() might contain NULL characters. | |
A FILE object is copied. | |
Do not alternately input and output from a stream without an intervening flush or positioning call. | |
Reset strings on fgets() or fgetws() failure. | |
Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects. | |
Close files when they are no longer needed. | |
Close files when they are no longer needed. | |
Only use values for fsetpos() that are returned from fgetpos(). | |
Avoid TOCTOU race conditions while accessing files. | |
Do not access a closed file. | |
Do not access a closed file. | |
Do not access a closed file. | |
Use valid format strings. | |
Use valid format strings. | |
Use valid format strings. | |
Do not use floating-point variables as loop counters | |
Do not use floating-point variables as loop counters | |
Prevent or detect domain and range errors in math functions. | |
Prevent or detect domain and range errors in math functions. | |
Ensure that floating-point conversions are within range of the new type | |
Preserve precision when converting integral values to floating-point type. | |
Do not use object representations to compare floating-point values. | |
Ensure that unsigned integer operations do not wrap. | |
Ensure that unsigned integer operations do not wrap. | |
Ensure that integer conversions do not result in lost or misinterpreted data. | |
Ensure that integer conversions do not result in lost or misinterpreted data. | |
Ensure that integer conversions do not result in lost or misinterpreted data. | |
Ensure that operations on signed integers do not result in overflow. | |
Ensure that operations on signed integers do not result in overflow. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Ensure that division and remainder operations do not result in divide-by-zero errors. | |
Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand. | |
Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand. | |
Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand. | |
Use correct integer precisions. | |
Converting a pointer to integer or integer to pointer. | |
Do not access freed memory. | |
Do not access freed memory. | |
Do not access freed memory. | |
Free dynamically allocated memory when no longer needed. | |
Allocate and copy structures containing a flexible array member dynamically. | |
Allocate and copy structures containing a flexible array member dynamically. | |
Only free memory allocated dynamically. | |
Only free memory allocated dynamically. | |
Only free memory allocated dynamically. | |
Allocate sufficient memory for an object. | |
Allocate sufficient memory for an object. | |
Allocate sufficient memory for an object. | |
Do not modify the alignment of objects by calling realloc(). | |
Do not use the rand() function for generating pseudorandom numbers | |
Properly seed pseudorandom number generators | |
Do not pass invalid data to the asctime() function. | |
Ensure that control never reaches the end of a non-void function | |
Do not treat a predefined identifier as an object if it might only be implemented as a macro | |
Do not call va_arg() on a va_list that has an indeterminate value | |
Do not violate constraints. | |
Do not violate constraints. | |
Do not violate constraints. | |
Do not violate constraints. | |
Never hard code sensitive information. | |
Never hard code sensitive information. | |
Never hard code sensitive information. | |
Avoid side effects in arguments to unsafe macros. | |
Do not use preprocessor directives in invocations of function-like macros. | |
Do not use preprocessor directives in invocations of function-like macros. | |
Call only asynchronous-safe functions within signal handlers | |
Shared objects in a signal handler are accessed or modified. | |
Do not call signal() from within interruptible signal handlers. | |
Do not return from a computational exception signal handler. | |
Do not attempt to modify string literals. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Guarantee that storage for strings has sufficient space for character data and the null terminator. | |
Do not pass a non-null-terminated character sequence to a library function that expects a string. | |
Cast characters to unsigned char before converting to larger integer sizes. | |
Arguments to character-handling functions must be representable as an unsigned char. | |
Do not confuse narrow and wide character strings and functions. | |
A memory leak is caused by incorrect deallocation. | |
A memory leak is caused by incorrect deallocation. | |
A call to memset might overrun the buffer. | |
A call to memset overruns the buffer. | |
Arguments passed to qsort might cause it to overrun. | |
Arguments passed to qsort cause it to overrun. | |
A call to the sprintf function will overrun the target buffer. | |
Use of std::sort might cause a buffer overrun. | |
A buffer overrun is caused by use of std::sort. | |
A call to the strcat function might overrun the target buffer. | |
A call to the strcat function will overrun the target buffer. | |
A call to the strcpy function might overrun the target buffer. | |
A call to the strcpy function will overrun the target buffer. | |
A buffer overrun might be caused by a call to strncat. | |
A call to strncat causes a buffer overrun. | |
A call to strncmp might cause a buffer overrun. | |
A buffer overrun is caused by a call to strncmp. | |
The target buffer might be overrun by a call to the strncpy function. | |
A call to the strncpy function will overrun the target buffer. | |
A user is able to control the amount of memory used in an allocation. | |
A tainted value is used as the size of the memory copied from one buffer to another. | |
User input is copied into a buffer. | |
An array is accessed with an index derived from user input. | |
A user-controlled variable is used as an offset to a pointer without proper bounds checking. | |
A pointer is used after it has been freed, on all execution paths. | |
A pointer is used after it has been freed, on some execution paths. | |
After a successful comparison with 0, a variable is used as a divisor. | |
A variable is first used as a divisor, then compared with 0. | |
User input is used as a divisor without validation. | |
All file pointers obtained dynamically by means of Standard Library functions must be explicitly released. | |
User input is used as a file path, or used to derive a file path. | |
A file resource is used after it has been closed. | |
User input is improperly used in an SQL statement. | |
User input is improperly used as an XPath expression. | |
A user-controlled value is used as part of a loop condidition. | |
A pointer that might have been assigned the value NULL is dereferenced. | |
A pointer is assigned the value NULL, then dereferenced. | |
A pointer is dereferenced, then compared with NULL. | |
A pointer is compared with NULL, then dereferenced by a function. | |
A pointer is compared with NULL, then dereferenced. | |
A literal pointer expression (e.g. NULL) is dereferenced by a function call. | |
User input is used as a format string. | |
The application hard codes a username or password to connect to an external component. | |
(Required) All code shall conform to ISO 9899 standard, with no extensions permitted. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. This is a semi-equivalent initialization check for arrays, which ensures that at least one element of the array has been written before any element is attempted to be read. A warning generally means that you have read an uninitialized value, which might cause the application to behave erroneously or crash. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. Using uninitialized values might cause unexpected results or unpredictable behavior, particularly in the case of pointer fields. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) No reliance shall be placed on undefined or unspecified behavior. | |
(Required) Assembler language shall be encapsulated and isolated. | |
(Required) Source code shall only use /* ... */ style comments. | |
(Required) The character sequence | |
(Advisory) Sections of code should not be commented out. | |
(Required) Only those escape sequences that are defined in the ISO C standard shall be used. | |
(Required) Identifiers (internal and external) shall not rely on the significance of more than 31 characters. | |
(Required) Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and thus hide that identifier. | |
(Required) A typedef name shall be a unique identifier. This is a link analysis check. | |
(Required) A tag name shall be a unique identifier. This is a link analysis check. | |
(Advisory) No object or function identifier with static storage duration should be reused. | |
(Advisory) No identifier in one namespace should have the same spelling as an identifier in another namespace, with the exception of structure member and union member names. | |
(Advisory) No identifier name should be reused. This is a link analysis check. | |
(Required) The plain char type shall be used only for the storage and use of character values. | |
(Required) signed and unsigned char type shall be used only for the storage and use of numeric values. | |
(Advisory) typedefs that indicate size and signedness should be used in place of the basic types. | |
(Required) Bitfields shall only be defined to be of type unsigned int or signed int. | |
(Required) Bitfields of signed type shall be at least 2 bits long. | |
(Required) Octal constants shall not be used. Zero is okay | |
(Required) Functions shall have prototype declarations and the prototype shall be visible at both the function definition and call. | |
(Required) Whenever an object or function is declared or defined, its type shall be explicitly stated. | |
(Required) For each function parameter the type given in the declaration and definition shall be identical, and the return types shall also be identical. This is a link analysis check. | |
(Required) There shall be no definitions of objects or functions in a header file. | |
(Required) There shall be no definitions of objects or functions in a header file. | |
(Required) Functions shall be declared at file scope. | |
(Required) Objects shall be defined at block scope if they are only accessed from within a single function. This is a link analysis check. | |
(Required) An external object or function shall be declared once in one and only one file. | |
(Required) An external object or function shall be declared once in one and only one file. This is a link analysis check. | |
(Required) An identifier with external linkage shall have exactly one external definition. This is a link analysis check. | |
(Required) All declarations and definitions of objects or functions at file scope shall have internal linkage unless external linkage is required. This is a link analysis check. | |
(Required) When an array is declared with external linkage, its size shall be stated explicitly or defined implicitly by initialization. | |
(Required) All automatic variables shall have been assigned a value before being used. | |
(Required) All automatic variables shall have been assigned a value before being used. | |
(Required) All automatic variables shall have been assigned a value before being used. | |
(Required) Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures. | |
(Required) In an enumerator list, the `=' construct shall not be used to explicitily initialise members other than the first, unless all items are explicitily initialized. | |
(Required) The value of an expression of integer type shall not be implicitly converted to a different underlying type if: (a) it is not a conversion to a wider integer type of the same signedness. | |
(Required) The value of an expression of integer type shall not be implicitly converted to a different underlying type if: (b) the expression is complex. | |
(Required) The value of an expression of integer type shall not be implicitly converted to a different underlying type if: (c) the expression is not constant and is a function argument. | |
(Required) The value of an expression of integer type shall not be implicitly converted to a different underlying type if: (d) the expression is not constant and is a return expression. | |
(Required) The value of an expression of floating type shall not be implicitly converted to a different underlying type if: (a) it is not a conversion to a wider floating type. | |
(Required) The value of an expression of floating type shall not be implicitly converted to a different underlying type if: (b) the expression is complex. | |
(Required) The value of an expression of floating type shall not be implicitly converted to a different underlying type if: (c) the expression is not constant and is a function argument. | |
(Required) The value of an expression of floating type shall not be implicitly converted to a different underlying type if: (d) the expression is not constant and is a return expression. | |
(Required) The value of a complex expression of integer type shall only be cast to a type that is not wider and of the same signedness as the underlying type of the expression. | |
(Required) The value of a complex expression of floating type shall only be cast to a floating type which is narrower or of the same size. | |
(Required) If the bitwise operators ~ and << are applied to an operand of underlying type unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand. | |
(Required) A U suffix shall be applied to all constants of unsigned type. | |
(Required) Conversions shall not be performed between a pointer to a function and any type other than an integral type. | |
(Advisory) A cast should not be performed between a pointer type and an integral type. | |
(Advisory) A cast should not be performed between a pointer to object type and a different pointer to object type. | |
(Required) A cast shall not be performed that removes any const or volatile qualification from the type addressed by a pointer. | |
(Advisory) Limited dependence should be placed on the C operator precedence rules in expressions. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Required) The sizeof operator shall not be used on expressions that contain side effects. The sizeof operator was found used on expressions that contain side effects. This might make it look as if the expression will be evaluated, but because sizeof only operates on the type of the expression, the expression itself is not evaluated. | |
(Required) The right-hand operand of a logical && or || operator shall not contain side effects. | |
(Required) The operands of a logical && or || shall be primary-expressions. | |
(Advisory) The operands of logical operators (&&, ||, and !) should be effectively boolean. | |
(Advisory) Expressions that are effectively boolean should not be used as operands to operators other than (&&, ||, !, =, ==, !=, and ?:). | |
(Required) Bitwise operators shall not be applied to operands whose underlying type is signed. | |
(Required) The right-hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left-hand operand. | |
(Required) The unary minus operator shall not be applied to an expression whose underlying type is unsigned. | |
(Required) The comma operator shall not be used. | |
(Advisory) Evaluation of constant unsigned integer expressions should not lead to wrap-around. | |
(Required) The underlying bit representations of floating-point values shall not be used. To reinterpret bit patterns deliberately, use an explicit cast. | |
(Required) The underlying bit representations of floating-point values shall not be used. | |
(Advisory) The increment (++) and decrement (--) operators should not be mixed with other operators in an expression. | |
(Required) Assignment operators shall not be used in expressions that yield a boolean value. | |
(Advisory) Tests of a value against zero should be made explicit, unless the operand is effectively boolean. | |
(Advisory) Tests of a value against zero should be made explicit, unless the operand is effectively boolean. | |
(Advisory) Tests of a value against zero should be made explicit, unless the operand is effectively boolean. | |
(Advisory) Tests of a value against zero should be made explicit, unless the operand is effectively boolean. | |
(Advisory) Tests of a value against zero should be made explicit, unless the operand is effectively boolean. | |
(Required) Floating-point expressions shall not be tested for equality or inequality. | |
(Required) The controlling expression of a for statement shall not contain any objects of floating type. | |
(Required) The three expressions of a for statement shall be concerned only with loop control. | |
(Required) Numeric variables being used within a for loop for iteration counting shall not be modified in the body of the loop. | |
(Required) Boolean operations whose results are invariant shall not be permitted. | |
(Required) Boolean operations whose results are invariant shall not be permitted. | |
(Required) There shall be no unreachable code. | |
(Required) All non-null statements shall either have at least one side effect however executed, or cause control flow to change. | |
(Required) Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a whitespace character. | |
(Required) The goto statement shall not be used. | |
(Required) The continue statement shall not be used. | |
(Required) For any iteration statement, there shall be at most one break statement used for loop termination. | |
(Required) A function shall have a single point of exit at the end of the function. | |
(Required) The statement forming the body of a switch, while, do ... while, or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while, or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while, or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while, or for statement shall be a compound statement. | |
(Required) An if expression construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement or another if statement. | |
(Required) All if ... else if constructs shall be terminated with an else clause. | |
(Required) The MISRA C switch syntax shall be used. | |
(Required) A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement. | |
(Required) An unconditional break statement shall terminate every non-empty switch clause. | |
(Required) The final clause of a switch statement shall be the default clause. | |
(Required) A switch expression shall not represent a value that is effectively boolean. | |
(Required) Every switch statement shall have at least one case clause. | |
(Required) Functions shall not be defined with a variable number of arguments. | |
(Required) Functions shall not call themselves, either directly or indirectly. | |
(Required) Functions shall not call themselves, either directly or indirectly. This is a link analysis check. | |
(Required) Identifiers shall be given for all of the parameters in a function prototype declaration. | |
(Required) The identifiers used in the declaration and definition of a function shall be identical. This is a link analysis check. | |
(Required) Functions with no parameters shall be declared and defined with the parameter list void. | |
(Required) A pointer parameter in a function prototype should be declared as pointer to const if the pointer is not used to modify the addressed object. | |
(Required) All exit paths from a function with non-void return type shall have an explicit return statement with an expression. | |
(Required) A function identifier shall only be used with either a preceding &, or with a parenthesized parameter list, which may be empty. | |
(Required) If a function returns error information, then that error information shall be tested. | |
(Required) Pointer arithmetic shall only be applied to pointers that address an array or array element. | |
(Required) Pointer arithmetic shall only be applied to pointers that address an array or array element. | |
(Required) Pointer arithmetic shall only be applied to pointers that address an array or array element. | |
(Required) Pointer subtraction shall only be applied to pointers that address elements of the same array. Note: This rule will only accept arrays of the form '<type> <name>[<size>]'. | |
(Required) >, >=, < and <= shall not be applied to pointer types except where they point to the same array. | |
(Required) Array indexing shall be the only allowed form of pointer arithmetic. | |
(Required) Array indexing shall be the only allowed form of pointer arithmetic. | |
(Required) The declaration of objects should contain no more than two levels of pointer indirection. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) All structure and union types shall be complete at the end of the translation unit. | |
(Required) An object shall not be assigned to an overlapping object. | |
(Required) Unions shall not be used. | |
(Advisory) #include statements in a file should only be preceded by other preprocessor directives or comments. | |
(Advisory) Non-standard characters should not occur in header file names in #include directives. | |
(Required) C macros shall only expand to a braced initialiser, a constant, a string literal, a parenthesised expression, a type qualifier, a storage class specifier, or a do-while-zero construct. | |
(Required) Macros shall not be #define'd or #undef'd within a block. | |
(Required) #undef shall not be used. | |
(Advisory) A function should be used in preference to a function-like macro. | |
(Required) In the definition of a function-like macro each instance of a parameter shall be enclosed in parentheses unless it is used as the operand of # or ##. | |
(Required) There shall be at most one occurrence of the # or ## preprocessor operators in a single macro definition. | |
(Advisory) The # and ## preprocessor operators should not be used. | |
(Required) Precautions shall be taken in order to prevent the contents of a header file being included twice. | |
(Required) Reserved identifiers, macros, and functions in the standard library shall not be defined, redefined, or undefined. | |
(Required) The names of standard library macros, objects and functions shall not be reused. | |
(Required) The validity of values passed to library functions shall be checked (>0 case). | |
(Required) The validity of values passed to library functions shall be checked (>=0 case). | |
(Required) The validity of values passed to library functions shall be checked (!=0 case). | |
(Required) The validity of values passed to library functions shall be checked (<=1 case). | |
(Required) The validity of values passed to library functions shall be checked (<1 case). | |
(Required) The validity of values passed to library functions shall be checked (>=-1 case). | |
(Required) The validity of values passed to library functions shall be checked (>-1 case). | |
(Required) The validity of values passed to library functions shall be checked (<=255 case). | |
(Required) The validity of values passed to library functions shall be checked (min value case). | |
(Required) Dynamic heap memory allocation shall not be used. | |
(Required) The error indicator errno shall not be used. | |
(Required) The macro offsetof in the stddef.h library shall not be used. | |
(Required) The setjmp macro and the longjmp function shall not be used. | |
(Required) The signal handling facilities of signal.h shall not be used. | |
(Required) The input/output library stdio.h shall not be used in production code. | |
(Required) The functions atof, atoi, and atol from the library stdlib.h shall not be used. | |
(Required) The functions abort, exit, getenv, and system from the library stdlib.h shall not be used. | |
(Required) The time handling functions of time.h shall not be used. | |
(Required) Assembly language shall be encapsulated and isolated | |
(Advisory) Sections of code should not be "commented out" Code sections in comments were found where the comment ends with a ';', '{', or '}' character. | |
(Advisory) Identifiers in the same namespace, with overlapping visibility, should be typographically unambiguous. | |
(Advisory) typedefs that indicate size and signedness should be used in place of the basic numerical types The basic types char, int, short, long, double, and float are used without a typedef. Best practice is to use typedefs for portability. | |
(Advisory) typedefs that indicate size and signedness should be used in place of the basic numerical types | |
(Required) If a function returns error information, then that error information shall be tested. | |
(Required) If a function returns error information, then that error information shall be tested. | |
(Required) If a function returns error information, then that error information shall be tested. | |
(Advisory) If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden. | |
(Advisory) A function should be used in preference to a function-like macro where they are interchangeable | |
(Required) Precautions shall be taken in order to prevent the contents of a header file being included more than once | |
(Required) The validity of values passed to library functions shall be checked (>0 case). | |
(Required) The validity of values passed to library functions shall be checked (>=0 case). | |
(Required) The validity of values passed to library functions shall be checked (!=0 case). | |
(Required) The validity of values passed to library functions shall be checked (<=1 case). | |
(Required) The validity of values passed to library functions shall be checked (<1 case). | |
(Required) The validity of values passed to library functions shall be checked (>=-1 case). | |
(Required) The validity of values passed to library functions shall be checked (>-1 case). | |
(Required) The validity of values passed to library functions shall be checked (<=255 case). | |
(Required) The validity of values passed to library functions shall be checked (min value case). | |
(Required) Dynamic memory allocation shall not be used. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an approriate sequence. A mutex is locked and then never released. This might cause a deadlock. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an approriate sequence. Memory is allocated, but then the pointer value is lost due to reassignment or its scope ending, without a guarantee of the value being propagated or the memory being freed. There must be no possible execution path during which the value is not freed, returned, or passed into another function as an argument, before it is lost. This is a memory leak. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an approriate sequence. One or more file pointers are never closed. To avoid failure caused by resource exhaustion, all file pointers obtained dynamically by means of Standard Library functions must be explicitly released. Releasing them as soon as possible reduces the risk that exhaustion will occur. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence. Memory is being accessed after it has been deallocated. The application might appear to run normally, but the operation is illegal. The most likely result is a crash, but the application might keep running with erroneous or corrupt data. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence. A pointer is used after it has been freed. This might cause data corruption or an application crash. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence. A file resource is referred to after it has been closed. When a file has been closed, any reference to it is invalid. Using this reference might cause an application crash. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence. A pointer is freed without having been allocated. | |
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence. A struct field is deallocated without first having been allocated. This might cause a runtime error. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) The validity of values received from external sources shall be checked. | |
(Required) Evaluation of floating-point expressions shall not lead to the undetected generation of infinities and NaNs. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) There shall be no occurrence of undefined or critical unspecified behavior. | |
(Required) Emergent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. | |
(Required) Obsolescent language features shall not be used. Invoking realloc with a size argument equal to zero is an obsolescent feature. | |
(Required) A project shall not contain unreachable code. | |
(Required) A project shall not contain unreachable code. | |
(Required) There shall be no dead code. | |
(Required) There shall be no dead code. | |
(Required) There shall be no dead code. | |
(Advisory) A project should not contain unused type declarations. This is a link analysis check. | |
(Advisory) A project should not contain unused tag declarations. This is a link analysis check. | |
(Advisory) A project should not contain unused macro declarations. This is a link analysis check. | |
(Advisory) A function should not contain unused label declarations. | |
(Advisory) There should be no unused parameters in functions. | |
(Advisory) A project should not contain unused Object definitions. This is a link analysis check. | |
(Advisory) A project should not contain unused Object definitions. This is a link analysis check. | |
(Advisory) A project should not contain unused Object definitions. | |
(Required) The character sequences /* and // shall not be used within a comment. | |
(Required) Line-splicing shall not be used in // comments. | |
(Required) Octal or hexadecimal escape sequences shall be terminated. | |
(Required) External identifiers shall be distinct. This is a link analysis check. | |
(Required) Identifiers declared in the same scope and name space shall be distinct. | |
(Required) Identifiers declared in the same scope and name space shall be distinct. | |
(Required) An identifier declared in an inner scope shall not hide an identifier declared in an outer scope. | |
(Required) An identifier declared in an inner scope shall not hide an identifier declared in an outer scope. | |
(Required) Macro identifiers shall be distinct. | |
(Required) Macro identifiers shall be distinct. | |
(Required) Identifiers shall be distinct from macro names. | |
(Required) Identifiers shall be distinct from macro names. | |
(Required) A typedef name shall be a unique identifier. This is a link analysis check. | |
(Required) A tag name shall be a unique identifier. This is a link analysis check. | |
(Required) Identifiers that define objects or functions with external linkage shall be unique. This is a link analysis check. | |
(Advisory) Identifiers that define objects or functions with internal linkage should be unique. This is a link analysis check. | |
(Required) Bitfields shall only be declared with an appropriate type. | |
(Required) Single-bit named bitfields shall not be of a signed type. | |
(Required) A bit field shall not be declared as a member of a union. | |
(Required) Octal constants shall not be used. | |
(Required) A "u" or "U" suffix shall be applied to all integer constants that are represented in an unsigned type. | |
(Required) The lowercase character "l" shall not be used in a literal suffix. | |
(Required) A string literal shall not be assigned to an object unless the object's type is "pointer to const-qualified char". | |
(Required) A string literal shall not be assigned to an object unless the object's type is "pointer to const-qualified char". | |
(Mandatory) The argument of an integer constant macro shall have an appropriate form. | |
(Required) The small integer variants of the minimum-width integer constant macros shall not be used. | |
(Required) Types shall be explicitly specified. | |
(Required) Function types shall be in prototype form with named parameters. | |
(Required) Function types shall be in prototype form with named parameters. | |
(Required) All declarations of an object or function shall use the same names and type qualifiers. This is a link analysis check. | |
(Required) A compatible declaration shall be visible when an object or function with external linkage is defined. | |
(Required) An external object or function shall be declared once in one and only one file. | |
(Required) An external object or function shall be declared once in one and only one file. This is a link analysis check. | |
(Required) An identifier with external linkage shall have exactly one external definition. This is a link analysis check. | |
(Advisory) Functions and objects should not be defined with external linkage if they are referenced in only one translation unit. This is a link analysis check. | |
(Advisory) An object should be defined at block scope if its identifier only appears in a single function. | |
(Advisory) An object should be defined at block scope if its identifier only appears in a single function. This is a link analysis check. | |
(Required) An inline function shall be declared with the static storage class. | |
(Advisory) When an array with external linkage is declared, its size should be explicitly specified. | |
(Required) The value of an implicitly-specified enumeration constant shall be unique. | |
(Advisory) A pointer should be const-qualified whenever possible. | |
(Required) The restrict type qualifier shall not be used. | |
(Required) All declarations of an object with an explicit alignment specification shall specify the same alignment. This is a link analysis check. | |
(Advisory) The alignment specification of zero should not appear in an object declaration. | |
(Advisory) At most one explicit alignment specifier should appear in an object declaration. | |
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set. | |
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set. | |
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set. | |
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set. | |
(Required) The initializer for an aggregate or union shall be enclosed in braces. | |
(Required) Arrays shall not be partially initialized. | |
(Required) An element of an object shall not be initialized more than once. | |
(Required) Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly. | |
(Required) Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly. | |
(Required) An initializer using chained designators shall not contain initializers without designators. | |
(Mandatory) Atomic objects shall be appropriately initialized before being accessed. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. | |
(Required) Operands shall not be of an inappropriate essential type. The right-hand operand of a shift operator is not of essentially unsigned type, meaning that undefined behavior might result from a negative shift. | |
(Required) Operands shall not be of an inappropriate essential type. An operand of essentially unsigned typed is used as the operand to the unary minus operator. This is problematic because the signedness of the result is determined by the implementation-defined size of int. | |
(Required) The inherent nature of floating-point types is such that comparisons of equality will often not evaluate to true even when they are expected to. | |
(Required) Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations. | |
(Required) The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category | |
(Required) Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category. | |
(Required) The second and third operands of the ternary operator shall have the same essential type category. | |
(Advisory) The value of an expression should not be cast to an inappropriate essential type. | |
(Required) The value of a composite expression shall not be assigned to an object with wider essential type | |
(Required) If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type | |
(Required) The value of a composite expression shall not be cast to a different essential type category or a wider essential type | |
(Required) Conversions shall not be performed between a pointer to a function and any other type | |
(Required) Conversions shall not be performed between a pointer to an incomplete type and any other types. | |
(Required) A cast shall not be performed between a pointer to object type and a pointer to a different object type A pointer to object type is cast to a pointer to a different object type. Conversions of this type might be invalid if the new pointer type requires a stricter alignment. | |
(Advisory) A conversion should not be performed between a pointer to object and an integer type | |
(Advisory) A conversion should not be performed from pointer to void into pointer to object. | |
(Required) A cast shall not be performed between pointer to void and an arithmetic type. | |
(Required) A cast shall not be performed between pointer to object and a non-integer arithmetic type | |
(Required) A cast shall not remove any const or volatile qualification from the type pointed to by a pointer A cast that removes a const or volatile qualification was found. This violates the principle of type qualification. Changes to the qualification of the pointer during the cast were not checked for. | |
(Required) The macro NULL shall be the only permitted form of integer null pointer constant | |
(Required) The _Atomic qualifier shall not be applied to the incomplete type void | |
(Advisory) The precedence of operators within expressions should be made explicit | |
(Required) The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand | |
(Advisory) The comma operator should not be used | |
(Advisory) Evaluation of constant expressions should not lead to unsigned integer wrap-around | |
(Mandatory) The sizeof operator shall not have an operand which is a function parameter declared as `array of type'. | |
(Required) Structure and union members of atomic objects shall not be directly accessed | |
(Required) Initializer lists shall not contain persistent side effects | |
(Required) The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders | |
(Required) The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders | |
(Required) The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders | |
(Advisory) A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator | |
(Advisory) The result of an assignment operator should not be used | |
(Advisory) The result of an assignment operator should not be used | |
(Required) The right hand operand of a logical && or || operator shall not contain persistent side effects | |
(Required) The operand of the sizeof operator shall not contain any expression which has potential side effects | |
(Required) A loop counter shall not have essentially floating type. | |
(Required) A loop counter shall not have essentially floating type | |
(Required) A | |
(Required) Controlling expressions shall not be invariant | |
(Required) Controlling expressions shall not be invariant | |
(Required) The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type | |
(Required) The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type | |
(Required) The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type | |
(Required) The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type | |
(Advisory) The goto statement should not be used | |
(Required) The goto statement shall jump to a label declared later in the same function | |
(Required) Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement | |
(Advisory) There should be no more than one break or goto statement used to terminate any iteration statement | |
(Advisory) A function should have a single point of exit at the end | |
(Required) The body of an iteration-statement or a selection-statement shall be acompound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be acompound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be acompound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be acompound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be acompound-statement | |
(Required) All if ... else if constructs shall be terminated with an else clause containing either a side effect or a comment | |
(Required) All switch statements shall be well-formed | |
(Required) A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement | |
(Required) An unconditional break statement shall terminate every switch-clause | |
(Required) Every switch statement shall have a default label | |
(Required) A default label shall appear as either the first or the last switch label of a switch statement | |
(Required) Every switch statement shall have at least two switch-clauses | |
(Required) A switch-expression shall not have essentially Boolean type | |
(Required) The features of <stdarg.h> shall not be used | |
(Required) Functions shall not call themselves, either directly or indirectly | |
(Required) Functions shall not call themselves, either directly or indirectly This is a link analysis check. | |
(Mandatory) A function shall not be declared implicitly | |
(Mandatory) All exit paths from a function with non-void return type shall have an explicit return statement with an expression | |
(Required) The function argument corresponding to a parameter declared to have an array type shall have an appropriate number of elements. | |
(Mandatory) The declaration of an array parameter shall not contain the static keyword between the [ ] | |
(Required) The value returned by a function having non-void return type shall be used | |
(Advisory) A function parameter should not be modified. | |
(Mandatory) A function declared with a _Noreturn function specifier shall not return to its caller. | |
(Required) A function declared with a _Noreturn function specifier shall have void return type. | |
(Advisory) A function that never returns should be declared with a _Noreturn function specifier. | |
(Advisory) A function identifier should only be used with either a preceding &, or with a parenthesized parameter list. | |
(Required) A function type shall not be type qualified. | |
(Required) A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | |
(Required) A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | |
(Required) A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | |
(Required) A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | |
(Required) Subtraction between pointers shall only be applied to pointers that address elements of the same array. Note: This rule will only accept arrays of the form '<type> <name>[<size>]'. | |
(Required) The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object. | |
(Required) The +, -, += and -= operators should not be applied to an expression of pointer type. | |
(Advisory) Declarations should contain no more than two levels of pointer nesting | |
(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist | |
(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist | |
(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist | |
(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist | |
(Required) Flexible array members shall not be declared | |
(Required) Variable-length array types shall not be used | |
(Required) An object with temporary lifetime shall not undergo array-to-pointer conversion | |
(Mandatory) Pointers to variably-modified array types shall not be used | |
(Mandatory) An object shall not be assigned or copied to an overlapping object | |
(Advisory) The union keyword should not be used | |
(Advisory) #include directives should only be preceded by preprocessor directives or comments. | |
(Required) The ',' or characters and the /* or // character sequences shall not occur in a header file name | |
(Required) A macro shall not be defined with the same name as a keyword | |
(Required) A macro shall not be defined with the same name as a keyword | |
(Advisory) #undef should not be used | |
(Required) Tokens that look like a preprocessing directive shall not occur within a macro argument. | |
(Required) Tokens that look like a preprocessing directive shall not occur within a macro argument. | |
(Required) The expansion of macro parameters shall be enclosed in parentheses. | |
(Advisory) The # and ## preprocessor operators should not be used | |
(Required) A macro parameter immediately following a # operator shall not immediately be followed by a ## operator. | |
(Required) A line whose first token is # shall be a valid preprocessing directive. | |
(Required) All #else, #elif, and #endif preprocessor directives shall reside in the same file as the #if, #ifdef, or #ifndef directive to which they are related. | |
(Required) #define and #undef shall not be used on a reserved identifier or reserved macro name | |
(Required) A reserved identifier or macro name shall not be declared | |
(Required) The memory allocation and deallocation functions of <stdlib.h> shall not be used. | |
(Required) The standard header file setjmp.h shall not be used | |
(Required) The standard header file signal.h shall not be used | |
(Required) The Standard Library input/output functions shall not be used | |
(Required) The atof, atoi, atol and atoll functions of stdlib.h shall not be used | |
(Required) The Standard Library termination functions of <stdlib.h> shall not be used. | |
(Required) The library functions bsearch and qsort of stdlib.h shall not be used | |
(Required) The Standard Library time and date functions shall not be used | |
(Advisory) The standard header file tgmath.h should not be used | |
(Required) The exception-handling features of <fenv.h> should not be used. | |
(Required) The exception handling features of <fenv.h> shall not be used. | |
(Required) The standard header file <fenv.h> shall not be used. | |
(Mandatory) The relevant functions from <ctype.h> are defined to take an int argument where the expected value is either in the range of an unsigned char or is a negative value equivalent to EOF. The use of any other values results in undefined behaviour. | |
(Required) The Standard Library function memcmp shall not be used to compare null terminated strings. If the length of either of the two strings is less than n, then they may compare as different even when they are logically the same. | |
(Required) The pointer arguments to the Standard Library functions memcpy, memmove and memcmp shall be pointers to qualified or unqualified versions of compatible types. | |
(Required) The pointer arguments to the Standard Library function memcmp shall point to either a pointer type, an essentially signed type, an essentially unsigned type, an essentially Boolean type or an essentially enum type | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) Use of the string handling functions from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters. | |
(Mandatory) The size_t argument passed to any function in <string.h> shall have an appropriate value. | |
(Mandatory) The size_t argument passed to any function in <string.h> shall have an appropriate value | |
(Mandatory) The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type. | |
(Mandatory) The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type. | |
(Mandatory) The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, getenv, setlocale or strerror shall not be used following a subsequent call to the same function. | |
(Required) The Standard Library function system of <stdlib.h> shall not be used. | |
(Mandatory) All operand arguments to any type-generic macros declared in <tgmath.h> shall have an appropriate essential type. | |
(Required) All operand arguments to any multi-argument type-generic macros declared in <tgmath.h> shall have the same standard type. | |
(Required) The random number generator functions of <stdlib.h> shall not be used | |
(Required) All memory synchronization operations shall be executed in sequentially consistent order | |
(Required) All resources obtained dynamically by means of Standard Library functions shall be explicitly released | |
(Required) All resources obtained dynamically by means of Standard Library functions shall be explicitly released | |
(Mandatory) A block of memory shall only be freed if it was allocated by means of a Standard Library function | |
(Mandatory) A block of memory shall only be freed if it was allocated by means of a Standard Library function | |
(Mandatory) A block of memory shall only be freed if it was allocated by means of a Standard Library function | |
(Required) The same file shall not be open for read and write access at the same time on different streams. | |
(Mandatory) There shall be no attempt to write to a stream which has been opened as read-only | |
(Mandatory) A pointer to a FILE object shall not be dereferenced | |
(Mandatory) A pointer to a FILE object shall not be dereferenced | |
(Mandatory) The value of a pointer to a FILE shall not be used after the associated stream has been closed | |
(Required) The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF | |
The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF | |
(Required) The value of | |
(Required) The value of | |
(Required) The value of | |
(Advisory) A generic selection should only be expanded from a macro. | |
(Required) A generic selection that is not expanded from a macro shall not contain potential side effects in the controlling expression. | |
(Advisory) A generic selection should contain at least one non-default association. | |
(Advisory) A generic association shall list an appropriate type. | |
(Advisory) A generic selection should not depend on implicit pointer type conversion. | |
(Required) The controlling expression of a generic selection shall have an essential type that matches its standard type. | |
(Advisory) A generic selection that is expanded from a macro should evaluate its argument only once. | |
(Required) A default association shall appear as either the first or the last association of a generic selection. | |
(Required) A project shall not contain unreachable code. | |
(Required) A project shall not contain infeasible paths. | |
(Required) A project shall not contain infeasible paths. | |
(Required) A project shall not contain infeasible paths. | |
(Required) A project shall not contain unused variables. | |
(Required) A project shall not contain non-volatile POD variables having only one use. | |
(Required) A project shall not contain non-volatile POD variables having only one use. | |
(Required) A project shall not contain unused type declarations. | |
(Required) A project shall not contain instances of non-volatile variables being given values that are never subsequently used. | |
(Required) The value returned by a function having a non-void return type that is not an overloaded operator shall always be used. | |
(Required) All functions with void return type shall have external side effect(s). | |
(Required) There shall be no dead code. | |
(Required) There shall be no unused parameters (named or unnamed) in nonvirtual functions. | |
(Required) There shall be no unused parameters (named or unnamed) in the set of parameters for a virtual function and all the functions that override it. | |
(Required) An object shall not be assigned to an overlapping object. | |
(Required) If a function generates error information, then that error information shall be tested. | |
(Required) The character sequence /* shall not be used within a C-style comment. | |
(Required) Sections of code shall not be "commented out" using C-style comments. | |
(Advisory) Sections of code should not be "commented out" using C++ comments. | |
(Required) Different identifiers shall be typographically unambiguous. | |
(Required) Identifiers declared in an inner scope shall not hide an identifier declared in an outer scope. | |
(Required) A typedef name (including qualification, if any) shall be a unique identifier. This is a link analysis check. | |
(Required) A class, union or enum name (including qualification, if any) shall be a unique identifier. This is a link analysis check. | |
(Advisory) The identifier name of a non-member object or function with static storage duration should not be reused. | |
(Required) If an identifier refers to a type, it shall not also refer to an object or a function in the same scope. | |
(Required) Only those escape sequences that are defined in ISO/IEC 14882:2003 shall be used. | |
(Required) Octal constants (other than zero) and octal escape sequences (other than 0) shall not be used. | |
(Required) A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type. | |
(Required) Literal suffixes shall be upper case. | |
(Required) Literal suffixes shall be upper case. | |
(Required) Narrow and wide string literals shall not be concatenated. | |
(Required) It shall be possible to include any header file in multiple translation units without violating the One Definition Rule. | |
(Required) It shall be possible to include any header file in multiple translation units without violating the One Definition Rule. | |
(Required) Functions shall not be declared at block scope. | |
(Required) When an array is declared, its size shall either be stated explicitly or defined implicitly by initialization. | |
(Required) All declarations of an object or function shall have compatible types. | |
(Required) The One Definition Rule shall not be violated. This is a link analysis check. | |
(Required) A type, object or function that is used in multiple translation units shall be declared in one and only one file. | |
(Required) A type, object or function that is used in multiple translation units shall be declared in one and only one file. This is a link analysis check. | |
(Required) An identifier with external linkage shall have exactly one definition. This is a link analysis check. | |
(Required) Objects or functions with external linkage shall be declared in a header file. | |
(Advisory) typedefs that indicate size and signedness should be used in place of the basic numerical types. | |
(Required) The underlying bit representations of floating-point values shall not be used. | |
(Required) Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and !=, the unary & operator, and the conditional operator. | |
(Required) Expressions with type enum shall not be used as operands to builtin operators other than the subscript operator [ ], the assignment operator =, the equality operators == and !=, the unary & operator, and the relational operators <, <=, >, >=. | |
(Required) Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and !=, and the unary & operator. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Required) The value of an expression shall be the same under any order of evaluation that the standard permits. | |
(Advisory) Limited dependence should be placed on C++ operator precedence rules in expressions. | |
(Required) A cvalue expression shall not be implicitly converted to a different underlying type. | |
(Required) An implicit integral conversion shall not change the signedness of the underlying type. | |
(Required) There shall be no implicit floating-integral conversions. | |
(Required) An implicit integral or floating-point conversion shall not reduce the size of the underlying type. | |
(Required) There shall be no explicit floating-integral conversions of a cvalue expression. | |
(Required) An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression. | |
(Required) An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression. | |
(Required) If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand. | |
(Required) The condition of an if-statement and the condition of an iteration-statement shall have type bool. | |
(Required) The condition of an if-statement and the condition of an iteration-statement shall have type bool. | |
(Required) The condition of an if-statement and the condition of an iteration-statement shall have type bool. | |
(Required) The condition of an if-statement and the condition of an iteration-statement shall have type bool. | |
(Required) The first operand of a conditional-operator shall have type bool. | |
(Required) Array indexing shall be the only form of pointer arithmetic. | |
(Required) Array indexing shall be the only form of pointer arithmetic. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array. | |
(Required) Subtraction between pointers shall only be applied to pointers that address elements of the same array. | |
(Required) >, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array. | |
(Required) The declaration of objects shall contain no more than two levels of pointer indirection. | |
(Required) Bitwise operators shall only be applied to operands of unsigned underlying type. | |
(Required) A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast. | |
(Required) C-style casts (other than void casts) and functional notation casts (other than explicit constructor calls) shall not be used. | |
(Required) A cast shall not remove any const or volatile qualification from the type of a pointer or reference. | |
(Required) A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type. | |
(Required) An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly. | |
(Required) An object with integer type or pointer to void type shall not be converted to an object with pointer type. | |
(Advisory) A cast should not convert a pointer type to an integral type. | |
(Advisory) The increment (++) and decrement (--) operators should not be mixed with other operators in an expression. | |
(Required) The comma operator, && operator and the || operator shall not be overloaded. | |
(Required) The comma operator, && operator and the || operator shall not be overloaded. | |
(Required) An identifier with array type passed as a function argument shall not decay to a pointer. | |
(Required) Each operand of the ! operator, the logical && or the logical || operators shall have type bool. | |
(Required) The unary minus operator shall not be applied to an expression whose underlying type is unsigned. | |
(Required) The unary & operator shall not be overloaded. | |
(Required) Evaluation of the operand to the sizeof operator shall not contain side effects. | |
(Required) The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand. | |
(Required) The right hand operand of a logical && or || operator shall not contain side effects. | |
(Required) The comma operator shall not be used. | |
(Advisory) Evaluation of constant unsigned integer expressions should not lead to wrap-around. | |
(Required) Assignment operators shall not be used in sub-expressions. | |
(Required) Floating-point expressions shall not be directly or indirectly tested for equality or inequality. | |
(Required) Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white-space character. | |
(Required) The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. | |
(Required) The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. | |
(Required) An if ( condition ) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement. | |
(Required) All if ... else if constructs shall be terminated with an else clause. | |
(Required) A switch statement shall be a well-formed switch statement. | |
(Required) A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement. | |
(Required) An unconditional throw or break statement shall terminate every non-empty switch-clause. | |
(Required) The final clause of a switch statement shall be the default-clause. | |
(Required) The condition of a switch statement shall not have bool type. | |
(Required) Every switch statement shall have at least one case-clause. | |
(Required) A for loop shall contain a single loop-counter which shall not have floating type. | |
(Required) A for loop shall contain a single loop-counter which shall not have floating type. | |
(Required) If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=. | |
(Required) The loop-counter shall not be modified within condition or statement. | |
(Required) The loop-counter shall be modified by one of: --, ++, -=n, or +=n; where n remains constant for the duration of the loop. | |
(Required) A loop-control-variable other than the loop-counter shall not be modified within condition or expression. | |
(Required) A loop-control-variable other than the loop-counter which is modified in statement shall have type bool. | |
(Required) Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement. | |
(Required) The goto statement shall jump to a label declared later in the same function body. | |
(Required) For any iteration statement there shall be no more than one break or goto statement used for loop termination. | |
(Required) A function shall have a single point of exit at the end of the function. | |
(Required) A variable which is not modified shall be const qualified. | |
(Required) A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified. | |
(Required) An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration. | |
(Required) The global namespace shall only contain main, namespace declarations and extern C declarations. | |
(Required) The identifier main shall not be used for a function other than the global function main. | |
(Required) There shall be no unnamed namespaces in header files. | |
(Required) Assembler language shall be encapsulated and isolated. | |
(Required) A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function. | |
(Required) A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist. | |
(Advisory) Functions should not call themselves, either directly or indirectly. | |
(Advisory) Functions should not call themselves, either directly or indirectly. This is a link analysis check. | |
(Required) An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively. | |
(Required) Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments. | |
(Required) Functions shall not be defined using the ellipsis notation. | |
(Required) The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration. This is a link analysis check. | |
(Required) The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration. | |
(Required) All exit paths from a function with non-void return type shall have an explicit return statement with an expression. | |
(Required) A function identifier shall either be used to call the function or it shall be preceded by &. | |
(Required) All variables shall have a defined value before they are used. | |
(Required) All variables shall have a defined value before they are used. | |
(Required) All variables shall have a defined value before they are used. | |
(Required) Braces shall be used to indicate and match the structure in the nonzero initialization of arrays and structures. | |
(Required) const member functions shall not return non-const pointers or references to class-data. | |
(Required) Member functions shall not return non-const handles to class-data. | |
(Required) Unions shall not be used. | |
(Required) Bit-fields shall be either bool type or an explicitly unsigned or signed integral type. | |
(Required) Bit-fields shall not have enum type. | |
(Required) Named bit-fields with signed integer type shall have a length of more than one bit. | |
(Advisory) Classes should not be derived from virtual bases. | |
(Required) An accessible base class shall not be both virtual and non-virtual in the same hierarchy | |
(Required) An object's dynamic type shall not be used from the body of its constructor or destructor. | |
(Required) An object's dynamic type shall not be used from the body of its constructor or destructor. | |
(Required) All constructors that are callable with a single argument of fundamental type shall be declared explicit. | |
(Required) In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this->. | |
(Advisory) An exception object should not have pointer type. | |
(Required) NULL shall not be thrown explicitly. | |
(Required) An empty throw (throw;) shall only be used in the compound-statement of a catch handler. | |
(Required) Exceptions shall be raised only after start-up and before termination of the program. | |
(Advisory) There should be at least one exception handler to catch all otherwise unhandled exceptions | |
(Required) Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases. | |
(Required) Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point. | |
(Required) A class type exception shall always be caught by reference. | |
(Required) A class destructor shall not exit with an exception. | |
(Required) #include directives in a file shall only be preceded by other preprocessor directives or comments. | |
(Required) #undef shall not be used. | |
(Required) Function-like macros shall not be defined. | |
(Required) C++ macros shall only be used for: include guards, type qualifiers, or storage class specifiers. | |
(Required) Include guards shall be provided. | |
(Required) The ', ", /* or // characters shall not occur in a header file name. | |
(Advisory) The backslash character should not occur in a header file name. | |
(Required) There shall be at most one occurrence of the # or ## operators in a single macro definition. | |
(Advisory) The # and ## operators should not be used. | |
(Required) Reserved identifiers, macros and functions in the standard library shall not be defined, redefined or undefined. | |
(Required) The names of standard library functions shall not be overridden. | |
(Required) The setjmp macro and the longjmp function shall not be used. | |
(Required) The C library shall not be used. | |
(Required) The library functions atof, atoi and atol from library cstdlib shall not be used. | |
(Required) The library functions abort, exit, getenv and system from library cstdlib shall not be used. | |
(Required) The time handling functions of library ctime shall not be used. | |
(Required) The unbounded functions of library <cstring> shall not be used. | |
(Required) The macro offsetof shall not be used. | |
(Required) Dynamic heap memory allocation shall not be used. | |
(Required) The signal handling facilities of csignal shall not be used. | |
(Required) The error indicator errno shall not be used. | |
(Required) The stream input/output library cstdio shall not be used. | |
(Required) A function shall not contain unreachable statements. | |
(Advisory) Controlling expressions should not be invariant | |
(Advisory) Controlling expressions should not be invariant. | |
(Advisory) Controlling expressions should not be invariant | |
(Advisory) A value should not be unnecessarily written to a local object | |
(Advisory) A value should not be unnecessarily written to a local object | |
(Required) The value returned by a function shall be used | |
(Advisory) Variables with limited visibility should be used at least once | |
(Required) A named function parameter shall be used at least once | |
(Required) A named function parameter shall be used at least once | |
(Advisory) Types with limited visibility should be used at least once | |
(Advisory) Functions with limited visibility should be used at least once This is a link analysis check. | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Advisory) Deprecated features should not be used | |
(Required) The character sequence /* shall not be used within a C-style comment | |
(Advisory) Sections of code should not be "commented out" | |
(Advisory) Sections of code should not be "commented out" | |
(Required) Line-splicing shall not be used in // comments | |
(Required) User-defined identifiers shall have an appropriate form | |
(Required) Within character literals and non raw-string literals, \ shall only be used to form a defined escape sequence or universal character name | |
(Required) Octal escape sequences, hexadecimal escape sequences and universal character names shall be terminated | |
(Required) Octal constants shall not be used | |
(Required) Unsigned integer literals shall be appropriately suffixed | |
(Required) The lowercase form of L shall not be used as the first character in a literal suffix | |
(Required) An integer-literal of type long long shall not use a single L or l in any suffix | |
(Required) String literals with different encoding prefixes shall not be concatenated | |
(Required) Block scope declarations shall not be visually ambiguous | |
(Required) Block scope declarations shall not be visually ambiguous | |
(Advisory) When an array with external linkage is declared, its size should be explicitly specified | |
(Advisory) The only declarations in the global namespace should be main, namespace declarations and extern C declarations | |
(Required) The identifier main shall not be used for a function other than the global function main. | |
(Required) The one-definition rule shall not be violated This is a link analysis check. | |
(Required) The source code used to implement an entity shall appear only once This is a link analysis check. | |
(Required) The source code used to implement an entity shall appear only once | |
(Required) A header file shall not contain definitions of functions or objects that are non-inline and have external linkage | |
(Required) A header file shall not contain definitions of functions or objects that are non-inline and have external linkage | |
(Required) A variable declared in an inner scope shall not hide a variable declared in an outer scope | |
(Required) Derived classes shall not conceal functions that are inherited from their bases. | |
(Required) A name that is present in a dependent base shall not be resolved by unqualified lookup | |
(Advisory) A function or object with external linkage should be introduced in a header file | |
(Advisory) Internal linkage should be specified appropriately. | |
(Required) Local variables shall not have static storage duration | |
(Required) Global variables shall not be used | |
(Mandatory) A function must not return a reference or a pointer to a local variable with automatic storage duration | |
(Mandatory) A function must not return a reference or a pointer to a local variable with automatic storage duration | |
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime | |
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime | |
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime | |
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime | |
(Advisory) Member functions returning references to their object should be ref-qualified appropriately | |
(Required) The same type aliases shall be used in all declarations of the same entity | |
(Advisory) The names of the standard signed integer types and standard unsigned integer types should not be used | |
(Required) There shall be no conversion from type bool | |
(Required) There shall be no conversion to type bool | |
(Required) The numerical value of a character shall not be used | |
(Required) The operands of bitwise operators and shift operators shall be appropriate | |
(Required) Integral promotion and the usual arithmetic conversions shall not change the signedness or the type category of an operand | |
(Required) Assignment between numeric types shall be appropriate | |
(Required) Assignment between numeric types shall be appropriate | |
(Required) nullptr shall be the only form of the null-pointer-constant | |
(Required) An array passed as a function argument shall not decay to a pointer | |
(Required) A conversion from function type to pointer-to-function type shall only occur in appropriate contexts | |
(Advisory) Parentheses should be used to make the meaning of an expression appropriately explicit | |
(Required) A non-transient lambda shall not implicitly capture | |
(Advisory) Variables should be captured explicitly in a non-transient lambda | |
(Required) A virtual base class shall only be cast to a derived class by means of dynamic_cast | |
(Required) C-style casts and functional notation casts shall not be used | |
(Required) A cast shall not remove any const or volatile qualification from the type accessed via a pointer or by reference | |
(Required) Casts shall not be performed between a pointer to function and any other type | |
(Required) reinterpret_cast shall not be used | |
(Required) An object with integral, enumerated, or pointer to void type shall not be cast to a pointer type | |
(Advisory) A cast should not convert a pointer type to an integral type | |
(Required) An object pointer type shall not be cast to an integral type other than std::uintptr_t or std:intptr_t | |
(Required) The operand to typeid shall not be an expression of polymorphic class type | |
(Required) Functions shall not call themselves, either directly or indirectly | |
(Required) Functions shall not call themselves, either directly or indirectly This is a link analysis check. | |
(Required) An argument passed via ellipsis shall have an appropriate type | |
(Advisory) The built-in unary - operator should not be applied to an expression of unsigned type | |
(Advisory) The built-in unary + operator should not be used | |
(Required) Pointer arithmetic shall not form an invalid pointer | |
(Required) Pointer arithmetic shall not form an invalid pointer | |
(Required) Pointer arithmetic shall not form an invalid pointer | |
(Required) Subtraction between pointers shall only be applied to pointers that address elements of the same array | |
(Required) The built-in relational operators >, >=, < and <= shall not be applied to objects of pointer type, except where they point to elements of the same array | |
(Advisory) The right-hand operand of a logical && or || operator should not contain persistent side effects | |
(Mandatory) An object or subobject must not be copied to an overlapping object | |
(Advisory) The result of an assignment operator should not be used | |
(Advisory) The comma operator should not be used | |
(Advisory) An unsigned arithmetic operation with constant operands should not wrap | |
(Required) An explicit type conversion shall not be an expression statement | |
(Required) The body of an iteration-statement or a selection-statement shall be a compound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be a compound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be a compound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be a compound-statement | |
(Required) The body of an iteration-statement or a selection-statement shall be a compound-statement | |
(Required) All if... elseif constructs shall be terminated with an else statement | |
(Required) The structure of a switch statement shall be appropriate | |
(Required) The structure of a switch statement shall be appropriate | |
(Required) The structure of a switch statement shall be appropriate | |
(Required) The structure of a switch statement shall be appropriate | |
(Required) The structure of a switch statement shall be appropriate | |
(Required) The structure of a switch statement shall be appropriate | |
(Advisory) Legacy for statements should be simple | |
(Advisory) Legacy for statements should be simple | |
(Advisory) Legacy for statements should be simple | |
(Advisory) Legacy for statements should be simple | |
(Required) A for-range-initializer shall contain at most one function call | |
(Advisory) The goto statement should not be used | |
(Required) The goto statement shall jump to a label declared later in the function body | |
(Required) The goto statement shall jump to a label declared later in the function body | |
(Required) A function declared with the [[noreturn]] attribute shall not return | |
(Required) A function with non-void return type shall return a value on all paths | |
(Advisory) A declaration should not declare more than one variable or member variable | |
(Advisory) The target type of a pointer or lvalue reference parameter should be const-qualified appropriately | |
(Required) The volatile qualifier shall be used appropriately | |
(Required) An enumeration shall be defined with an explicit underlying type | |
(Advisory) Unscoped enumerations should not be declared | |
(Required) The numeric value of an unscoped enumeration with no fixed underlying type shall not be used | |
(Advisory) There should be no unnamed namespaces in header files | |
(Required) The asm declaration shall not be used | |
(Advisory) Variables of array type should not be declared | |
(Advisory) The declaration of an object should contain no more than two levels of pointer indirection | |
(Advisory) All variables should be initialized | |
(Mandatory) The value of an object must not be read before it has been set | |
(Required) Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique | |
(Advisory) Bit-fields should not be declared | |
(Required) A bit-field shall have an appropriate type | |
(Required) A named bit-field with signed integer type shall not have a length of one bit | |
(Required) The union keyword shall not be used | |
(Advisory) Classes should not be inherited virtually | |
(Required) An accessible base class shall not be both virtual and non-virtual in the same hierarchy | |
(Required) User-declared member functions shall use the virtual, override and final specifiers appropriately | |
(Required) Parameters in an overriding virtual function shall not specify different default arguments | |
(Required) The parameters in all declarations or overrides of a function shall either be unnamed or have identical names This is a link analysis check. | |
(Required) The parameters in all declarations or overrides of a function shall either be unnamed or have identical names | |
(Required) A comparison of a potentially virtual pointer to member function shall only be with nullptr | |
(Advisory) Non-static data members should be either all private or all public | |
(Required) An object's dynamic type shall not be used from within its constructor or destructor | |
(Required) An object's dynamic type shall not be used from within its constructor or destructor | |
(Required) Conversion operators and constructors that are callable with a single argument shall be explicit | |
(Required) The logical AND and logical OR operators shall not be overloaded | |
(Required) The address-of operator shall not be overloaded | |
(Required) An exception object shall not have pointer type | |
(Required) An empty throw shall only occur within the compound-statement of a catch handler | |
(Advisory) There should be at least one exception handler to catch all otherwise unhandled exceptions | |
(Required) An exception of class type shall be caught by const reference or reference | |
(Required) Handlers for a function-try-block of a constructor or destructor shall not refer to non-static members from their class or its bases | |
(Required) Function-like macros shall not be defined | |
(Advisory) #include directives should only be preceded by preprocessor directives or comments | |
(Required) Precautions shall be taken in order to prevent the contents of a header file being included more than once | |
(Required) The ' or" or \\ characters and the /* or // character sequences shall not occur in a header file name | |
(Advisory) The # and ## preprocessor operators should not be used | |
(Required) Parentheses shall be used to ensure macro arguments are expanded appropriately | |
(Required) Tokens that look like a preprocessing directive shall not occur within a macro argument | |
(Required) Tokens that look like a preprocessing directive shall not occur within a macro argument | |
(Required) The library functions atof, atoi, atol and atoll from <cstdlib> shall not be used | |
(Required) The macro offsetof shall not be used | |
(Advisory) Dynamic memory should not be used | |
(Required) The facilities provided by the standard header file <csignal> shall not be used | |
(Required) The C Library input/output functions shall not be used |