CERT-C++:2016 Standards Model Summary for C++

Similar documents
CERT C Rules implemented in the LDRA tool suite

MISRA-C:2012 Standards Model Summary for C / C++

Synopsys Static Analysis Support for SEI CERT C Coding Standard

Axivion Bauhaus Suite Technical Factsheet MISRA

Motor Industry Software Reliability Association (MISRA) C:2012 Standard Mapping of MISRA C:2012 items to Goanna checks

Axivion Bauhaus Suite Technical Factsheet AUTOSAR

C Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:

Absolute C++ Walter Savitch

Appendix. Grammar. A.1 Introduction. A.2 Keywords. There is no worse danger for a teacher than to teach words instead of things.

CODE TIME TECHNOLOGIES. Abassi RTOS MISRA-C:2004. Compliance Report

Review of the C Programming Language

Review of the C Programming Language for Principles of Operating Systems

Short Notes of CS201

CS201 - Introduction to Programming Glossary By

Problem Solving with C++

Tokens, Expressions and Control Structures

XC Specification. 1 Lexical Conventions. 1.1 Tokens. The specification given in this document describes version 1.0 of XC.

Writing an ANSI C Program Getting Ready to Program A First Program Variables, Expressions, and Assignments Initialization The Use of #define and

Weiss Chapter 1 terminology (parenthesized numbers are page numbers)

MULTI: C and C++ Compiler Error Messages

Static Code Analysis - CERT C Secure Code Checking

Interview Questions of C++

P.G.TRB - COMPUTER SCIENCE. c) data processing language d) none of the above

Model Viva Questions for Programming in C lab

Preface... (vii) CHAPTER 1 INTRODUCTION TO COMPUTERS


C++ Coding Standards. 101 Rules, Guidelines, and Best Practices. Herb Sutter Andrei Alexandrescu. Boston. 'Y.'YAddison-Wesley

Contents. Figures. Tables. Examples. Foreword. Preface. 1 Basics of Java Programming 1. xix. xxi. xxiii. xxvii. xxix

Introduction to Computers and C++ Programming p. 1 Computer Systems p. 2 Hardware p. 2 Software p. 7 High-Level Languages p. 8 Compilers p.

Welcome to Teach Yourself Acknowledgments Fundamental C++ Programming p. 2 An Introduction to C++ p. 4 A Brief History of C++ p.

Basic Types, Variables, Literals, Constants

The Foundation of C++: The C Subset An Overview of C p. 3 The Origins and History of C p. 4 C Is a Middle-Level Language p. 5 C Is a Structured

IAR Embedded Workbench MISRA C:2004. Reference Guide

UNIT- 3 Introduction to C++

IMPORTANT QUESTIONS IN C FOR THE INTERVIEW

CHAPTER 1 Introduction to Computers and Programming CHAPTER 2 Introduction to C++ ( Hexadecimal 0xF4 and Octal literals 031) cout Object

Contents. Preface. Introduction. Introduction to C Programming

The PCAT Programming Language Reference Manual

CS201 Some Important Definitions

Operators and Expressions

Preface to the Second Edition Preface to the First Edition Brief Contents Introduction to C++ p. 1 A Review of Structures p.

Practical C++ Programming

Chapter 2. Procedural Programming

Borland 105, 278, 361, 1135 Bounded array Branch instruction 7 break statement 170 BTree 873 Building a project 117 Built in data types 126

Java Primer 1: Types, Classes and Operators

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

1 Lexical Considerations

JAYARAM COLLEGE OF ENGINEERING AND TECHNOLOGY Pagalavadi, Tiruchirappalli (An approved by AICTE and Affiliated to Anna University)

COMP322 - Introduction to C++ Lecture 02 - Basics of C++

CSCI 171 Chapter Outlines

Lexical Considerations

Introduction to C++ Systems Programming

CS3157: Advanced Programming. Outline

STRUCTURING OF PROGRAM

CodeWarrior Development Studio for Microcontrollers V10.0 MISRA-C:2004 Compliance Exceptions for the HC(S)08, RS08 and ColdFire Libraries Reference

AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS

C Programming SYLLABUS COVERAGE SYLLABUS IN DETAILS

The SPL Programming Language Reference Manual

C-LANGUAGE CURRICULAM

A Taxonomy of Expression Value Categories

LESSON 1. A C program is constructed as a sequence of characters. Among the characters that can be used in a program are:


Page 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics

Index COPYRIGHTED MATERIAL

OBJECT ORIENTED PROGRAMMING USING C++ CSCI Object Oriented Analysis and Design By Manali Torpe

Quiz Start Time: 09:34 PM Time Left 82 sec(s)

CS201 Latest Solved MCQs

A Fast Review of C Essentials Part I

ARM. Compiler toolchain v4.1 for. Errors and Warnings Reference. Copyright 2011 ARM. All rights reserved. ARM DUI 0591A (ID061811)

Instantiation of Template class

I BSc(IT) [ Batch] Semester II Core: Object Oriented Programming With C plus plus - 212A Multiple Choice Questions.

Index. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309

UNIT 3

Table of Contents Preface Bare Necessities... 17

Jayaram college of Engineering and Technology, Pagalavadi. CS2203 Object Oriented Programming Question Bank Prepared By: S.Gopalakrishnan, Lecturer/IT

Lexical Considerations

MISRA-C. Subset of the C language for critical systems

Chapter 15 - C++ As A "Better C"

Fundamental of Programming (C)

Programming in C++ 5. Integral data types

C Legacy Code Topics. Objectives. In this appendix you ll:

dewhurst_index.qxd 10/16/02 1:54 PM Page 309 Index

Programming in C and C++

Introduction to C++ Professor Hugh C. Lauer CS-2303, System Programming Concepts

APPENDIX A : Example Standard <--Prev page Next page -->

Decaf Language Reference Manual

3.Constructors and Destructors. Develop cpp program to implement constructor and destructor.

CprE 288 Introduction to Embedded Systems Exam 1 Review. 1

Important From Last Time

2 ADT Programming User-defined abstract data types

Programming vulnerabilities for C++ (part of WG23 N0746)

STUDY NOTES UNIT 1 - INTRODUCTION TO OBJECT ORIENTED PROGRAMMING

Rvalue References as Funny Lvalues

Input And Output of C++

Programming Languages Third Edition. Chapter 9 Control I Expressions and Statements

\n is used in a string to indicate the newline character. An expression produces data. The simplest expression

IBM i Version 7.2. Programming IBM Rational Development Studio for i ILE C/C++ Language Reference IBM SC

edunepal_info

September 10,

Fundamentals of Programming

Transcription:

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Summary for C++ The tool suite is developed and certified to BS EN ISO 9001:2000 and SGS-TÜV Saar. This information is applicable to version 9.7.1 of the tool suite. It is correct as of 25th September 2017. Compliance is measured against "CERT C++ Secure Coding - 2016 Edition" 2017 Copyright Carnegie Mellon University Further information is available at http://www.securecoding.cert.org Classification Enhanced Fully Partially Not yet Not statically Enforcement Implemented Implemented Implemented Checkable Total 23 35 48 46 12 164 Recommendation 27 59 46 19 29 180 Total 50 94 94 65 41 344

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description ARR30-C ARR37-C ARR38-C Do not form or use out-of-bounds pointers or array subscripts Do not add or subtract an integer to a pointer to a non-array object Guarantee that library functions do not form invalid pointers ARR39-C Do not add or subtract a scaled integer to a pointer Avoid assuming functions are thread safe unless CON00-CPPRecommendation otherwise specified CON01-CPPRecommendation Do not use volatile as a synchronization primitive Description 45 D Pointer not checked for null before use. 47 S Array bound exceeded. 476 S Array index not unsigned. 489 S Insufficient space for operation. 64 X Array bound exceeded at call. 66 X Insufficient array space at call. 68 X Parameter indexing array too big at call. 69 X Global array bound exceeded at use. 70 X Array has insufficient space. 71 X Insufficient space for copy. 79 X Size mismatch in memcpy/memset. 567 S Pointer arithmetic is not on array. 64 X Array bound exceeded at call. 66 X Insufficient array space at call. 68 X Parameter indexing array too big at call. 69 X Global array bound exceeded at use. 70 X Array has insufficient space. 71 X Insufficient space for copy. 79 X Size mismatch in memcpy/memset. 47 S Array bound exceeded. 489 S Insufficient space for operation. 567 S Pointer arithmetic is not on array. 64 X Array bound exceeded at call. 66 X Insufficient array space at call. 68 X Parameter indexing array too big at call. 69 X Global array bound exceeded at use. 70 X Array has insufficient space. 71 X Insufficient space for copy.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Description CON02-CPPRecommendation Use lock classes for mutex management CON33-C Avoid race conditions when using library functions CON37-C Do not call signal() in a multithreaded program CON40-C Do not refer to an atomic variable twice in an expression CON41-C Wrap functions that can fail spuriously in a loop CON43-C Avoid race conditions with multiple threads CON50-CPP Do not destroy a mutex while it is locked CON51-CPP Ensure actively held locks are released on exceptional conditions CON52-CPP Prevent data races when accessing bit-fields from multiple threads CON53-CPP Avoid deadlock by locking in a predefined order CON54-CPP Wrap functions that can spuriously wake up in a loop CON55-CPP Preserve thread safety and liveness when using condition variables CON56-CPP Do not speculatively lock a non-recursive mutex that is already owned by the calling thread CTR00-CPP Recommendation Understand when to prefer vectors over arrays CTR01-CPPRecommendation CTR02-CPPRecommendation Do not apply the sizeof operator to a pointer when taking the size of an array Explicitly specify array bounds, even if implicitly defined by an initializer Do not confuse the find() method with the find() CTR03-CPPRecommendation algorithm Assume responsibility for cleaning up data CTR04-CPPRecommendation referenced by a container of pointers Use explicit cv- and ref-qualifiers on auto CTR05-CPPRecommendation declarations in range-based for loops 401 S Use of sizeof on an array parameter. 577 S Sizeof argument is a pointer. 127 S Array has no bounds specified. 397 S Array initialisation has insufficient items. 404 S Array initialisation has too many items. 45 D Pointer not checked for null before use.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description CTR50-CPP CTR51-CPP Use valid references, pointers, and iterators to reference elements of a container CTR52-CPP Guarantee that library functions do not form invalid iterators CTR53-CPP Use valid iterator ranges CTR54-CPP Guarantee that container indices and iterators are within the valid range Do not subtract iterators that do not refer to the same container CTR55-CPP Do not use an additive operator on an iterator if the result would overflow CTR56-CPP Do not use pointer arithmetic on polymorphic objects CTR57-CPP Provide a valid ordering predicate CTR58-CPP Predicate function objects should not be mutable DCL00-CPP Recommendation const-qualify immutable objects DCL01-CPP Recommendation Do not reuse variable names in subscopes DCL02-CPP Recommendation Use visually distinct identifiers Description 47 S Array bound exceeded. 476 S Array index not unsigned. 489 S Insufficient space for operation. 64 X Array bound exceeded at call. 66 X Insufficient array space at call. 68 X Parameter indexing array too big at call. 69 X Global array bound exceeded at use. 70 X Array has insufficient space. 71 X Insufficient space for copy. 79 X Size mismatch in memcpy/memset. 70 S Logical comparison of pointers. 87 S Use of pointer arithmetic. 437 S < > <= >= used on different object pointers. 438 S Pointer subtraction not addressing one array. 567 S Pointer arithmetic is not on array. 567 S Pointer arithmetic is not on array. 78 D Global variable should be declared const. 93 D Local variable should be declared const. 200 S Define used for numeric constant. 131 S Name reused in inner scope. 358 S Class member name reused. 67 X Identifier is typographically ambiguous.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Use a static assertion to test the value of a DCL03-CPP Recommendation constant expression Do not declare more than one variable per DCL04-CPP Recommendation declaration DCL05-CPP Recommendation Use typedefs to improve code readability DCL06-CPP Recommendation Properly encode relationships in constant DCL08-CPP Recommendation definitions Declare functions that return an errno error code DCL09-CPP Recommendation with a return type of errno_t Do not overload the ampersand, comma, logical DCL10-CPP Recommendation AND or logical OR operators Preserve operator semantics when overloading DCL11-CPP Recommendation operators DCL12-CPP Recommendation Explicitly declare class template specializations DCL13-CPP Recommendation DCL14-CPP Recommendation DCL15-CPP Recommendation Use meaningful symbolic constants to represent literal values in program logic DCL07-CPP Recommendation Minimize the scope of variables and methods Declare function parameters that are pointers to values not changed by the function as const Avoid assumptions about the initialization order between translation units Declare file-scope objects or functions that do not need external linkage in an unnamed namespace DCL16-CPP Recommendation Use "L," not "l," to indicate a long value Description 579 S More than one variable per declaration. 299 S Pointer to function declared without typedef. 381 S Enum, struct or union not typedeffed. 201 S Use of numeric literal in expression. 604 S Use of numeric literal as array bound/subscript. 25 D Scope of variable could be reduced. 40 S Loop index is not declared locally. 505 S Control variable not declared in for loop. 560 S Scope of variable could be reduced. 643 S Function return type is not errno_t. 211 S Overloaded &&, or comma. 508 S Operator & overloaded. 558 S Template may lead to ill-formed program. 118 D Object changed via dereferenced pointer. 120 D Pointer param should be declared pointer to const. 582 S const object reassigned. 37 D Function has persistent local side effects. 27 D Variable should be declared static. 61 D Procedure should be declared static. 553 S Function and proto should both be static. 252 S Lower case suffix to literal number.

Classification Description DCL17-CPP Recommendation Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Declare function parameters that are large data structures and are not changed by the function as const references DCL19-CPP Recommendation Initialize automatic local variables on declaration DCL20-CPP Recommendation Use volatile for data that cannot be cached Overloaded postfix increment and decrement DCL21-CPP operators should return a const object Functions declared with [[noreturn]] must return DCL22-CPP Recommendation void DCL30-C Declare objects with appropriate storage durations Description 64 D Local not initialised at declaration. 319 S Constructor has insufficient initialisers. 42 D Local pointer returned in function result. 77 D Local structure returned in function result. 71 S Pointer assignment to wider scope. 565 S Assignment to wider scope. DCL39-C DCL40-C Avoid information leakage when passing a structure across a trust boundary Do not create incompatible declarations of the 17 D Identifier not unique within *** characters. same function or object 1 X Declaration types do not match across a system. DCL50-CPP Do not define a C-style variadic function 41 S Ellipsis used in procedure parameter list. 86 S Attempt to define reserved word. DCL51-CPP Do not declare or define a reserved identifier DCL52-CPP Never qualify a reference type with const or volatile 218 S Name is used in standard libraries. 219 S User name starts with underscore. 580 S Macro redefinition without using #undef. DCL53-CPP Do not write syntactically ambiguous declarations 296 S Function declared at block scope. DCL54-CPP Overload allocation and deallocation functions as a pair in the same scope DCL55-CPP Avoid information leakage when passing a class object across a trust boundary DCL56-CPP Avoid cycles during initialization of static objects 6 D Recursion in procedure calls found.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ DCL57-CPP Do not let exceptions escape from destructors or deallocation functions DCL58-CPP Do not modify the standard namespaces DCL59-CPP Do not define an unnamed namespace in a header file DCL60-CPP Obey the one-definition rule Beware of multiple environment variables with the ENV00-CPPRecommendation same effective name Sanitize the environment when invoking external ENV01-CPPRecommendation programs Do not call system() if you do not need a command ENV02-CPPRecommendation processor ENV03-C Sanitize the environment when invoking external Recommendation programs ENV30-C Do not modify the object referenced by the return value of certain functions ENV31-C Do not rely on an environment pointer following an operation that may invalidate it Description 453 S Throw found in destructor. 286 S Functions defined in header file. 512 S Use of unnamed namespace. 286 S Functions defined in header file. 287 S Variable definition in header file. 588 S Use of system function. 588 S Use of system function. 588 S Use of system function. 107 D Attempt to change system call capture string. 118 S main must be int (void) or int (int,char*[]). ENV32-C All exit handlers must return normally 7 S Jump out of procedure. 122 S Use of abort, exit, etc. ENV33-C Do not call system() 588 S Use of system function. ENV34-C Do not store pointers returned by certain functions 133 D Adopt and implement a consistent and ERR00-CPPRecommendation comprehensive error-handling policy Use ferror() rather than errno to check for FILE ERR01-CPPRecommendation stream errors ERR02-CPPRecommendation Avoid in-band error indicators Use runtime-constraint handlers when calling ERR03-CPPRecommendation functions defined by TR24731-1 ERR04-CPPRecommendation Choose an appropriate termination strategy Pointer from system function used after subsequent call.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Application-independent code should provide error ERR05-CPPRecommendation detection without dictating error handling Understand the termination behavior of assert() ERR06-CPPRecommendation and abort() ERR07-CPPRecommendation Use exception handling rather than error codes ERR08-CPPRecommendation Prefer special-purpose types for exceptions ERR09-CPPRecommendation Throw anonymous temporaries ERR10-CPPRecommendation Check for error conditions ERR12-CPPRecommendation ERR30-C Do not allow exceptions to transmit sensitive information Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure Description 122 S Use of abort, exit, etc. 454 S Throw type is not a class type. 523 S Exception type is pointer. 454 S Throw type is not a class type. 455 S Catch is not by reference. errno neither set nor checked for errno setting 121 D function. errno not checked after being set for errno setting 122 D fn. 382 S (void) missing for discarded return value. 111 D 121 D 122 D 132 D errno checked without having been set for errno setting fn. errno neither set nor checked for errno setting function. errno not checked after being set for errno setting fn. errno checked after call to non-errno setting function. 134 D errno not checked before subsequent function call. ERR32-C Do not rely on indeterminate values of errno 45 D Pointer not checked for null before use. 80 D Potentially unused function-modified value. ERR33-C Detect and handle standard library errors 124 D Var set by std lib func return not checked before use.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ 130 D Description Global set by std lib func return not checked before use. ERR34-C Detect errors when converting a string to a number ERR50-CPP Do not abruptly terminate the program 122 S Use of abort, exit, etc. ERR51-CPP Handle all exceptions 527 S No master exception handler. ERR52-CPP Do not use setjmp() or longjmp() 43 S Use of setjmp/longjmp. ERR53-CPP Do not reference base classes or class data members in a constructor or destructor function-tryblock handler 549 S Catch in c'tor/d'tor references nonstatic member. ERR54-CPP Catch handlers should order their parameter types 541 S Catch-all is not last catch. from most derived to least derived 556 S Wrong order of catches for derived class. ERR55-CPP ERR56-CPP Honor exception specifications Guarantee exception safety 56 D Throw found with no catch in scope. 56 D Throw found with no catch in scope. 71 D No matching catch for throw in called function. 527 S No master exception handler. ERR57-CPP Do not leak resources when handling exceptions 50 D Memory not freed after last reference. ERR58-CPP Handle all exceptions thrown before main() begins executing ERR59-CPP Do not throw an exception across execution boundaries ERR60-CPP Exception objects must be nothrow copy constructible ERR61-CPP Catch exceptions by lvalue reference 455 S Catch is not by reference. ERR62-CPP Detect errors when converting a string to a number EXP00-CPP Recommendation Use parentheses for precedence of operation EXP01-CPP Recommendation Do not take the size of a pointer to determine the size of the pointed-to type Be aware of the short-circuit behavior of the logical 49 S Logical conjunctions need brackets. 361 S Expression needs brackets. 577 S Sizeof argument is a pointer. 35 D Expression has side effects. 1 Q Call has execution order dependant side effects.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Be aware of the short-circuit behavior of the logical EXP02-CPP Recommendation AND and OR operators Do not assume the size of a class or struct is the EXP03-CPP Recommendation sum of the sizes of its members EXP05-CPP Recommendation Do not use C-style casts Do not diminish the benefits of constants by EXP07-CPP Recommendation assuming their values in expressions EXP08-CPP Recommendation Ensure pointer arithmetic is used correctly Use sizeof to determine the size of a type or EXP09-CPP Recommendation variable Do not apply operators expecting one type to data EXP11-CPP Recommendation of an incompatible type Do not ignore values returned by functions or EXP12-CPP Recommendation methods Prefer dynamic_cast over static_cast over EXP13-CPP Recommendation reinterpret_cast Do not use reinterpret_cast on pointers to class EXP14-CPP Recommendation objects with multiple inheritence Beware of integer promotion when performing EXP15-CPP Recommendation bitwise operations on chars or shorts EXP16-CPP Recommendation Avoid conversions using void pointers Treat relational and equality operators as if they EXP17-CPP Recommendation were nonassociative EXP18-CPP Recommendation Prefer the prefix forms of ++ and -- Do not perform assignments in conditional EXP19-CPP Recommendation expressions Description 133 S Assignment operator in RHS of && or. 406 S Use of ++ or -- on RHS of && or operator. 408 S Volatile variable accessed on RHS of && or. 578 S Sizeof used in arithmetic expression. 638 S Memory allocation non-conformant with type. 306 S Use of C type cast. 201 S Use of numeric literal in expression. 45 D Pointer not checked for null before use. 53 D Attempt to use uninitialised pointer. 54 D Unsafe use of function pointer variable. 87 S Use of pointer arithmetic. 438 S Pointer subtraction not addressing one array. 576 S Function pointer is of wrong type. 201 S Use of numeric literal in expression. 554 S Cast to an unrelated type. 382 S (void) missing for discarded return value. 241 S Use of reinterpret_cast. 241 S Use of reinterpret_cast. 334 S No cast when ~ or << applied to small types (MR). 540 S Cast from pointer to void to pointer. 96 S Use of mixed mode arithmetic. 433 S Type conversion without cast. 30 S Deprecated usage of ++ or -- operators found. 132 S Assignment operator in boolean expression.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ EXP34-C Do not dereference null pointers EXP35-C Do not modify objects with temporary lifetime EXP36-C EXP37-C Description 45 D Pointer not checked for null before use. 123 D File pointer not checked for null before use. 128 D Global pointer not checked within this procedure. Global file pointer not checked within this 129 D procedure. 135 D Pointer assigned to NULL may be dereferenced. Global pointer assigned to NULL may be 136 D dereferenced. Parameter used as denominator not checked 137 D before use. 652 S Object created by malloc used before initialisation. 42 D Local pointer returned in function result. 77 D Local structure returned in function result. 642 S Function return type with array field. 94 S Casting operation on a pointer. 540 S Cast from pointer to void to pointer. 606 S Cast involving function pointer. 41 D Procedure call has no prototype declared. 458 S Implicit conversion: actual to formal param (MR). 576 S Function pointer is of wrong type. 94 S Casting operation on a pointer. 554 S Cast to an unrelated type. EXP39-C Do not access a variable through a pointer of an incompatible type EXP42-C Do not compare padding data 618 S Use of memcmp between structures. EXP45-C Do not perform assignments in selection 114 S Expression is not Boolean. statements 132 S Assignment operator in boolean expression. EXP46-C Do not use a bitwise operator with a Boolean-like operand 136 S Bit operator with boolean operand. EXP47-C Do not call va_arg with an argument of the incorrect type EXP50-CPP Do not cast pointers into more strictly aligned pointer types Call functions with the correct number and type of arguments Do not depend on the order of evaluation for side 35 D Expression has side effects. 67 D Void function has global variable side effects. 72 D Potential side effect problem in expression.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description EXP50-CPP effects EXP51-CPP Do not delete an array through a pointer of the incorrect type EXP52-CPP Do not rely on side effects in unevaluated operands EXP53-CPP Do not read uninitialized memory EXP54-CPP Do not access an object outside of its lifetime EXP55-CPP Do not access a cv-qualified object through a cvunqualified type EXP56-CPP Do not call a function with a mismatched language linkage EXP57-CPP Do not cast or delete pointers to incomplete classes EXP58-CPP Pass an object of the correct type to va_start EXP59-CPP Use offsetof() on valid types and members EXP60-CPP Do not pass a nonstandard-layout type object across execution boundaries EXP61-CPP A lambda object must not outlive any of its reference captured objects Description 1 Q Call has execution order dependant side effects. 9 S Assignment operation in expression. 134 S Volatile variable in complex expression. 54 S Sizeof operator with side effects. 133 S Assignment operator in RHS of && or. 53 D Attempt to use uninitialised pointer. 69 D UR anomaly, variable used before assignment. 631 S Declaration not reachable. 652 S Object created by malloc used before initialisation. 42 D Local pointer returned in function result. 53 D Attempt to use uninitialised pointer. 77 D Local structure returned in function result. 1 J Unreachable Code found. 71 S Pointer assignment to wider scope. 565 S Assignment to wider scope. 203 S Cast on a constant value. 242 S Use of const_cast. 344 S Cast on volatile value. 169 S Use of forward reference of class member. 554 S Cast to an unrelated type.

Classification Description EXP62-CPP Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Do not access the bits of an object representation that are not part of the object's value representation EXP63-CPP Do not rely on the value of a moved-from object FIO00-CPP Recommendation Take care when creating format strings Be careful using functions that use file names for FIO01-CPP Recommendation identification Canonicalize path names originating from FIO02-CPP Recommendation untrusted sources Do not make assumptions about fopen() and file FIO03-CPP Recommendation creation FIO04-CPP Recommendation Detect and handle input and output errors FIO05-CPP Recommendation Identify files using multiple file attributes FIO06-CPP Recommendation Create files with appropriate access permissions FIO07-CPP Recommendation Prefer fseek() to rewind() FIO08-CPP Recommendation Take care when calling remove() on an open file Be careful with binary data when transferring data FIO09-CPP Recommendation across systems FIO10-CPP Recommendation Take care when using the rename() function Take care when specifying the mode parameter of FIO11-CPP Recommendation fopen() FIO12-CPP Recommendation Prefer setvbuf() to setbuf() Never push back anything other than one read FIO13-CPP Recommendation character Understand the difference between text mode and FIO14-CPP Recommendation binary mode with file streams Ensure that file operations are performed in a FIO15-CPP Recommendation secure directory FIO17-CPP Recommendation Prefer streams to C-style input and output Description 618 S Use of memcmp between structures. 486 S Incorrect number of formats in output function. 589 S Format is not appropriate type. 592 S Use of filename based functions. 85 D Filename not verified before fopen. 80 D Potentially unused function-modified value. 382 S (void) missing for discarded return value. 593 S Use fseek() rather than rewind(). 81 D Attempt to remove an open file. 592 S Use of filename based functions. 590 S Mode fault in fopen. 594 S Use setvbuf() rather than setbuf(). 83 D Potentially repeated call to ungetc. 130 S Included file is not permitted.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Description Never expect write() to terminate the writing FIO18-CPP Recommendation process at a null character FIO19-CPP Recommendation Do not create temporary files in shared directories Do not rely on an ending null character when using FIO20-CPP Recommendation read() Do not simultaneously open the same file multiple FIO21-CPP Recommendation times 75 D Attempt to open file pointer more than once. FIO30-C Exclude user input from format strings 86 D User input not checked before use. FIO32-C Do not perform operations on devices that are only appropriate for files FIO34-C Distinguish between characters read from a file and 433 S Type conversion without cast. EOF or WEOF 662 S EOF compared with char. FIO37-C Do not assume that fgets() or fgetws() returns a nonempty string when successful FIO38-C Do not copy a FILE object 591 S Inappropriate use of file pointer. FIO39-C Do not alternately input and output from a stream without an intervening flush or positioning call 84 D No fseek or flush before I/O. FIO40-C Reset strings on fgets() or fgetws() failure 35 D Expression has side effects. FIO41-C Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects 1 Q Call has execution order dependant side effects. 9 S Assignment operation in expression. 30 S Deprecated usage of ++ or -- operators found. 134 S Volatile variable in complex expression. FIO42-C Close files when they are no longer needed 49 D File pointer not closed on exit. FIO44-C Only use values for fsetpos() that are returned from fgetpos() 82 D fsetpos values not generated by fgetpos. FIO45-C Avoid TOCTOU race conditions while accessing files 75 D Attempt to open file pointer more than once. FIO46-C FIO47-C Do not access a closed file Use valid format strings 48 D Attempt to write to unopened file. 486 S Incorrect number of formats in output function. 589 S Format is not appropriate type.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ FIO50-CPP Do not alternately input and output from a file stream without an intervening positioning call FIO51-CPP Close files when they are no longer needed Understand the limitations of floating-point FLP00-CPP Recommendation numbers FLP01-CPP Recommendation Take care in rearranging floating-point expressions FLP02-CPP Recommendation Avoid using floating-point numbers when precise computation is needed FLP03-CPP Recommendation Detect and handle floating point errors FLP04-CPP Recommendation Check floating point inputs for exceptional values Convert integers to floating point for floating point FLP05-CPP Recommendation operations Description 56 S Equality comparison of floating point. 43 D Divide by zero found. 433 S Type conversion without cast. 445 S Narrower float conversion without cast. No cast for widening complex float expression 451 S (MR). 435 S Float/integer conversion without cast. FLP30-C Do not use floating point variables as loop counters 39 S Unsuitable type for loop variable. FLP32-C FLP34-C Prevent or detect domain and range errors in math functions Ensure that floating-point conversions are within range of the new type FLP36-C Preserve precision when converting integral values to floating-point type FLP37-C Do not use object representations to compare floating-point values Understand the data model used by your INT00-CPP Recommendation implementation(s) Use rsize_t or size_t for all integer values INT01-CPP Recommendation representing the size of an object 93 S Value is not of appropriate type. 435 S Float/integer conversion without cast. 445 S Narrower float conversion without cast. 435 S Float/integer conversion without cast. 618 S Use of memcmp between structures. 458 S Implicit conversion: actual to formal param (MR).

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description INT02-CPP Recommendation Understand integer conversion rules INT03-CPP Recommendation Use a secure integer library Enforce limits on integer values originating from INT04-CPP Recommendation untrusted sources Do not use input functions to convert character INT05-CPP Recommendation data if they cannot handle all possible inputs Use strtol() or a related function to convert a string INT06-CPP Recommendation token to an integer INT07-CPP Recommendation INT08-CPP Recommendation Verify that all integer values are in range INT09-CPP Recommendation Use only explicitly signed or unsigned char type for numeric values Ensure enumeration constants map to unique values Description 52 S Unsigned expression negated. 93 S Value is not of appropriate type. 96 S Use of mixed mode arithmetic. 101 S Function return type inconsistent. 107 S Type mismatch in ternary expression. Widening cast on complex integer expression 332 S (MR). 334 S No cast when ~ or << applied to small types (MR). 433 S Type conversion without cast. 434 S Signed/unsigned conversion without cast. 446 S Narrower int conversion without cast. 452 S No cast for widening complex int expression (MR). 457 S Implicit int widening for function return (MR). 458 S Implicit conversion: actual to formal param (MR). 93 S Value is not of appropriate type. 96 S Use of mixed mode arithmetic. 101 S Function return type inconsistent. 329 S Operation not appropriate to plain char. 432 S Inappropriate type - should be plain char. 458 S Implicit conversion: actual to formal param (MR). 488 S Value outside range of underlying type. 493 S Numeric overflow. 494 S Numeric underflow. 85 S Incomplete initialisation of enumerator. 630 S Duplicated enumeration value.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Do not assume a positive remainder when using INT10-CPP Recommendation the % operator Take care when converting from pointer to integer INT11-CPP Recommendation or integer to pointer Do not make assumptions about the type of a plain INT12-CPP Recommendation int bit-field when used in an expression INT13-CPP Recommendation Use bitwise operators only on unsigned operands Avoid performing bitwise and arithmetic operations INT14-CPP Recommendation on the same data Use intmax_t or uintmax_t for formatted IO on INT15-CPP Recommendation programmer-defined integer types Do not make assumptions about representation of INT16-CPP Recommendation signed integers Define integer constants in an implementationindependent manner INT17-CPP Recommendation Evaluate integer expressions in a larger size before INT18-CPP Recommendation comparing or assigning to that size Ensure that unsigned integer operations do not INT30-C wrap INT31-C INT32-C INT33-C Ensure that integer conversions do not result in lost or misinterpreted data Ensure that operations on signed integers do not result in overflow Ensure that division and remainder operations do not result in divide-by-zero errors Description 584 S Remainder of % op could be negative. 439 S Cast from pointer to integral type. 440 S Cast from integral type to pointer. 520 S Bit field is not bool or explicit integral. 50 S Use of shift operator on signed type. 120 S Use of bit operator on signed type. 136 S Bit operator with boolean operand. 331 S Literal value requires a U suffix. 50 S Use of shift operator on signed type. 120 S Use of bit operator on signed type. 452 S No cast for widening complex int expression (MR). 493 S Numeric overflow. 494 S Numeric underflow. 93 S Value is not of appropriate type. 433 S Type conversion without cast. 434 S Signed/unsigned conversion without cast. 493 S Numeric overflow. 494 S Numeric underflow. 43 D Divide by zero found. Local or member denominator not checked before 127 D use. Global denominator not checked within this 131 D procedure.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Do not shift an expression by a negative number of INT34-C bits or by greater than or equal to the number of bits that exist in the operand INT35-C Use correct integer precisions INT36-C Converting a pointer to integer or integer to pointer INT50-CPP Do not cast to an out-of-range enumeration value Overloaded new operators should check that their MEM00-CPPRecommendation size argument matches the size of their class Store a valid value in pointers immediately after MEM01-CPPRecommendation deallocation Immediately cast the result of a memory allocation MEM02-CPPRecommendation function call into a pointer to the allocated type Clear sensitive information stored in returned MEM03-CPPRecommendation reusable resources MEM04-CPPRecommendation Do not perform zero-length allocations MEM05-CPPRecommendation Avoid large stack allocations MEM06-CPPRecommendation Ensure that sensitive data is not written out to disk Ensure that the arguments to calloc(), when MEM07-CPPRecommendation multiplied, can be represented as a size_t Use new and delete rather than raw memory MEM08-CPPRecommendation allocation and deallocation Do not assume memory allocation routines initialize MEM09-CPPRecommendation memory Description 248 S Divide by zero in preprocessor directive. 629 S Divide by zero found. 80 X Divide by zero found. 51 S Shifting value too far. 403 S Negative (or potentially negative) shift. 479 S Right shift loses all bits. 439 S Cast from pointer to integral type. 440 S Cast from integral type to pointer. 112 D Free called twice on same variable. 484 S Attempt to use already freed object. 5 C Procedure contains infinite loop. 6 D Recursion in procedure calls found. 28 D Potentially infinite loop found. 26 S Loop control expression may not terminate loop. 140 S Infeasible loop condition found. 1 U Inter-file recursion found. 652 S Object created by malloc used before initialisation.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description MEM10-CPPRecommendation Define and use a pointer validation function Allocate and free memory in the same module, at MEM11-CPPRecommendation the same level of abstraction MEM12-CPPRecommendation Do not assume infinite heap space MEM13-CPPRecommendation Use smart pointers instead of raw pointers for resource management MEM30-C Do not access freed memory MEM31-C Free dynamically allocated memory when no longer needed MEM34-C Only free memory allocated dynamically MEM35-C Allocate sufficient memory for an object MEM36-C Do not modify the alignment of objects by calling realloc() MEM50-CPP Do not access freed memory Description 159 S Comparing pointer with zero or NULL. 50 D Memory not freed after last reference. 5 C Procedure contains infinite loop. 6 D Recursion in procedure calls found. 28 D Potentially infinite loop found. 26 S Loop control expression may not terminate loop. 140 S Infeasible loop condition found. 1 U Inter-file recursion found. 51 D Attempt to read from freed memory. 112 D Free called twice on same variable. 484 S Attempt to use already freed object. 50 D Memory not freed after last reference. 125 D free called on variable with no allocated space. 407 S free used on string. 483 S Freed parameter is not heap item. 644 S realloc ptr does not originate from allocation function. 645 S realloc ptr type does not match target type. 115 D Copy length parameter not checked before use. 400 S Use of sizeof on a type. 487 S Insufficient space allocated. 644 S realloc ptr does not originate from allocation function. 483 S Freed parameter is not heap item. 484 S Attempt to use already freed object. 64 D Local not initialised at declaration. 112 D Free called twice on same variable. 232 S No destructor defined for class.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Description 236 S New used in class without assignment op. MEM51-CPP 239 S New used in class without copy constructor. Properly deallocate dynamically allocated 407 S free used on string. resources 469 S No copy constructor for complex destructor. 470 S No assignment operator for complex destrtor. 483 S Freed parameter is not heap item. 484 S Attempt to use already freed object. 485 S Array deletion without []. MEM52-CPP Detect and handle memory allocation errors 45 D Pointer not checked for null before use. MEM53-CPP Explicitly construct and destruct objects when manually managing object lifetime MEM54-CPP Provide placement new with properly aligned pointers to sufficient storage capacity 597 S Use of placement new. MEM55-CPP Honor replacement dynamic storage management requirements MEM56-CPP Do not store an already-owned pointer value in an unrelated smart pointer MEM57-CPP Avoid using default operator new for over-aligned types MSC00-CPPRecommendation Compile cleanly at high warning levels MSC01-CPPRecommendation Strive for logical completeness 48 S No default case in switch statement. 59 S Else alternative missing in if. MSC02-CPPRecommendation Avoid errors of omission 99 S Function use is not a call. 132 S Assignment operator in boolean expression. 5 S Empty then clause. MSC03-CPPRecommendation Avoid errors of addition 57 S Statement with no side effect. 58 S Null statement found. 59 S Else alternative missing in if. 119 S Nested comment found. Use comments consistently and in a readable MSC04-CPPRecommendation 302 S Comment possibly contains code. fashion 611 S Line splice used in // comment. 96 S Use of mixed mode arithmetic.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description MSC05-CPPRecommendation Do not manipulate time_t typed values directly MSC06-CPPRecommendation Be aware of compiler optimization when dealing with sensitive data MSC07-CPPRecommendation Detect and remove dead code MSC08-CPPRecommendation Functions should validate their parameters MSC09-CPPRecommendation Character encoding: Use subset of ASCII for safety MSC10-CPPRecommendation Character encoding: UTF8-relateds MSC11-CPPRecommendation Incorporate diagnostic tests using assertions MSC12-CPPRecommendation Detect and remove code that has no effect Description 101 S Function return type inconsistent. 107 S Type mismatch in ternary expression. 433 S Type conversion without cast. 458 S Implicit conversion: actual to formal param (MR). 8 D DD data flow anomalies found. 65 D Void function has no side effects. Procedure is not called or referenced in code 76 D analysed. DU anomaly dead code, var value is unused on all 105 D paths. 1 J Unreachable Code found. 3 J All internal linkage calls unreachable. Static procedure is not explicitly called in code 35 S analysed. 57 S Statement with no side effect. 8 D DD data flow anomalies found. 65 D Void function has no side effects. DU anomaly dead code, var value is unused on all 105 D paths. 1 J Unreachable Code found. 57 S Statement with no side effect. 139 S Construct leads to infeasible code. 140 S Infeasible loop condition found. 85 D Filename not verified before fopen. 86 D User input not checked before use. 86 D User input not checked before use. 113 S Non standard character in source. 176 S Non standard escape sequence in source. 65 D Void function has no side effects. DU anomaly dead code, var value is unused on all 105 D paths.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description MSC13-CPPRecommendation Detect and remove unused values MSC14-CPPRecommendation Do not introduce unnecessary platform dependencies MSC15-CPPRecommendation Do not depend on undefined behavior Description 57 S Statement with no side effect. 1 D Unused procedure parameter. 8 D DD data flow anomalies found. 15 D Unused procedural parameter. 91 D Function return value potentially unused. 94 D Named variable declared but not used in code. DU anomaly dead code, var value is unused on all 105 D paths. 17 D Identifier not unique within *** characters. 42 S Use of bit field in structure declaration. 69 S #pragma used. 48 D Attempt to write to unopened file. 63 D No definition in system for prototyped procedure. 84 D No fseek or flush before I/O. 113 D File closed more than once. 5 Q File does not end with new line. 64 S Void procedure used in expression. 65 S Void variable passed as parameter. 100 S #include filename is non conformant. 109 S Array subscript is not integral. 156 S Use of 'defined' keyword in macro body. 296 S Function declared at block scope. 324 S Macro call has wrong number of parameters. 335 S Operator defined contains illegal items. 336 S #if expansion contains define operator. 339 S #include directive with illegal items. 412 S Undefined behaviour, \ before E-O-F. 427 S Filename in #include not in < > or " ". 465 S Struct/union not completely specified. 482 S Incomplete structure referenced. 497 S Type is incomplete in translation unit. 545 S Assignment of overlapping storage.

Classification Description Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ MSC16-CPPRecommendation Consider encrypting function pointers MSC17-CPPRecommendation Do not use deprecated or obsolescent functionality Description 587 S Const local variable not immediately initialised. 608 S Use of explicitly undefined language feature. Function prototype/defn return type mismatch 62 X (MR). Function prototype/defn param type mismatch 63 X (MR). Finish every set of statements associated with a MSC18-CPPRecommendation case label with a break statement 62 S Switch case not terminated with break. MSC19-CPPRecommendation Do not define static private members 38 S Use of static class member. Do not use a switch statement to transfer control MSC20-CPPRecommendation into a complex block 245 S Case statement in nested block. Use inequality to terminate a loop whose counter MSC21-CPPRecommendation changes by more than one 510 S Loop counter increment and operator defect. MSC30-C Do not use the rand() function for generating pseudorandom numbers MSC32-C Properly seed pseudorandom number generators MSC33-C Do not pass invalid data to the asctime() function MSC37-C MSC38-C MSC39-C Do not treat a predefined identifier as an object if it might only be implemented as a macro Do not call va_arg() on a va_list that has an indeterminate value MSC40-C Do not violate constraints Ensure that control never reaches the end of a nonvoid function 2 D Function does not return a value on all paths. 36 S Function has no return statement. 66 S Function with empty return expression. 145 S #if has invalid expression. 323 S Switch has more than one default case. 345 S Bit operator with floating point operand. 387 S Enum init not integer-constant-expression. 404 S Array initialisation has too many items.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description MSC40-C Do not violate constraints MSC50-CPP Do not use std::rand() for generating pseudorandom numbers MSC51-CPP Ensure your random number generator is properly seeded MSC52-CPP Value-returning functions must return a value from all exit paths MSC53-CPP Do not return from a function declared [[noreturn]] MSC54-CPP A signal handler must be a plain old function OOP00-CPPRecommendation Declare data members private Be careful with the definition of conversion OOP01-CPPRecommendation operators OOP02-CPPRecommendation Do not hide inherited non-virtual member functions OOP03-CPPRecommendation Prefer not to overload virtual functions Prefer not to give virtual functions default argument OOP04-CPPRecommendation initializers OOP05-CPPRecommendation Avoid deleting this Create a private copy constructor and assignment OOP06-CPPRecommendation operator for non copyable objects Do not inherit from multiple classes that have OOP07-CPPRecommendation distinct objects with the same name OOP08-CPPRecommendation Do not return references to private data Ensure that single-argument constructors are OOP09-CPPRecommendation marked "explicit" Do not assume that copy constructor invocations OOP10-CPPRecommendation will not be elided Description 481 S Array with no bounds in struct. 580 S Macro redefinition without using #undef. 612 S inline function should be declared static. 615 S Conditional operator has incompatible types. 646 S Struct initialisation has too many items. 2 D Function does not return a value on all paths. 36 S Function has no return statement. 202 S Class data is not explicitly private. 394 S Conversion function found. 262 S Non virtual function redefined. 601 S Insufficient overridden members. 359 S Default parameter use. 233 S No copy constructor for class with pointers. 234 S No assignment operator for class with pointers. 555 S Base class member name not unique. 392 S Class data accessible thru non const member. 671 S Class data accessible thru non const handle. 393 S Single parameter constructor not 'explicit'. 529 S Static member initialised/assigned in constructor.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Do not copy-initialize members or base classes OOP11-CPPRecommendation from a move constructor OOP50-CPP Do not invoke virtual functions from constructors or destructors OOP51-CPP Do not slice derived objects OOP52-CPP Do not delete a polymorphic object without a virtual destructor OOP53-CPP Write constructor member initializers in the canonical order OOP54-CPP Gracefully handle self-copy assignment OOP55-CPP Do not use pointer-to-member operators to access nonexistent members OOP56-CPP Honor replacement handler requirements OOP57-CPP Prefer special member functions and overloaded operators to C Library functions OOP58-CPP Copy operations must not mutate the source object PRE00-CPP Recommendation Avoid defining macros Use parentheses within macros around parameter PRE01-CPPRecommendation names PRE02-CPP Recommendation Macro replacement lists should be parenthesized PRE03-CPP Recommendation Prefer typedefs to defines for encoding types PRE04-CPP Recommendation Do not reuse a standard header file name PRE05-CPPRecommendation Understand macro replacement when concatenating tokens or performing stringification PRE06-CPP Recommendation Enclose header files in an inclusion guard PRE07-CPP Recommendation Avoid using repeated question marks PRE08-CPP Recommendation Guarantee that header file names are unique Do not replace secure functions with less secure PRE09-CPPRecommendation functions Description 92 D C'tor/d'tor calls virtual function. 467 S Virtual member called in ctor/dtor. 303 S Virtual class members need virtual destructor. 206 S Class initialiser out of order. 79 S Macro contains unacceptable items. 340 S Use of function like macro. 78 S Macro parameter not in brackets. 77 S Macro replacement list needs parentheses. 79 S Macro contains unacceptable items. 568 S #include "filename" uses standard library name. 76 S More than one of # or ## in a macro. 125 S Use of ## or # in a macro. 637 S # operand followed by ##. 243 S Included file not protected with #define. 81 S Use of trigraph.

PRE30-C Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description Description 35 D Expression has side effects. 72 D Potential side effect problem in expression. PRE10-CPP Recommendation Do not define unsafe macros 1 Q Call has execution order dependant side effects. 134 S Volatile variable in complex expression. 562 S Use of ++,-- or = in macro parameters. 58 S Null statement found. PRE11-CPP Recommendation Do not conclude macro definitions with a semicolon 79 S Macro contains unacceptable items. Do not create a universal character name through concatenation PRE31-C Avoid side effects in arguments to unsafe macros 573 S Macro concatenation of uni char names. 35 D Expression has side effects. 1 Q Call has execution order dependant side effects. 9 S Assignment operation in expression. 562 S Use of ++,-- or = in macro parameters. 572 S Side effect in assert. PRE32-C Do not use preprocessor directives in invocations of function-like macros 341 S Preprocessor construct as macro parameter. Mask signals handled by noninterruptible signal SIG00-CPP Recommendation handlers 87 D Illegal shared object in signal handler. Understand implementation-specific details SIG01-CPP Recommendation regarding signal handler persistence 97 D Signal called from within signal handler. Avoid using signals to implement normal SIG02-CPP Recommendation functionality SIG31-C Do not access shared objects in signal handlers 87 D Illegal shared object in signal handler. SIG34-C Do not call signal() from within interruptible signal handlers 97 D Signal called from within signal handler. SIG35-C Do not return from a computational exception signal handler STR00-CPP Recommendation Represent characters using an appropriate type STR01-CPP Recommendation Adopt and implement a consistent plan for managing strings 329 S Operation not appropriate to plain char. 432 S Inappropriate type - should be plain char. 108 D Tainted argument to unprototyped func ptr.

Version 9.7.1 Copyright 2017 Ltd. CERT-C++:2016 s Model Compliance for C++ Classification Description STR02-CPP Recommendation Sanitize data passed to complex subsystems STR03-CPP Recommendation STR04-CPP Recommendation Use pointers to const when referring to string STR05-CPP Recommendation literals Do not assume that strtok() leaves the parse string STR06-CPP Recommendation unchanged Don't assume numeric values for expressions with STR07-CPP Recommendation type plain character Do not specify the bound of a character array STR08-CPP initialized with a string literal STR31-C STR32-C STR34-C STR37-C STR38-C Do not inadvertently truncate a null-terminated character array Use plain char for characters in the basic character set STR30-C Do not attempt to modify string literals Guarantee that storage for strings has sufficient space for character data and the null terminator Do not pass a non-null-terminated character sequence to a library function that expects a string Cast characters to unsigned char before converting to larger integer sizes Arguments to character-handling functions must be representable as an unsigned char Do not confuse narrow and wide character strings and functions Description 109 D Tainted argument to formatted i/o function. 588 S Use of system function. 115 S String incorrectly terminated. 93 S Value is not of appropriate type. 101 S Function return type inconsistent. 329 S Operation not appropriate to plain char. 432 S Inappropriate type - should be plain char. 458 S Implicit conversion: actual to formal param (MR). 623 S String assigned to non const object. 602 S strtok may change the parse string. 329 S Operation not appropriate to plain char. 404 S Array initialisation has too many items. 157 S Modification of string literal. 623 S String assigned to non const object. 109 D Tainted argument to formatted i/o function. 489 S Insufficient space for operation. 66 X Insufficient array space at call. 70 X Array has insufficient space. 71 X Insufficient space for copy. 404 S Array initialisation has too many items. 600 S Argument of strlen is unterminated. 433 S Type conversion without cast. 663 S Invalid value may be passed to function in <ctype.h>.