# Polyspace Results in Polyspace Bug Finder - By Category

## Review Analysis Results

### Polyspace Bug Finder Results

#### Defects

##### Numerical Defects
 ```Absorption of float operand``` One addition or subtraction operand is absorbed by the other operand ```Bitwise operation on negative value``` Undefined behavior for bitwise operations on negative values ```Float conversion overflow``` Overflow when converting between floating point data types ```Float division by zero``` Dividing floating point number by zero ```Float overflow``` Overflow from operation between floating points `Integer constant overflow` Constant value falls outside range of integer data type ```Integer conversion overflow``` Overflow when converting between integer types ```Integer division by zero``` Dividing integer number by zero ```Integer overflow``` Overflow from operation between integers ```Integer precision exceeded``` Operation using integer size instead of precision can cause undefined behavior ```Invalid use of standard library floating point routine``` Wrong arguments to standard library function ```Invalid use of standard library integer routine``` Wrong arguments to standard library function ```Possible invalid operation on boolean operand``` Operation can exceed precision of Boolean operand or result in arbitrary value `Precision loss from integer to float conversion` Least significant bits of integer lost during conversion to floating-point type ```Shift of a negative value``` Shift operator on negative value ```Shift operation overflow``` Overflow from shifting operation ```Sign change integer conversion overflow``` Overflow when converting between signed and unsigned integers `Unsigned integer constant overflow` Constant value falls outside range of unsigned integer data type ```Unsigned integer conversion overflow``` Overflow when converting between unsigned integer types ```Unsigned integer overflow``` Overflow from operation between unsigned integers ```Use of plain char type for numerical value``` Plain char variable in arithmetic operation without explicit signedness
##### Static Memory Defects
 ```Arithmetic operation with NULL pointer``` Arithmetic operation performed on NULL pointer ```Array access out of bounds``` Array index outside bounds during array access ```Buffer overflow from incorrect string format specifier``` String format specifier causes buffer argument of standard library functions to overflow ```Destination buffer overflow in string manipulation``` Function writes to buffer at offset greater than buffer size ```Destination buffer underflow in string manipulation``` Function writes to buffer at a negative offset from beginning of buffer ```Invalid use of standard library memory routine``` Standard library memory function called with invalid arguments ```Invalid use of standard library string routine``` Standard library string function called with invalid arguments `Null pointer` NULL pointer dereferenced ```Pointer access out of bounds``` Pointer dereferenced outside its bounds ```Pointer or reference to stack variable leaving scope``` Pointer to local variable leaves the variable scope ```Subtraction or comparison between pointers to different arrays``` Subtraction or comparison between pointers causes undefined behavior ```Unreliable cast of function pointer``` Function pointer cast to another function pointer with different argument or return type ```Unreliable cast of pointer``` Pointer implicitly cast to different data type ```Use of automatic variable as putenv-family function argument``` putenv-family function argument not accessible outside its scope ```Use of path manipulation function without maximum sized buffer checking``` Destination buffer of getwd or realpath is smaller than PATH_MAX bytes ```Wrong allocated object size for cast``` Allocated memory does not match destination pointer
##### Dynamic Memory Defects
 `Alignment changed after memory reallocation` Memory reallocation changes the originally stricter alignment of an object ```Deallocation of previously deallocated pointer``` Memory freed more than once without allocation ```Invalid free of pointer``` Pointer deallocation without a corresponding dynamic allocation ```Invalid deletion of pointer``` Pointer deallocation using delete without corresponding allocation using new `Memory leak` Memory allocated dynamically not freed `Mismatched alloc/dealloc functions on Windows` Improper deallocation function causes memory corruption issues ```Unprotected dynamic memory allocation``` Pointer returned from dynamic allocation not checked for NULL value ```Use of previously freed pointer``` Memory accessed after deallocation
##### Programming Defects
 ```Abnormal termination of exit handler``` Exit handler function interrupts the normal execution of a program `Accessing object with temporary lifetime` Read or write operations on the object are undefined behavior ```Alternating input and output from a stream without flush or positioning call``` Undefined behavior for input or output stream operations `Assertion` Failed assertion statement ```Bad file access mode or status``` Access mode argument of function in fopen or open group is invalid `Call through non-prototyped function pointer` Function pointer declared without its type or number of parameters causes unexpected behavior ```Call to memset with unintended value``` memset or wmemset used with possibly incorrect arguments ```Character value absorbed into EOF``` Data type conversion makes a valid character value same as End-of-File (EOF) ```Copy of overlapping memory``` Source and destination arguments of a copy function have overlapping memory ```Declaration mismatch``` Mismatch between function or variable declarations ```Environment pointer invalidated by previous operation``` Call to setenv or putenv family function modifies environment pointed to by pointer ```Errno not reset``` errno not reset before calling a function that sets errno ```Exception caught by value``` catch statement accepts an object by value ```Exception handler hidden by previous handler``` catch statement is not reached because of an earlier catch statement for the same exception ```Floating point comparison with equality operators``` Imprecise comparison of floating-point variables ```Format string specifiers and arguments mismatch``` String specifiers do not match corresponding arguments ```Function called from signal handler not asynchronous-safe``` Call to interrupted function causes undefined program behavior ```Function called from signal handler not asynchronous-safe (strict)``` Call to interrupted function causes undefined program behavior ```Improper array initialization``` Incorrect array initialization when using initializers `Incorrect data type passed to va_arg` Data type of variadic function argument does not match type in va_arg call ```Incorrect pointer scaling``` Implicit scaling in pointer arithmetic might be ignored `Incorrect use of offsetof in C++` Incorrect arguments to offsetof macro causes undefined behavior `Incorrect use of va_start` va_start is called in a non-variadic function or called with a second argument that is not the rightmost parameter of a variadic function `Incorrect type data passed to va_start` Data type of second argument to va_start macro leads to undefined behavior `Inline constraint not respected` Modifiable static variable is modified in nonstatic inline function ```Invalid assumptions about memory organization``` Address is computed by adding or subtracting from address of a variable `Invalid file position` fsetpos() is invoked with a file position argument not obtained from fgetpos() ```Invalid use of = (assignment) operator``` Assignment in conditional statement ```Invalid use of == (equality) operator``` Equality operation in assignment statement ```Invalid use of standard library routine``` Wrong arguments to standard library function ```Invalid va_list argument``` Variable argument list used after invalidation with va_end or not initialized with va_start or va_copy ```Memory comparison of padding data``` memcmp compares data stored in structure padding `Memory comparison of float-point values` Object representation of floating-point values can be different (same) for equal (not equal) floating-point values ```Memory comparison of strings``` memcmp compares data stored in strings after the null terminator `Missing byte reordering when transferring data` Different endianness of host and network ```Missing null in string array``` String does not terminate with null character `Misuse of a FILE object` Use of copy of FILE object ```Misuse of errno``` errno incorrectly checked for error conditions ```Misuse of narrow or wide character string``` Narrow (wide) character string passed to wide (narrow) string function `Misuse of errno in a signal handler` You read errno after calling an errno-setting function in a signal handler `Misuse of structure with flexible array member` Memory allocation ignores flexible array member ```Misuse of sign-extended character value``` Data type conversion with sign extension causes unexpected behavior ```Misuse of return value from nonreentrant standard function``` Pointer to static buffer from previous call is used despite a subsequent call that modifies the buffer ```Modification of internal buffer returned from nonreentrant standard function``` Function attempts to modify internal buffer returned from a nonreentrant standard function ```Overlapping assignment``` Memory overlap between left and right sides of an assignment ```Possible misuse of sizeof``` Use of sizeof operator can cause unintended results ```Possibly unintended evaluation of expression because of operator precedence rules``` Operator precedence rules cause unexpected evaluation order in arithmetic expression `Predefined macro used as object` You use standard library macros such as assert and errno as objects `Preprocessor directive in macro argument` You use a preprocessor directive in the argument to a function-like macro ```Qualifier removed in conversion``` Variable qualifier is lost during conversion ```Return from computational exception signal handler``` Undefined behavior when signal handler returns normally from program error `Side effect in arguments to unsafe macro` Macro contains arguments that can be evaluated multiple times or not evaluated `Side effect of expression ignored` sizeof, _Alignof, or _Generic operates on expression with side effect `Signal call from within signal handler` Nonpersistent signal handler calling signal() in Windows system causes race condition `Shared data access within signal handler` Access or modification of shared data causes inconsistent state ```Standard function call with incorrect arguments``` Argument to a standard function does not meet requirements for use in the function ```Stream argument with possibly unintended side effects``` Stream argument side effects occur more than once `Too many va_arg calls for current argument list` Number of calls to va_arg exceeds number of arguments passed to variadic function ```Typedef mismatch``` Mismatch between typedef statements ```Universal character name from token concatenation``` You create a universal character name by joining tokens with ## operator ```Unsafe conversion between pointer and integer``` Misaligned or invalid results from conversions between pointer and integer types ```Unsafe conversion from string to numerical value``` String to number conversion without validation checks `Use of indeterminate string` Use of buffer from fgets-family function ```Use of memset with size argument zero``` Size argument of function in memset family is zero ```Variable length array with nonpositive size``` Size of variable-length array is zero or negative ```Writing to const qualified object``` Object declared with a const qualifier is modified ```Wrong type used in sizeof``` sizeof argument does not match pointed type
##### Data Flow Defects
 ```Code deactivated by constant false condition``` Code segment deactivated by #if 0 directive or if(0) condition `Dead code` Code does not execute ```Missing return statement``` Function does not return value though return type is not void ```Non-initialized variable``` Variable not initialized before use ```Non-initialized pointer``` Pointer not initialized before dereference ```Partially accessed array``` Array partly read or written before end of scope ```Pointer to non-initialized value converted to const pointer``` Pointer to constant assigned address that does not contain a value ```Static uncalled function``` Function with static scope not called in file `Unreachable code` Code not executed because of preceding control-flow statements `Useless if` Unnecessary if conditional ```Variable shadowing``` Variable hides another variable of same name with nested scope ```Write without a further read``` Variable never read after assignment
##### Security Defects
 ```File access between time of check and use (TOCTOU)``` File or folder might change state due to access race `File descriptor exposure to child process` Copied file descriptor used in multiple processes ```File manipulation after chroot without chdir``` Path-related vulnerabilities for file manipulated after call to chroot ```Inappropriate I/O operation on device files``` Operation can result in security vulnerabilities or a system failure `Unsafe call to a system function` Unsanitized command argument has exploitable vulnerabilities ```Use of non-secure temporary file``` Temporary generated file name not secure ```Vulnerable path manipulation``` Path argument with /../, /abs/path/, or other unsecure elements ```Bad order of dropping privileges``` Dropped higher elevated privileges before dropping lower elevated privileges ```Privilege drop not verified``` Attacker can gain unintended elevated access to program ```Umask used with chmod-style arguments``` Argument to umask allows external user too much control ```Vulnerable permission assignments``` Argument gives read/write/search permissions to external users ```Unsafe standard encryption function``` Function is not reentrant or uses a risky encryption algorithm ```Unsafe standard function``` Function unsafe for security-related purposes ```Use of dangerous standard function``` Dangerous functions cause possible buffer overflow in destination buffer ```Use of obsolete standard function``` Obsolete routines can cause security vulnerabilities and portability issues ```Deterministic random output from constant seed``` Seeding routine uses a constant seed making the output deterministic ```Predictable random output from predictable seed``` Seeding routine uses a predictable seed making the output predictable ```Vulnerable pseudo-random number generator``` Using a cryptographically weak pseudo-random number generator ```Errno not checked``` errno is not checked for error conditions following function call ```Execution of a binary from a relative path can be controlled by an external actor``` Command with relative path is vulnerable to malicious attack ```Function pointer assigned with absolute address``` Constant expression is used as function address is vulnerable to code injection ```Incorrect order of network connection operations``` Socket is not correctly established due to bad order of connection steps or missing steps `Information leak via structure padding` Padding bytes can contain sensitive information ```Load of library from a relative path can be controlled by an external actor``` Library loaded with relative path is vulnerable to malicious attacks ```Mismatch between data length and size``` Data size argument is not computed from actual data length ```Missing case for switch condition``` switch variable not covered by cases and default case is missing ```Misuse of readlink()``` Third argument of readlink does not leave space for null terminator in buffer ```Returned value of a sensitive function not checked``` Sensitive functions called without checking for unexpected return values and errors ```Sensitive data printed out``` Function prints sensitive data ```Sensitive heap memory not cleared before release``` Sensitive data not cleared or released by memory routine ```Uncleared sensitive data in stack``` Variable in stack is not cleared and contains sensitive data
##### Cryptography Defects
 ```Constant block cipher initialization vector``` Initialization vector is constant instead of randomized ```Predictable block cipher initialization vector``` Initialization vector is generated from a weak random number generator ```Missing block cipher initialization vector``` Context used for encryption or decryption is associated with NULL initialization vector or not associated with an initialization vector ```Constant cipher key``` Encryption or decryption key is constant instead of randomized ```Predictable cipher key``` Encryption or decryption key is generated from a weak random number generator ```Missing cipher key``` Context used for encryption or decryption is associated with NULL key or not associated with a key ```Inconsistent cipher operations``` You perform encryption and decryption steps in succession with the same cipher context without a reinitialization in between ```Missing cipher data to process``` Final encryption or decryption step is performed without previous update steps ```Missing cipher final step``` You do not perform a final step after update steps for encrypting or decrypting data ```Missing cipher algorithm``` An encryption or decryption algorithm is not associated with the cipher context ```Weak cipher algorithm``` Encryption algorithm associated with the cipher context is weak ```Weak cipher mode``` Encryption mode associated with the cipher context is weak ```Context initialized incorrectly for cryptographic operation``` Context used for public key cryptography operation is initialized for a different operation `Incorrect key for cryptographic algorithm` Public key cryptography operation is not supported by the algorithm used in context initialization ```Missing data for encryption, decryption or signing operation``` Data provided for public key cryptography operation is NULL or data length is zero `Missing parameters for key generation` Context used for key generation is associated with NULL parameters `Missing peer key` Context used for shared secret derivation is associated with NULL peer key or not associated with a peer key at all `Missing private key` Context used for cryptography operation is associated with NULL private key or not associated with a private key at all `Missing public key` Context used for cryptography operation is associated with NULL public key or not associated with a public key at all `Nonsecure parameters for key generation` Context used for key generation is associated with weak parameters `Incompatible padding for RSA algorithm operation` Cryptography operation is not supported by the padding type set in context `Missing blinding for RSA algorithm` Context used in decryption or signature verification is not blinded against timing attacks `Missing padding for RSA algorithm` Context used in encryption or signing operation is not associated with any padding `Nonsecure RSA public exponent` Context used in key generation is associated with low exponent value `Weak padding for RSA algorithm` Context used in encryption or signing operation is associated with insecure padding type ```Context initialized incorrectly for digest operation``` Context used for digest operation is initialized for a different digest operation `Nonsecure hash algorithm` Context used for message digest creation is associated with weak algorithm `Nonsecure SSL/TLS protocol` Context used for handling SSL/TLS connections is associated with weak protocol
##### Tainted Data Defects
 ```Array access with tainted index``` Array index from unsecure source possibly outside array bounds ```Command executed from externally controlled path``` Path argument from an unsecure source ```Execution of externally controlled command``` Command argument from an unsecure source vulnerable to operating system command injection ```Host change using externally controlled elements``` Changing host ID from an unsecure source ```Library loaded from externally controlled path``` Using a library argument from an externally controlled path ```Loop bounded with tainted value``` Loop controlled by a value from an unsecure source ```Memory allocation with tainted size``` Size argument to memory function is from an unsecure source ```Pointer dereference with tainted offset``` Offset is from an unsecure source and dereference may be out of bounds ```Tainted division operand``` Operands of division operation (/) come from an unsecure source ```Tainted modulo operand``` Operands of remainder operation (%) come from an unsecure source ```Tainted NULL or non-null-terminated string``` Argument is from an unsecure source and may be NULL or not NULL-terminated ```Tainted sign change conversion``` Value from an unsecure source changes sign ```Tainted size of variable length array``` Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large ```Tainted string format``` Input format argument is from an unsecure source ```Use of externally controlled environment variable``` Value of environment variable from an unsecure source ```Use of tainted pointer``` Pointer from an unsecure source may be NULL or point to unknown memory
##### Concurrency Defects
 ```Atomic load and store sequence not atomic``` Variable accessible between load and store operations ```Atomic variable accessed twice in an expression``` Variable can be modified between accesses `Blocking operation while holding lock` Task performs lengthy operation while holding a lock `Data race` Multiple tasks perform unprotected nonatomic operations on shared variable ```Data race including atomic operations``` Multiple tasks perform unprotected operations on shared variable ```Data race through standard library function call``` Multiple tasks make unprotected calls to thread-unsafe standard library function `Deadlock` Call sequence to lock functions cause two tasks to block each other ```Destruction of locked mutex``` Task tries to destroy a mutex in the locked state `Double lock` Lock function is called twice in a task without an intermediate call to unlock function `Double unlock` Unlock function is called twice in a task without an intermediate call to lock function ```Function that can spuriously fail not wrapped in loop``` Loop checks failure condition after possible spurious failure ```Function that can spuriously wake up not wrapped in loop``` Loop checks wake-up condition after possible spurious wake-up `Missing lock` Unlock function without lock function `Missing unlock` Lock function without unlock function `Signal call in multithreaded program` Program with multiple threads uses signal function `Thread-specific memory leak` Dynamically allocated thread-specific memory not freed before end of thread `Use of signal killing thread` Uncaught signal kills entire process instead of specific thread
##### Object Oriented Defects
 ```*this not returned in copy assignment operator``` operator= method does not return a pointer to the current object ```Base class assignment operator not called``` Copy assignment operator does not call copy assignment operators of base subobjects ```Base class destructor not virtual``` Class cannot behave polymorphically for deletion of derived class objects `Conversion or deletion of incomplete class pointer` You delete or cast to a pointer to an incomplete class ```Copy constructor or assignment operator modifying source operand``` Copy operation modifies data member of source object ```Copy constructor not called in initialization list``` Copy constructor does not call copy constructors of some members or base classes ```Incompatible types prevent overriding``` Derived class method hides a virtual base class method instead of overriding it ```Member not initialized in constructor``` Constructor does not initialize some members of a class ```Missing explicit keyword``` Constructor missing the explicit specifier ```Missing virtual inheritance``` A base class is inherited virtually and nonvirtually in the same hierarchy `Object slicing` Derived class object passed by value to function with base class parameter ```Partial override of overloaded virtual functions``` Class overrides fraction of inherited virtual functions with a given name ```Return of non const handle to encapsulated data member``` Method returns pointer or reference to internal member of object ```Self assignment not tested in operator``` Copy assignment operator does not test for self-assignment
##### Resource Management Defects
 ```Closing a previously closed resource``` Function closes a previously closed stream ```Opening previously opened resource``` Opening an already opened file `Resource leak` File stream not closed before FILE pointer scope ends or pointer is reassigned ```Use of previously closed resource``` Function operates on a previously closed stream ```Writing to read-only resource``` File initially opened as read only is modified
##### Good Practice Defects
 `Ambiguous declaration syntax` Declaration syntax can be interpreted as object declaration or part of function declaration ```Bitwise and arithmetic operation on the same data``` Statement with mixed bitwise and arithmetic operations ```C++ reference to const-qualified type with subsequent modification``` Reference to const-qualified type is subsequently modified `C++ reference type qualified with const or volatile` Reference type declared with a redundant const or volatile qualifier ```Delete of void pointer``` delete operates on a void* pointer pointing to an object ```Hard-coded buffer size``` Size of memory buffer is a numerical value instead of symbolic constant ```Hard-coded loop boundary``` Loop boundary is a numerical value instead of symbolic constant ```Hard-coded object size used to manipulate memory``` Memory manipulation with hard-coded size instead of sizeof `Incorrect syntax of flexible array member size` Flexible array member defined with size zero or one ```Large pass-by-value argument``` Large argument passed by value between functions ```Line with more than one statement``` Multiple statements on a line ```Missing break of switch case``` No comments at the end of switch case without a break statement ```Missing overload of allocation or deallocation function``` Only one function in an allocation-deallocation function pair is overloaded ```Missing reset of a freed pointer``` Pointer free not followed by a reset statement to clear leftover data `Unused parameter` Function prototype has parameters not read or written in function body ```Use of setjmp/longjmp``` setjmp and longjmp cause deviation from normal control flow

#### Coding Standards

##### MISRA C:2012 Directives and Rules
 `MISRA C:2012 Dir 1.1` Any implementation-defined behavior on which the output of the program depends shall be documented and understood ```MISRA C:2012 Dir 2.1``` All source files shall compile without any compilation errors ```MISRA C:2012 Dir 4.1``` Run-time failures shall be minimized ```MISRA C:2012 Dir 4.3``` Assembly language shall be encapsulated and isolated ```MISRA C:2012 Dir 4.5``` Identifiers in the same name space with overlapping visibility should be typographically unambiguous ```MISRA C:2012 Dir 4.6``` typedefs that indicate size and signedness should be used in place of the basic numerical types ```MISRA C:2012 Dir 4.7``` If a function returns error information, then that error information shall be tested `MISRA C:2012 Dir 4.8` If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden ```MISRA C:2012 Dir 4.9``` A function should be used in preference to a function-like macro where they are interchangeable ```MISRA C:2012 Dir 4.10``` Precautions shall be taken in order to prevent the contents of a header file being included more than once ```MISRA C:2012 Dir 4.11``` The validity of values passed to library functions shall be checked ```MISRA C:2012 Dir 4.13``` Functions which are designed to provide operations on a resource should be called in an appropriate sequence ```MISRA C:2012 Dir 4.14``` The validity of values received from external sources shall be checked ```MISRA C:2012 Rule 1.1``` The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation’s translation limits ```MISRA C:2012 Rule 1.2``` Language extensions should not be used ```MISRA C:2012 Rule 1.3``` There shall be no occurrence of undefined or critical unspecified behaviour ```MISRA C:2012 Rule 2.1``` A project shall not contain unreachable code ```MISRA C:2012 Rule 2.2``` There shall be no dead code ```MISRA C:2012 Rule 2.3``` A project should not contain unused type declarations ```MISRA C:2012 Rule 2.4``` A project should not contain unused tag declarations ```MISRA C:2012 Rule 2.5``` A project should not contain unused macro declarations ```MISRA C:2012 Rule 2.6``` A function should not contain unused label declarations ```MISRA C:2012 Rule 2.7``` There should be no unused parameters in functions ```MISRA C:2012 Rule 3.1``` The character sequences /* and // shall not be used within a comment ```MISRA C:2012 Rule 3.2``` Line-splicing shall not be used in // comments ```MISRA C:2012 Rule 4.1``` Octal and hexadecimal escape sequences shall be terminated ```MISRA C:2012 Rule 4.2``` Trigraphs should not be used ```MISRA C:2012 Rule 5.1``` External identifiers shall be distinct ```MISRA C:2012 Rule 5.2``` Identifiers declared in the same scope and name space shall be distinct ```MISRA C:2012 Rule 5.3``` An identifier declared in an inner scope shall not hide an identifier declared in an outer scope ```MISRA C:2012 Rule 5.4``` Macro identifiers shall be distinct ```MISRA C:2012 Rule 5.5``` Identifiers shall be distinct from macro names ```MISRA C:2012 Rule 5.6``` A typedef name shall be a unique identifier ```MISRA C:2012 Rule 5.7``` A tag name shall be a unique identifier ```MISRA C:2012 Rule 5.8``` Identifiers that define objects or functions with external linkage shall be unique ```MISRA C:2012 Rule 5.9``` Identifiers that define objects or functions with internal linkage should be unique ```MISRA C:2012 Rule 6.1``` Bit-fields shall only be declared with an appropriate type ```MISRA C:2012 Rule 6.2``` Single-bit named bit fields shall not be of a signed type ```MISRA C:2012 Rule 7.1``` Octal constants shall not be used ```MISRA C:2012 Rule 7.2``` A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type ```MISRA C:2012 Rule 7.3``` The lowercase character “l” shall not be used in a literal suffix ```MISRA C:2012 Rule 7.4``` A string literal shall not be assigned to an object unless the object’s type is “pointer to const-qualified char” ```MISRA C:2012 Rule 8.1``` Types shall be explicitly specified ```MISRA C:2012 Rule 8.2``` Function types shall be in prototype form with named parameters ```MISRA C:2012 Rule 8.3``` All declarations of an object or function shall use the same names and type qualifiers ```MISRA C:2012 Rule 8.4``` A compatible declaration shall be visible when an object or function with external linkage is defined ```MISRA C:2012 Rule 8.5``` An external object or function shall be declared once in one and only one file ```MISRA C:2012 Rule 8.6``` An identifier with external linkage shall have exactly one external definition ```MISRA C:2012 Rule 8.7``` Functions and objects should not be defined with external linkage if they are referenced in only one translation unit ```MISRA C:2012 Rule 8.8``` The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage ```MISRA C:2012 Rule 8.9``` An object should be defined at block scope if its identifier only appears in a single function ```MISRA C:2012 Rule 8.10``` An inline function shall be declared with the static storage class ```MISRA C:2012 Rule 8.11``` When an array with external linkage is declared, its size should be explicitly specified ```MISRA C:2012 Rule 8.12``` Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique ```MISRA C:2012 Rule 8.13``` A pointer should point to a const-qualified type whenever possible ```MISRA C:2012 Rule 8.14``` The restrict type qualifier shall not be used ```MISRA C:2012 Rule 9.1``` The value of an object with automatic storage duration shall not be read before it has been set ```MISRA C:2012 Rule 9.2``` The initializer for an aggregate or union shall be enclosed in braces ```MISRA C:2012 Rule 9.3``` Arrays shall not be partially initialized ```MISRA C:2012 Rule 9.4``` An element of an object shall not be initialized more than once ```MISRA C:2012 Rule 9.5``` Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly ```MISRA C:2012 Rule 10.1``` Operands shall not be of an inappropriate essential type ```MISRA C:2012 Rule 10.2``` Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations ```MISRA C:2012 Rule 10.3``` The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category ```MISRA C:2012 Rule 10.4``` Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category ```MISRA C:2012 Rule 10.5``` The value of an expression should not be cast to an inappropriate essential type ```MISRA C:2012 Rule 10.6``` The value of a composite expression shall not be assigned to an object with wider essential type ```MISRA C:2012 Rule 10.7``` If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type ```MISRA C:2012 Rule 10.8``` The value of a composite expression shall not be cast to a different essential type category or a wider essential type ```MISRA C:2012 Rule 11.1``` Conversions shall not be performed between a pointer to a function and any other type ```MISRA C:2012 Rule 11.2``` Conversions shall not be performed between a pointer to an incomplete type and any other type ```MISRA C:2012 Rule 11.3``` A cast shall not be performed between a pointer to object type and a pointer to a different object type ```MISRA C:2012 Rule 11.4``` A conversion should not be performed between a pointer to object and an integer type ```MISRA C:2012 Rule 11.5``` A conversion should not be performed from pointer to void into pointer to object ```MISRA C:2012 Rule 11.6``` A cast shall not be performed between pointer to void and an arithmetic type ```MISRA C:2012 Rule 11.7``` A cast shall not be performed between pointer to object and a non-integer arithmetic type ```MISRA C:2012 Rule 11.8``` A cast shall not remove any const or volatile qualification from the type pointed to by a pointer ```MISRA C:2012 Rule 11.9``` The macro NULL shall be the only permitted form of integer null pointer constant ```MISRA C:2012 Rule 12.1``` The precedence of operators within expressions should be made explicit ```MISRA C:2012 Rule 12.2``` The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand ```MISRA C:2012 Rule 12.3``` The comma operator should not be used ```MISRA C:2012 Rule 12.4``` Evaluation of constant expressions should not lead to unsigned integer wrap-around ```MISRA C:2012 Rule 12.5``` The sizeof operator shall not have an operand which is a function parameter declared as “array of type” ```MISRA C:2012 Rule 13.1``` Initializer lists shall not contain persistent side effects ```MISRA C:2012 Rule 13.2``` The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders ```MISRA C:2012 Rule 13.3``` A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator ```MISRA C:2012 Rule 13.4``` The result of an assignment operator should not be used ```MISRA C:2012 Rule 13.5``` The right hand operand of a logical && or || operator shall not contain persistent side effects ```MISRA C:2012 Rule 13.6``` The operand of the sizeof operator shall not contain any expression which has potential side effects ```MISRA C:2012 Rule 14.1``` A loop counter shall not have essentially floating type ```MISRA C:2012 Rule 14.2``` A for loop shall be well-formed ```MISRA C:2012 Rule 14.3``` Controlling expressions shall not be invariant ```MISRA C:2012 Rule 14.4``` The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type ```MISRA C:2012 Rule 15.1``` The goto statement should not be used ```MISRA C:2012 Rule 15.2``` The goto statement shall jump to a label declared later in the same function ```MISRA C:2012 Rule 15.3``` Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement ```MISRA C:2012 Rule 15.4``` There should be no more than one break or goto statement used to terminate any iteration statement ```MISRA C:2012 Rule 15.5``` A function should have a single point of exit at the end ```MISRA C:2012 Rule 15.6``` The body of an iteration-statement or a selection-statement shall be a compound statement ```MISRA C:2012 Rule 15.7``` All if … else if constructs shall be terminated with an else statement ```MISRA C:2012 Rule 16.1``` All switch statements shall be well-formed ```MISRA C:2012 Rule 16.2``` A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement ```MISRA C:2012 Rule 16.3``` An unconditional break statement shall terminate every switch-clause ```MISRA C:2012 Rule 16.4``` Every switch statement shall have a default label ```MISRA C:2012 Rule 16.5``` A default label shall appear as either the first or the last switch label of a switch statement ```MISRA C:2012 Rule 16.6``` Every switch statement shall have at least two switch-clauses ```MISRA C:2012 Rule 16.7``` A switch-expression shall not have essentially Boolean type ```MISRA C:2012 Rule 17.1``` The features of shall not be used ```MISRA C:2012 Rule 17.2``` Functions shall not call themselves, either directly or indirectly ```MISRA C:2012 Rule 17.3``` A function shall not be declared implicitly ```MISRA C:2012 Rule 17.4``` All exit paths from a function with non-void return type shall have an explicit return statement with an expression ```MISRA C:2012 Rule 17.5``` The function argument corresponding to a parameter declared to have an array type shall have an appropriate number of elements ```MISRA C:2012 Rule 17.6``` The declaration of an array parameter shall not contain the static keyword between the [ ] ```MISRA C:2012 Rule 17.7``` The value returned by a function having non-void return type shall be used ```MISRA C:2012 Rule 17.8``` A function parameter should not be modified ```MISRA C:2012 Rule 18.1``` A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand ```MISRA C:2012 Rule 18.2``` Subtraction between pointers shall only be applied to pointers that address elements of the same array ```MISRA C:2012 Rule 18.3``` The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object ```MISRA C:2012 Rule 18.4``` The +, -, += and -= operators should not be applied to an expression of pointer type ```MISRA C:2012 Rule 18.5``` Declarations should contain no more than two levels of pointer nesting ```MISRA C:2012 Rule 18.6``` The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist ```MISRA C:2012 Rule 18.7``` Flexible array members shall not be declared ```MISRA C:2012 Rule 18.8``` Variable-length array types shall not be used ```MISRA C:2012 Rule 19.1``` An object shall not be assigned or copied to an overlapping object ```MISRA C:2012 Rule 19.2``` The union keyword should not be used ```MISRA C:2012 Rule 20.1``` #include directives should only be preceded by preprocessor directives or comments ```MISRA C:2012 Rule 20.2``` The ', " or \ characters and the /* or // character sequences shall not occur in a header file name ```MISRA C:2012 Rule 20.3``` The #include directive shall be followed by either a or \"filename\" sequence ```MISRA C:2012 Rule 20.4``` A macro shall not be defined with the same name as a keyword ```MISRA C:2012 Rule 20.5``` #undef should not be used ```MISRA C:2012 Rule 20.6``` Tokens that look like a preprocessing directive shall not occur within a macro argument ```MISRA C:2012 Rule 20.7``` Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses ```MISRA C:2012 Rule 20.8``` The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1 ```MISRA C:2012 Rule 20.9``` All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define’d before evaluation ```MISRA C:2012 Rule 20.10``` The # and ## preprocessor operators should not be used ```MISRA C:2012 Rule 20.11``` A macro parameter immediately following a # operator shall not immediately be followed by a ## operator ```MISRA C:2012 Rule 20.12``` A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators ```MISRA C:2012 Rule 20.13``` A line whose first token is # shall be a valid preprocessing directive ```MISRA C:2012 Rule 20.14``` All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are related ```MISRA C:2012 Rule 21.1``` #define and #undef shall not be used on a reserved identifier or reserved macro name ```MISRA C:2012 Rule 21.2``` A reserved identifier or macro name shall not be declared ```MISRA C:2012 Rule 21.3``` The memory allocation and deallocation functions of shall not be used ```MISRA C:2012 Rule 21.4``` The standard header file shall not be used ```MISRA C:2012 Rule 21.5``` The standard header file shall not be used ```MISRA C:2012 Rule 21.6``` The Standard Library input/output functions shall not be used ```MISRA C:2012 Rule 21.7``` The atof, atoi, atol, and atoll functions of shall not be used ```MISRA C:2012 Rule 21.8``` The library functions abort, exit, getenv and system of shall not be used ```MISRA C:2012 Rule 21.9``` The library functions bsearch and qsort of shall not be used ```MISRA C:2012 Rule 21.10``` The Standard Library time and date functions shall not be used ```MISRA C:2012 Rule 21.11``` The standard header file shall not be used ```MISRA C:2012 Rule 21.12``` The exception handling features of should not be used ```MISRA C:2012 Rule 21.13``` Any value passed to a function in shall be representable as an unsigned char or be the value EOF ```MISRA C:2012 Rule 21.14``` The Standard Library function memcmp shall not be used to compare null terminated strings ```MISRA C:2012 Rule 21.15``` The pointer arguments to the Standard Library functions memcpy, memmove and memcmp shall be pointers to qualified or unqualified versions of compatible types ```MISRA C:2012 Rule 21.16``` The pointer arguments to the Standard Library function memcmp shall point to either a pointer type, an essentially signed type, an essentially unsigned type, an essentially Boolean type or an essentially enum type ```MISRA C:2012 Rule 21.17``` Use of the string handling function from shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters ```MISRA C:2012 Rule 21.18``` The size_t argument passed to any function in shall have an appropriate value ```MISRA C:2012 Rule 21.19``` The pointers returned by the Standard Library functions localeconv, getenv, setlocale or strerror shall only be used as if they have pointer to const-qualified type ```MISRA C:2012 Rule 21.20``` The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, getenv, setlocale or strerror shall not be used following a subsequent call to the same function ```MISRA C:2012 Rule 22.1``` All resources obtained dynamically by means of Standard Library functions shall be explicitly released ```MISRA C:2012 Rule 22.2``` A block of memory shall only be freed if it was allocated by means of a Standard Library function ```MISRA C:2012 Rule 22.3``` The same file shall not be open for read and write access at the same time on different streams ```MISRA C:2012 Rule 22.4``` There shall be no attempt to write to a stream which has been opened as read-only ```MISRA C:2012 Rule 22.5``` A pointer to a FILE object shall not be dereferenced ```MISRA C:2012 Rule 22.6``` The value of a pointer to a FILE shall not be used after the associated stream has been closed ```MISRA C:2012 Rule 22.7``` The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF ```MISRA C:2012 Rule 22.8``` The value of errno shall be set to zero prior to a call to an errno-setting-function ```MISRA C:2012 Rule 22.9``` The value of errno shall be tested against zero after calling an errno-setting function ```MISRA C:2012 Rule 22.10``` The value of errno shall only be tested when the last function to be called was an errno-setting function
##### CERT C Rules and Recommendations
 ```CERT C: Rule PRE30-C``` Do not create a universal character name through concatenation ```CERT C: Rule PRE31-C``` Avoid side effects in arguments to unsafe macros ```CERT C: Rule PRE32-C``` Do not use preprocessor directives in invocations of function-like macros ```CERT C: Rule DCL30-C``` Declare objects with appropriate storage durations ```CERT C: Rule DCL31-C``` Declare identifiers before using them ```CERT C: Rule DCL36-C``` Do not declare an identifier with conflicting linkage classifications ```CERT C: Rule DCL37-C``` Do not declare or define a reserved identifier ```CERT C: Rule DCL38-C``` Use the correct syntax when declaring a flexible array member ```CERT C: Rule DCL39-C``` Avoid information leakage in structure padding ```CERT C: Rule DCL40-C``` Do not create incompatible declarations of the same function or object ```CERT C: Rule DCL41-C``` Do not declare variables inside a switch statement before the first case label ```CERT C: Rule EXP30-C``` Do not depend on the order of evaluation for side effects ```CERT C: Rule EXP32-C``` Do not access a volatile object through a nonvolatile reference ```CERT C: Rule EXP33-C``` Do not read uninitialized memory ```CERT C: Rule EXP34-C``` Do not dereference null pointers ```CERT C: Rule EXP35-C``` Do not modify objects with temporary lifetime ```CERT C: Rule EXP36-C``` Do not cast pointers into more strictly aligned pointer types ```CERT C: Rule EXP37-C``` Call functions with the correct number and type of arguments ```CERT C: Rule EXP39-C``` Do not access a variable through a pointer of an incompatible type ```CERT C: Rule EXP40-C``` Do not modify constant objects ```CERT C: Rule EXP42-C``` Do not compare padding data ```CERT C: Rule EXP43-C``` Avoid undefined behavior when using restrict-qualified pointers ```CERT C: Rule EXP44-C``` Do not rely on side effects in operands to sizeof, _Alignof, or _Generic ```CERT C: Rule EXP45-C``` Do not perform assignments in selection statements ```CERT C: Rule EXP46-C``` Do not use a bitwise operator with a Boolean-like operand ```CERT C: Rule EXP47-C``` Do not call va_arg with an argument of the incorrect type ```CERT C: Rule INT30-C``` Ensure that unsigned integer operations do not wrap ```CERT C: Rule INT31-C``` Ensure that integer conversions do not result in lost or misinterpreted data ```CERT C: Rule INT32-C``` Ensure that operations on signed integers do not result in overflow ```CERT C: Rule INT33-C``` Ensure that division and remainder operations do not result in divide-by-zero errors ```CERT C: Rule INT34-C``` Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand ```CERT C: Rule INT35-C``` Use correct integer precisions ```CERT C: Rule INT36-C``` Converting a pointer to integer or integer to pointer ```CERT C: Rule FLP30-C``` Do not use floating-point variables as loop counters ```CERT C: Rule FLP32-C``` Prevent or detect domain and range errors in math functions ```CERT C: Rule FLP34-C``` Ensure that floating-point conversions are within range of the new type ```CERT C: Rule FLP36-C``` Preserve precision when converting integral values to floating-point type ```CERT C: Rule FLP37-C``` Do not use object representations to compare floating-point values ```CERT C: Rule ARR30-C``` Do not form or use out-of-bounds pointers or array subscripts ```CERT C: Rule ARR32-C``` Ensure size arguments for variable length arrays are in a valid range ```CERT C: Rule ARR36-C``` Do not subtract or compare two pointers that do not refer to the same array ```CERT C: Rule ARR37-C``` Do not add or subtract an integer to a pointer to a non-array object ```CERT C: Rule ARR38-C``` Guarantee that library functions do not form invalid pointers ```CERT C: Rule ARR39-C``` Do not add or subtract a scaled integer to a pointer ```CERT C: Rule STR30-C``` Do not attempt to modify string literals ```CERT C: Rule STR31-C``` Guarantee that storage for strings has sufficient space for character data and the null terminator ```CERT C: Rule STR32-C``` Do not pass a non-null-terminated character sequence to a library function that expects a string ```CERT C: Rule STR34-C``` Cast characters to unsigned char before converting to larger integer sizes ```CERT C: Rule STR37-C``` Arguments to character-handling functions must be representable as an unsigned char ```CERT C: Rule STR38-C``` Do not confuse narrow and wide character strings and functions ```CERT C: Rule MEM30-C``` Do not access freed memory ```CERT C: Rule MEM31-C``` Free dynamically allocated memory when no longer needed ```CERT C: Rule MEM33-C``` Allocate and copy structures containing a flexible array member dynamically ```CERT C: Rule MEM34-C``` Only free memory allocated dynamically ```CERT C: Rule MEM35-C``` Allocate sufficient memory for an object ```CERT C: Rule MEM36-C``` Do not modify the alignment of objects by calling realloc() ```CERT C: Rule FIO30-C``` Exclude user input from format strings ```CERT C: Rule FIO32-C``` Do not perform operations on devices that are only appropriate for files ```CERT C: Rule FIO34-C``` Distinguish between characters read from a file and EOF or WEOF ```CERT C: Rule FIO37-C``` Do not assume that fgets() or fgetws() returns a nonempty string when successful ```CERT C: Rule FIO38-C``` Do not copy a FILE object ```CERT C: Rule FIO39-C``` Do not alternately input and output from a stream without an intervening flush or positioning call ```CERT C: Rule FIO40-C``` Reset strings on fgets() or fgetws() failure ```CERT C: Rule FIO41-C``` Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects ```CERT C: Rule FIO42-C``` Close files when they are no longer needed ```CERT C: Rule FIO44-C``` Only use values for fsetpos() that are returned from fgetpos() ```CERT C: Rule FIO45-C``` Avoid TOCTOU race conditions while accessing files ```CERT C: Rule FIO46-C``` Do not access a closed file ```CERT C: Rule FIO47-C``` Use valid format strings ```CERT C: Rule ENV30-C``` Do not modify the object referenced by the return value of certain functions ```CERT C: Rule ENV31-C``` Do not rely on an environment pointer following an operation that may invalidate it ```CERT C: Rule ENV32-C``` All exit handlers must return normally ```CERT C: Rule ENV33-C``` Do not call system() ```CERT C: Rule ENV34-C``` Do not store pointers returned by certain functions ```CERT C: Rule SIG30-C``` Call only asynchronous-safe functions within signal handlers ```CERT C: Rule SIG31-C``` Do not access shared objects in signal handlers ```CERT C: Rule SIG34-C``` Do not call signal() from within interruptible signal handlers ```CERT C: Rule SIG35-C``` Do not return from a computational exception signal handler ```CERT C: Rule ERR30-C``` Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure ```CERT C: Rule ERR32-C``` Do not rely on indeterminate values of errno ```CERT C: Rule ERR33-C``` Detect and handle standard library errors ```CERT C: Rule ERR34-C``` Detect errors when converting a string to a number ```CERT C: Rule CON30-C``` Clean up thread-specific storage ```CERT C: Rule CON31-C``` Do not destroy a mutex while it is locked ```CERT C: Rule CON32-C``` Prevent data races when accessing bit-fields from multiple threads ```CERT C: Rule CON33-C``` Avoid race conditions when using library functions ```CERT C: Rule CON35-C``` Avoid deadlock by locking in a predefined order ```CERT C: Rule CON36-C``` Wrap functions that can spuriously wake up in a loop ```CERT C: Rule CON37-C``` Do not call signal() in a multithreaded program ```CERT C: Rule CON40-C``` Do not refer to an atomic variable twice in an expression ```CERT C: Rule CON41-C``` Wrap functions that can fail spuriously in a loop ```CERT C: Rule CON43-C``` Do not allow data races in multithreaded code ```CERT C: Rule MSC30-C``` Do not use the rand() function for generating pseudorandom numbers ```CERT C: Rule MSC32-C``` Properly seed pseudorandom number generators ```CERT C: Rule MSC33-C``` Do not pass invalid data to the asctime() function ```CERT C: Rule MSC37-C``` Ensure that control never reaches the end of a non-void function ```CERT C: Rule MSC38-C``` Do not treat a predefined identifier as an object if it might only be implemented as a macro ```CERT C: Rule MSC39-C``` Do not call va_arg() on a va_list that has an indeterminate value ```CERT C: Rule MSC40-C``` Do not violate constraints ```CERT C: Rule POS30-C``` Use the readlink() function properly ```CERT C: Rule POS33-C``` Do not use vfork() ```CERT C: Rule POS34-C``` Do not call putenv() with a pointer to an automatic variable as the argument ```CERT C: Rule POS35-C``` Avoid race conditions while checking for the existence of a symbolic link ```CERT C: Rule POS36-C``` Observe correct revocation order while relinquishing privileges ```CERT C: Rule POS37-C``` Ensure that privilege relinquishment is successful ```CERT C: Rule POS38-C``` Beware of race conditions when using fork and file descriptors ```CERT C: Rule POS39-C``` Use the correct byte ordering when transferring data between systems ```CERT C: Rule POS44-C``` Do not use signals to terminate threads ```CERT C: Rule POS48-C``` Do not unlock or destroy another POSIX thread's mutex ```CERT C: Rule POS49-C``` When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed ```CERT C: Rule POS51-C``` Avoid deadlock with POSIX threads by locking in predefined order ```CERT C: Rule POS52-C``` Do not perform operations that can block while holding a POSIX lock ```CERT C: Rule POS54-C``` Detect and handle POSIX library errors ```CERT C: Rule WIN30-C``` Properly pair allocation and deallocation functions ```CERT C: Rec. PRE00-C``` Prefer inline or static functions to function-like macros ```CERT C: Rec. PRE01-C``` Use parentheses within macros around parameter names ```CERT C: Rec. PRE06-C``` Enclose header files in an inclusion guard ```CERT C: Rec. PRE07-C``` Avoid using repeated question marks ```CERT C: Rec. PRE09-C``` Do not replace secure functions with deprecated or obsolescent functions ```CERT C: Rec. DCL01-C``` Do not reuse variable names in subscopes ```CERT C: Rec. DCL02-C``` Use visually distinct identifiers ```CERT C: Rec. DCL06-C``` Use meaningful symbolic constants to represent literal values ```CERT C: Rec. DCL07-C``` Include the appropriate type information in function declarators ```CERT C: Rec. DCL10-C``` Maintain the contract between the writer and caller of variadic functions ```CERT C: Rec. DCL11-C``` Understand the type issues associated with variadic functions ```CERT C: Rec. DCL12-C``` Implement abstract data types using opaque types ```CERT C: Rec. DCL13-C``` Declare function parameters that are pointers to values not changed by the function as const ```CERT C: Rec. DCL15-C``` Declare file-scope objects or functions that do not need external linkage as static ```CERT C: Rec. DCL16-C``` Use 'L,' not 'l,' to indicate a long value ```CERT C: Rec. DCL18-C``` Do not begin integer constants with 0 when specifying a decimal value ```CERT C: Rec. DCL19-C``` Minimize the scope of variables and functions ```CERT C: Rec. DCL22-C``` Use volatile for data that cannot be cached ```CERT C: Rec. DCL23-C``` Guarantee that mutually visible identifiers are unique ```CERT C: Rec. EXP00-C``` Use parentheses for precedence of operation ```CERT C: Rec. EXP05-C``` Do not cast away a const qualification ```CERT C: Rec. EXP08-C``` Ensure pointer arithmetic is used correctly ```CERT C: Rec. EXP09-C``` Use sizeof to determine the size of a type or variable ```CERT C: Rec. EXP10-C``` Do not depend on the order of evaluation of subexpressions or the order in which side effects take place ```CERT C: Rec. EXP11-C``` Do not make assumptions regarding the layout of structures with bit-fields ```CERT C: Rec. EXP12-C``` Do not ignore values returned by functions ```CERT C: Rec. EXP13-C``` Treat relational and equality operators as if they were nonassociative ```CERT C: Rec. EXP19-C``` Use braces for the body of an if, for, or while statement ```CERT C: Rec. INT00-C``` Understand the data model used by your implementation(s) ```CERT C: Rec. INT02-C``` Understand integer conversion rules ```CERT C: Rec. INT04-C``` Enforce limits on integer values originating from tainted sources ```CERT C: Rec. INT07-C``` Use only explicitly signed or unsigned char type for numeric values ```CERT C: Rec. INT08-C``` Verify that all integer values are in range ```CERT C: Rec. INT09-C``` Ensure enumeration constants map to unique values ```CERT C: Rec. INT10-C``` Do not assume a positive remainder when using the % operator ```CERT C: Rec. INT12-C``` Do not make assumptions about the type of a plain int bit-field when used in an expression ```CERT C: Rec. INT13-C``` Use bitwise operators only on unsigned operands ```CERT C: Rec. INT14-C``` Avoid performing bitwise and arithmetic operations on the same data ```CERT C: Rec. INT18-C``` Evaluate integer expressions in a larger size before comparing or assigning to that size ```CERT C: Rec. FLP00-C``` Understand the limitations of floating-point numbers ```CERT C: Rec. FLP02-C``` Avoid using floating-point numbers when precise computation is needed ```CERT C: Rec. FLP03-C``` Detect and handle floating-point errors ```CERT C: Rec. FLP06-C``` Convert integers to floating point for floating-point operations ```CERT C: Rec. ARR01-C``` Do not apply the sizeof operator to a pointer when taking the size of an array ```CERT C: Rec. ARR02-C``` Explicitly specify array bounds, even if implicitly defined by an initializer ```CERT C: Rec. STR02-C``` Sanitize data passed to complex subsystems ```CERT C: Rec. STR03-C``` Do not inadvertently truncate a string ```CERT C: Rec. STR07-C``` Use the bounds-checking interfaces for string manipulation ```CERT C: Rec. STR11-C``` Do not specify the bound of a character array initialized with a string literal ```CERT C: Rec. MEM00-C``` Allocate and free memory in the same module, at the same level of abstraction ```CERT C: Rec. MEM01-C``` Store a new value in pointers immediately after free() ```CERT C: Rec. MEM02-C``` Immediately cast the result of a memory allocation function call into a pointer to the allocated type ```CERT C: Rec. MEM03-C``` Clear sensitive information stored in reusable resources ```CERT C: Rec. MEM04-C``` Beware of zero-length allocations ```CERT C: Rec. MEM05-C``` Avoid large stack allocations ```CERT C: Rec. MEM06-C``` Ensure that sensitive data is not written out to disk ```CERT C: Rec. MEM11-C``` Do not assume infinite heap space ```CERT C: Rec. MEM12-C``` Consider using a goto chain when leaving a function on error when using and releasing resources ```CERT C: Rec. FIO02-C``` Canonicalize path names originating from tainted sources ```CERT C: Rec. FIO11-C``` Take care when specifying the mode parameter of fopen() ```CERT C: Rec. FIO21-C``` Do not create temporary files in shared directories ```CERT C: Rec. FIO24-C``` Do not open a file that is already open ```CERT C: Rec. ENV01-C``` Do not make assumptions about the size of an environment variable ```CERT C: Rec. ERR00-C``` Adopt and implement a consistent and comprehensive error-handling policy ```CERT C: Rec. API04-C``` Provide a consistent and usable error-checking mechanism ```CERT C: Rec. CON01-C``` Acquire and release synchronization primitives in the same module, at the same level of abstraction ```CERT C: Rec. CON05-C``` Do not perform operations that can block while holding a lock ```CERT C: Rec. MSC01-C``` Strive for logical completeness ```CERT C: Rec. MSC04-C``` Use comments consistently and in a readable fashion ```CERT C: Rec. MSC12-C``` Detect and remove code that has no effect or is never executed ```CERT C: Rec. MSC13-C``` Detect and remove unused values ```CERT C: Rec. MSC15-C``` Do not depend on undefined behavior ```CERT C: Rec. MSC17-C``` Finish every set of statements associated with a case label with a break statement ```CERT C: Rec. MSC18-C``` Be careful while handling sensitive data, such as passwords, in program code ```CERT C: Rec. MSC20-C``` Do not use a switch statement to transfer control into a complex block ```CERT C: Rec. MSC21-C``` Use robust loop termination conditions ```CERT C: Rec. MSC22-C``` Use the setjmp(), longjmp() facility securely ```CERT C: Rec. MSC24-C``` Do not use deprecated or obsolescent functions ```CERT C: Rec. POS05-C``` Limit access to files by creating a jail ```CERT C: Rec. WIN00-C``` Be specific when dynamically loading libraries
##### ISO/IEC TS 17961 Rules
 `ISO/IEC TS 17961 [accfree]` Accessing freed memory ```ISO/IEC TS 17961 [accsig]``` Accessing shared objects in signal handlers ```ISO/IEC TS 17961 [addrescape]``` Escaping of the address of an automatic object ```ISO/IEC TS 17961 [alignconv]``` Converting pointer values to more strictly aligned pointer types ```ISO/IEC TS 17961 [argcomp]``` Calling functions with incorrect arguments ```ISO/IEC TS 17961 [asyncsig]``` Calling functions in the C Standard Library other than abort, _Exit, and signal from within a signal handler ```ISO/IEC TS 17961 [boolasgn]``` No assignment in conditional expressions ```ISO/IEC TS 17961 [chreof]``` Using character values that are indistinguishable from EOF ```ISO/IEC TS 17961 [chrsgnext]``` Passing arguments to character handling functions that are not representable as unsigned char ```ISO/IEC TS 17961 [dblfree]``` Freeing memory multiple times ```ISO/IEC TS 17961 [diverr]``` Integer division errors ```ISO/IEC TS 17961 [fileclose]``` Failing to close files or free dynamic memory when they are no longer needed ```ISO/IEC TS 17961 [filecpy]``` Copying a FILE object ```ISO/IEC TS 17961 [funcdecl]``` Declaring the same function or object in incompatible ways ```ISO/IEC TS 17961 [insufmem]``` Allocating insufficient memory ```ISO/IEC TS 17961 [intoflow]``` Overflowing signed integers ```ISO/IEC TS 17961 [intptrconv]``` Converting a pointer to integer or integer to pointer ```ISO/IEC TS 17961 [inverrno]``` Incorrectly setting and using errno ```ISO/IEC TS 17961 [invfmtstr]``` Using invalid format strings ```ISO/IEC TS 17961 [invptr]``` Forming or using out-ofbounds pointers or array subscripts ```ISO/IEC TS 17961 [ioileave]``` Interleaving stream inputs and outputs without a flush or positioning call ```ISO/IEC TS 17961 [liberr]``` Failing to detect and handle standard library errors ```ISO/IEC TS 17961 [libmod]``` Modifying the string returned by getenv, localeconv, setlocale, and strerror ```ISO/IEC TS 17961 [libptr]``` Forming invalid pointers by library function ```ISO/IEC TS 17961 [libuse]``` Using an object overwritten by getenv, localeconv, setlocale, and strerror ```ISO/IEC TS 17961 [nonnullcs]``` Passing a non-null-terminated character sequence to a library function ```ISO/IEC TS 17961 [nullref]``` Dereferencing an out-of-domain pointer ```ISO/IEC TS 17961 [padcomp]``` Comparison of padding data ```ISO/IEC TS 17961 [ptrcomp]``` Accessing an object through a pointer to an incompatible type ```ISO/IEC TS 17961 [ptrobj]``` Subtracting or comparing two pointers that do not refer to the same array ```ISO/IEC TS 17961 [resident]``` Using identifiers that are reserved for the implementation ```ISO/IEC TS 17961 [restrict]``` Passing pointers into the same object as arguments to different restrict-qualified parameters ```ISO/IEC TS 17961 [sigcall]``` Calling signal from interruptible signal handlers ```ISO/IEC TS 17961 [signconv]``` Conversion of signed characters to wider integer types before a check for EOF ```ISO/IEC TS 17961 [sizeofptr]``` Taking the size of a pointer to determine the size of the pointed-to type ```ISO/IEC TS 17961 [strmod]``` Modifying string literals ```ISO/IEC TS 17961 [swtchdflt]``` Use of an implied default in a switch statement ```ISO/IEC TS 17961 [syscall]``` Calling system ```ISO/IEC TS 17961 [taintformatio]``` Using a tainted value to write to an object using a formatted input or output function ```ISO/IEC TS 17961 [taintnoproto]``` Using a tainted value as an argument to an unprototyped function pointer ```ISO/IEC TS 17961 [taintsink]``` Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink ```ISO/IEC TS 17961 [taintstrcpy]``` Tainted strings are passed to a string copying function ```ISO/IEC TS 17961 [uninitref]``` Referencing uninitialized memory ```ISO/IEC TS 17961 [usrfmt]``` Including tainted or out-of-domain input in a format string ```ISO/IEC TS 17961 [xfilepos]``` Using a value for fsetpos other than a value returned from fgetpos ```ISO/IEC TS 17961 [xfree]``` Reallocating or freeing memory that was not dynamically allocated
##### MISRA C++:2008 Rules
 `MISRA C++:2008 Rule 0-1-1` A project shall not contain unreachable code `MISRA C++:2008 Rule 0-1-2` A project shall not contain infeasible paths `MISRA C++:2008 Rule 0-1-3` A project shall not contain unused variables `MISRA C++:2008 Rule 0-1-5` A project shall not contain unused type declarations `MISRA C++:2008 Rule 0-1-7` The value returned by a function having a non- void return type that is not an overloaded operator shall always be used `MISRA C++:2008 Rule 0-1-9` There shall be no dead code `MISRA C++:2008 Rule 0-1-10` Every defined function shall be called at least once `MISRA C++:2008 Rule 0-1-11` There shall be no unused parameters (named or unnamed) in nonvirtual functions `MISRA C++:2008 Rule 0-1-12` There shall be no unused parameters (named or unnamed) in the set of parameters for a virtual function and all the functions that override it `MISRA C++:2008 Rule 0-2-1` An object shall not be assigned to an overlapping object `MISRA C++:2008 Rule 1-0-1` All code shall conform to ISO/IEC 14882:2003 "The C++ Standard Incorporating Technical Corrigendum 1" `MISRA C++:2008 Rule 2-3-1` Trigraphs shall not be used `MISRA C++:2008 Rule 2-5-1` Digraphs should not be used `MISRA C++:2008 Rule 2-7-1` The character sequence /* shall not be used within a C-style comment `MISRA C++:2008 Rule 2-10-1` Different identifiers shall be typographically unambiguous `MISRA C++:2008 Rule 2-10-2` Identifiers declared in an inner scope shall not hide an identifier declared in an outer scope `MISRA C++:2008 Rule 2-10-3` A typedef name (including qualification, if any) shall be a unique identifier `MISRA C++:2008 Rule 2-10-4` A class, union or enum name (including qualification, if any) shall be a unique identifier `MISRA C++:2008 Rule 2-10-5` The identifier name of a non-member object or function with static storage duration should not be reused `MISRA C++:2008 Rule 2-10-6` If an identifier refers to a type, it shall not also refer to an object or a function in the same scope `MISRA C++:2008 Rule 2-13-1` Only those escape sequences that are defined in ISO/IEC 14882:2003 shall be used `MISRA C++:2008 Rule 2-13-2` Octal constants (other than zero) and octal escape sequences (other than "\0") shall not be used `MISRA C++:2008 Rule 2-13-3` A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type `MISRA C++:2008 Rule 2-13-4` Literal suffixes shall be upper case `MISRA C++:2008 Rule 2-13-5` Narrow and wide string literals shall not be concatenated `MISRA C++:2008 Rule 3-1-1` It shall be possible to include any header file in multiple translation units without violating the One Definition Rule `MISRA C++:2008 Rule 3-1-2` Functions shall not be declared at block scope `MISRA C++:2008 Rule 3-1-3` When an array is declared, its size shall either be stated explicitly or defined implicitly by initialization `MISRA C++:2008 Rule 3-2-1` All declarations of an object or function shall have compatible types `MISRA C++:2008 Rule 3-2-2` The One Definition Rule shall not be violated `MISRA C++:2008 Rule 3-2-3` A type, object or function that is used in multiple translation units shall be declared in one and only one file `MISRA C++:2008 Rule 3-2-4` An identifier with external linkage shall have exactly one definition `MISRA C++:2008 Rule 3-3-1` Objects or functions with external linkage shall be declared in a header file `MISRA C++:2008 Rule 3-3-2` If a function has internal linkage then all re-declarations shall include the static storage class specifier `MISRA C++:2008 Rule 3-4-1` An identifier declared to be an object or type shall be defined in a block that minimizes its visibility `MISRA C++:2008 Rule 3-9-1` The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations `MISRA C++:2008 Rule 3-9-2` typedefs that indicate size and signedness should be used in place of the basic numerical types `MISRA C++:2008 Rule 3-9-3` The underlying bit representations of floating-point values shall not be used `MISRA C++:2008 Rule 4-5-1` Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and !=, the unary & operator, and the conditional operator `MISRA C++:2008 Rule 4-5-2` Expressions with type enum shall not be used as operands to built- in operators other than the subscript operator [ ], the assignment operator =, the equality operators == and !=, the unary & operator, and the relational operators <, <=, >, >= `MISRA C++:2008 Rule 4-5-3` Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and !=, and the unary & operator N `MISRA C++:2008 Rule 4-10-1` NULL shall not be used as an integer value `MISRA C++:2008 Rule 4-10-2` Literal zero (0) shall not be used as the null-pointer-constant `MISRA C++:2008 Rule 5-0-1` The value of an expression shall be the same under any order of evaluation that the standard permits `MISRA C++:2008 Rule 5-0-2` Limited dependence should be placed on C++ operator precedence rules in expressions `MISRA C++:2008 Rule 5-0-3` A cvalue expression shall not be implicitly converted to a different underlying type `MISRA C++:2008 Rule 5-0-4` An implicit integral conversion shall not change the signedness of the underlying type `MISRA C++:2008 Rule 5-0-5` There shall be no implicit floating-integral conversions `MISRA C++:2008 Rule 5-0-6` An implicit integral or floating-point conversion shall not reduce the size of the underlying type `MISRA C++:2008 Rule 5-0-7` There shall be no explicit floating-integral conversions of a cvalue expression `MISRA C++:2008 Rule 5-0-8` An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression `MISRA C++:2008 Rule 5-0-9` An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression `MISRA C++:2008 Rule 5-0-10` If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand `MISRA C++:2008 Rule 5-0-11` The plain char type shall only be used for the storage and use of character values `MISRA C++:2008 Rule 5-0-12` Signed char and unsigned char type shall only be used for the storage and use of numeric values `MISRA C++:2008 Rule 5-0-13` The condition of an if-statement and the condition of an iteration- statement shall have type bool `MISRA C++:2008 Rule 5-0-14` The first operand of a conditional-operator shall have type bool `MISRA C++:2008 Rule 5-0-15` Array indexing shall be the only form of pointer arithmetic `MISRA C++:2008 Rule 5-0-17` Subtraction between pointers shall only be applied to pointers that address elements of the same array `MISRA C++:2008 Rule 5-0-18` >, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array `MISRA C++:2008 Rule 5-0-19` The declaration of objects shall contain no more than two levels of pointer indirection `MISRA C++:2008 Rule 5-0-20` Non-constant operands to a binary bitwise operator shall have the same underlying type `MISRA C++:2008 Rule 5-0-21` Bitwise operators shall only be applied to operands of unsigned underlying type `MISRA C++:2008 Rule 5-2-1` Each operand of a logical && or || shall be a postfix-expression `MISRA C++:2008 Rule 5-2-2` A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast `MISRA C++:2008 Rule 5-2-3` Casts from a base class to a derived class should not be performed on polymorphic types `MISRA C++:2008 Rule 5-2-4` C-style casts (other than void casts) and functional notation casts (other than explicit constructor calls) shall not be used `MISRA C++:2008 Rule 5-2-5` A cast shall not remove any const or volatile qualification from the type of a pointer or reference `MISRA C++:2008 Rule 5-2-6` A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type `MISRA C++:2008 Rule 5-2-7` An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly `MISRA C++:2008 Rule 5-2-8` An object with integer type or pointer to void type shall not be converted to an object with pointer type `MISRA C++:2008 Rule 5-2-9` A cast should not convert a pointer type to an integral type `MISRA C++:2008 Rule 5-2-10` The increment ( ++ ) and decrement ( -- ) operators should not be mixed with other operators in an expression `MISRA C++:2008 Rule 5-2-11` The comma operator, && operator and the || operator shall not be overloaded `MISRA C++:2008 Rule 5-2-12` An identifier with array type passed as a function argument shall not decay to a pointer `MISRA C++:2008 Rule 5-3-1` Each operand of the ! operator, the logical && or the logical || operators shall have type bool `MISRA C++:2008 Rule 5-3-2` The unary minus operator shall not be applied to an expression whose underlying type is unsigned `MISRA C++:2008 Rule 5-3-3` The unary & operator shall not be overloaded `MISRA C++:2008 Rule 5-3-4` Evaluation of the operand to the sizeof operator shall not contain side effects `MISRA C++:2008 Rule 5-8-1` The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand `MISRA C++:2008 Rule 5-14-1` The right hand operand of a logical && or || operator shall not contain side effects `MISRA C++:2008 Rule 5-18-1` The comma operator shall not be used `MISRA C++:2008 Rule 5-19-1` Evaluation of constant unsigned integer expressions should not lead to wrap-around `MISRA C++:2008 Rule 6-2-1` Assignment operators shall not be used in sub-expressions `MISRA C++:2008 Rule 6-2-2` Floating-point expressions shall not be directly or indirectly tested for equality or inequality `MISRA C++:2008 Rule 6-2-3` Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white - space character `MISRA C++:2008 Rule 6-3-1` The statement forming the body of a switch, while, do while or for statement shall be a compound statement `MISRA C++:2008 Rule 6-4-1` An if ( condition ) construct shall be followed by a compound statement The else keyword shall be followed by either a compound statement, or another if statement `MISRA C++:2008 Rule 6-4-2` All if else if constructs shall be terminated with an else clause `MISRA C++:2008 Rule 6-4-3` A switch statement shall be a well-formed switch statement `MISRA C++:2008 Rule 6-4-4` A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement `MISRA C++:2008 Rule 6-4-5` An unconditional throw or break statement shall terminate every non - empty switch-clause `MISRA C++:2008 Rule 6-4-6` The final clause of a switch statement shall be the default-clause `MISRA C++:2008 Rule 6-4-7` The condition of a switch statement shall not have bool type `MISRA C++:2008 Rule 6-4-8` Every switch statement shall have at least one case-clause `MISRA C++:2008 Rule 6-5-1` A for loop shall contain a single loop-counter which shall not have floating type `MISRA C++:2008 Rule 6-5-2` If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >= `MISRA C++:2008 Rule 6-5-3` The loop-counter shall not be modified within condition or statement `MISRA C++:2008 Rule 6-5-4` The loop-counter shall be modified by one of: --, ++, -=n, or +=n ; where n remains constant for the duration of the loop `MISRA C++:2008 Rule 6-5-5` A loop-control-variable other than the loop-counter shall not be modified within condition or expression `MISRA C++:2008 Rule 6-5-6` A loop-control-variable other than the loop-counter which is modified in statement shall have type bool `MISRA C++:2008 Rule 6-6-1` Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement `MISRA C++:2008 Rule 6-6-2` The goto statement shall jump to a label declared later in the same function body `MISRA C++:2008 Rule 6-6-3` The continue statement shall only be used within a well-formed for loop `MISRA C++:2008 Rule 6-6-4` For any iteration statement there shall be no more than one break or goto statement used for loop termination `MISRA C++:2008 Rule 6-6-5` A function shall have a single point of exit at the end of the function `MISRA C++:2008 Rule 7-1-1` A variable which is not modified shall be const qualified `MISRA C++:2008 Rule 7-1-2` A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified `MISRA C++:2008 Rule 7-3-1` The global namespace shall only contain main, namespace declarations and extern "C" declarations `MISRA C++:2008 Rule 7-3-2` The identifier main shall not be used for a function other than the global function main `MISRA C++:2008 Rule 7-3-3` There shall be no unnamed namespaces in header files `MISRA C++:2008 Rule 7-3-4` using-directives shall not be used `MISRA C++:2008 Rule 7-3-5` Multiple declarations for an identifier in the same namespace shall not straddle a using-declaration for that identifier `MISRA C++:2008 Rule 7-3-6` using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files `MISRA C++:2008 Rule 7-4-2` Assembler instructions shall only be introduced using the asm declaration `MISRA C++:2008 Rule 7-4-3` Assembly language shall be encapsulated and isolated `MISRA C++:2008 Rule 7-5-1` A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function `MISRA C++:2008 Rule 7-5-2` The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist `MISRA C++:2008 Rule 7-5-3` A function shall not return a reference or a pointer to a parameter that is passed by reference or const reference `MISRA C++:2008 Rule 7-5-4` Functions should not call themselves, either directly or indirectly `MISRA C++:2008 Rule 8-0-1` An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively `MISRA C++:2008 Rule 8-3-1` Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments `MISRA C++:2008 Rule 8-4-1` Functions shall not be defined using the ellipsis notation `MISRA C++:2008 Rule 8-4-2` The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration `MISRA C++:2008 Rule 8-4-3` All exit paths from a function with non- void return type shall have an explicit return statement with an expression `MISRA C++:2008 Rule 8-4-4` A function identifier shall either be used to call the function or it shall be preceded by & `MISRA C++:2008 Rule 8-5-1` All variables shall have a defined value before they are used `MISRA C++:2008 Rule 8-5-2` Braces shall be used to indicate and match the structure in the non- zero initialization of arrays and structures `MISRA C++:2008 Rule 8-5-3` In an enumerator list, the = construct shall not be used to explicitly initialize members other than the first, unless all items are explicitly initialized `MISRA C++:2008 Rule 9-3-1` const member functions shall not return non-const pointers or references to class-data `MISRA C++:2008 Rule 9-3-2` Member functions shall not return non-const handles to class-data `MISRA C++:2008 Rule 9-3-3` If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const `MISRA C++:2008 Rule 9-5-1` Unions shall not be used `MISRA C++:2008 Rule 9-6-2` Bit-fields shall be either bool type or an explicitly unsigned or signed integral type `MISRA C++:2008 Rule 9-6-3` Bit-fields shall not have enum type `MISRA C++:2008 Rule 9-6-4` Named bit-fields with signed integer type shall have a length of more than one bit `MISRA C++:2008 Rule 10-1-1` Classes should not be derived from virtual bases `MISRA C++:2008 Rule 10-1-2` A base class shall only be declared virtual if it is used in a diamond hierarchy `MISRA C++:2008 Rule 10-1-3` An accessible base class shall not be both virtual and non-virtual in the same hierarchy `MISRA C++:2008 Rule 10-2-1` All accessible entity names within a multiple inheritance hierarchy should be unique `MISRA C++:2008 Rule 10-3-1` There shall be no more than one definition of each virtual function on each path through the inheritance hierarchy `MISRA C++:2008 Rule 10-3-2` Each overriding virtual function shall be declared with the virtual keyword `MISRA C++:2008 Rule 10-3-3` A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual `MISRA C++:2008 Rule 11-0-1` Member data in non- POD class types shall be private `MISRA C++:2008 Rule 12-1-1` An object's dynamic type shall not be used from the body of its constructor or destructor `MISRA C++:2008 Rule 12-1-2` All constructors of a class should explicitly call a constructor for all of its immediate base classes and all virtual base classes `MISRA C++:2008 Rule 12-1-3` All constructors that are callable with a single argument of fundamental type shall be declared explicit `MISRA C++:2008 Rule 12-8-1` A copy constructor shall only initialize its base classes and the non- static members of the class of which it is a member `MISRA C++:2008 Rule 12-8-2` The copy assignment operator shall be declared protected or private in an abstract class `MISRA C++:2008 Rule 14-5-2` A copy constructor shall be declared when there is a template constructor with a single parameter that is a generic parameter `MISRA C++:2008 Rule 14-5-3` A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter `MISRA C++:2008 Rule 14-6-1` In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this-> `MISRA C++:2008 Rule 14-6-2` The function chosen by overload resolution shall resolve to a function declared previously in the translation unit `MISRA C++:2008 Rule 14-7-3` All partial and explicit specializations for a template shall be declared in the same file as the declaration of their primary template `MISRA C++:2008 Rule 14-8-1` Overloaded function templates shall not be explicitly specialized `MISRA C++:2008 Rule 14-8-2` The viable function set for a function call should either contain no function specializations, or only contain function specializations `MISRA C++:2008 Rule 15-0-2` An exception object should not have pointer type `MISRA C++:2008 Rule 15-0-3` Control shall not be transferred into a try or catch block using a goto or a switch statement `MISRA C++:2008 Rule 15-1-2` NULL shall not be thrown explicitly `MISRA C++:2008 Rule 15-1-3` An empty throw (throw;) shall only be used in the compound- statement of a catch handler `MISRA C++:2008 Rule 15-3-2` There should be at least one exception handler to catch all otherwise unhandled exceptions `MISRA C++:2008 Rule 15-3-3` Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases `MISRA C++:2008 Rule 15-3-5` A class type exception shall always be caught by reference `MISRA C++:2008 Rule 15-3-6` Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class `MISRA C++:2008 Rule 15-3-7` Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last `MISRA C++:2008 Rule 15-4-1` If a function is declared with an exception-specification, then all declarations of the same function (in other translation units) shall be declared with the same set of type-ids `MISRA C++:2008 Rule 15-5-1` A class destructor shall not exit with an exception `MISRA C++:2008 Rule 15-5-2` Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) `MISRA C++:2008 Rule 15-5-3` The terminate() function shall not be called implicitly `MISRA C++:2008 Rule 16-0-1` #include directives in a file shall only be preceded by other preprocessor directives or comments `MISRA C++:2008 Rule 16-0-2` Macros shall only be #define 'd or #undef 'd in the global namespace `MISRA C++:2008 Rule 16-0-3` #undef shall not be used `MISRA C++:2008 Rule 16-0-4` Function-like macros shall not be defined `MISRA C++:2008 Rule 16-0-5` Arguments to a function-like macro shall not contain tokens that look like preprocessing directives `MISRA C++:2008 Rule 16-0-6` In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ## `MISRA C++:2008 Rule 16-0-7` Undefined macro identifiers shall not be used in #if or #elif preprocessor directives, except as operands to the defined operator `MISRA C++:2008 Rule 16-0-8` If the # token appears as the first token on a line, then it shall be immediately followed by a preprocessing token `MISRA C++:2008 Rule 16-1-1` The defined preprocessor operator shall only be used in one of the two standard forms `MISRA C++:2008 Rule 16-1-2` All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if or #ifdef directive to which they are related `MISRA C++:2008 Rule 16-2-1` The preprocessor shall only be used for file inclusion and include guards `MISRA C++:2008 Rule 16-2-2` C++ macros shall only be used for: include guards, type qualifiers, or storage class specifiers `MISRA C++:2008 Rule 16-2-3` Include guards shall be provided `MISRA C++:2008 Rule 16-2-4` The ', ", /* or // characters shall not occur in a header file name `MISRA C++:2008 Rule 16-2-5` The \ character should not occur in a header file name `MISRA C++:2008 Rule 16-2-6` The #include directive shall be followed by either a or "filename" sequence `MISRA C++:2008 Rule 16-3-1` There shall be at most one occurrence of the # or ## operators in a single macro definition `MISRA C++:2008 Rule 16-3-2` The # and ## operators should not be used `MISRA C++:2008 Rule 16-6-1` All uses of the #pragma directive shall be documented `MISRA C++:2008 Rule 17-0-1` Reserved identifiers, macros and functions in the standard library shall not be defined, redefined or undefined `MISRA C++:2008 Rule 17-0-2` The names of standard library macros and objects shall not be reused `MISRA C++:2008 Rule 17-0-3` The names of standard library functions shall not be overridden `MISRA C++:2008 Rule 17-0-5` The setjmp macro and the longjmp function shall not be used `MISRA C++:2008 Rule 18-0-1` The C library shall not be used `MISRA C++:2008 Rule 18-0-2` The library functions atof, atoi and atol from library shall not be used `MISRA C++:2008 Rule 18-0-3` The library functions abort, exit, getenv and system from library shall not be used `MISRA C++:2008 Rule 18-0-4` The time handling functions of library shall not be used `MISRA C++:2008 Rule 18-0-5` The unbounded functions of library shall not be used `MISRA C++:2008 Rule 18-2-1` The macro offsetof shall not be used `MISRA C++:2008 Rule 18-4-1` Dynamic heap memory allocation shall not be used `MISRA C++:2008 Rule 18-7-1` The signal handling facilities of shall not be used `MISRA C++:2008 Rule 19-3-1` The error indicator errno shall not be used `MISRA C++:2008 Rule 27-0-1` The stream input/output library shall not be used
##### AUTOSAR C++14 Rules
 ```AUTOSAR C++14 Rule A0-1-2``` The value returned by a function having a non-void return type that is not an overloaded operator shall be used. ```AUTOSAR C++14 Rule A0-1-6``` There should be no unused type declarations. `AUTOSAR C++14 Rule A0-4-2` Type long double shall not be used ```AUTOSAR C++14 Rule M0-1-1``` A project shall not contain unreachable code. ```AUTOSAR C++14 Rule M0-1-2``` A project shall not contain infeasible paths. ```AUTOSAR C++14 Rule M0-1-3``` A project shall not contain unused variables. ```AUTOSAR C++14 Rule M0-1-9``` There shall be no dead code. ```AUTOSAR C++14 Rule M0-1-10``` Every defined function should be called at least once. ```AUTOSAR C++14 Rule M0-2-1``` An object shall not be assigned to an overlapping object. ```AUTOSAR C++14 Rule A1-1-1``` All code shall conform to ISO/IEC 14882:2014 - Programming Language C++ and shall not use deprecated features. ```AUTOSAR C++14 Rule A2-5-1``` Trigraphs shall not be used. ```AUTOSAR C++14 Rule A2-5-2``` Digraphs shall not be used. ```AUTOSAR C++14 Rule A2-11-1``` Volatile keyword shall not be used. ```AUTOSAR C++14 Rule A2-13-1``` Only those escape sequences that are defined in ISO/IEC 14882:2014 shall be used. ```AUTOSAR C++14 Rule A2-13-2``` String literals with different encoding prefixes shall not be concatenated. `AUTOSAR C++14 Rule A2-13-3` Type wchar_t shall not be used ```AUTOSAR C++14 Rule A2-13-5``` Hexadecimal constants should be upper case. ```AUTOSAR C++14 Rule M2-7-1``` The character sequence /* shall not be used within a C-style comment. ```AUTOSAR C++14 Rule M2-10-1``` Different identifiers shall be typographically unambiguous. ```AUTOSAR C++14 Rule M2-13-2``` Octal constants (other than zero) and octal escape sequences (other than "\0" ) shall not be used. ```AUTOSAR C++14 Rule M2-13-3``` A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type. ```AUTOSAR C++14 Rule M2-13-4``` Literal suffixes shall be upper case. ```AUTOSAR C++14 Rule A3-1-1``` It shall be possible to include any header file in multiple translation units without violating the One Definition Rule. ```AUTOSAR C++14 Rule A3-1-3``` Implementation files, that are defined locally in the project, should have a file name extension of ".cpp". ```AUTOSAR C++14 Rule A3-1-4``` When an array with external linkage is declared, its size shall be stated explicitly. ```AUTOSAR C++14 Rule A3-3-1``` Objects or functions with external linkage (including members of named namespaces) shall be declared in a header file. ```AUTOSAR C++14 Rule A3-9-1``` Fixed width integer types from , indicating the size and signedness, shall be used in place of the basic numerical types. ```AUTOSAR C++14 Rule M3-1-2``` Functions shall not be declared at block scope. ```AUTOSAR C++14 Rule M3-2-1``` All declarations of an object or function shall have compatible types. ```AUTOSAR C++14 Rule M3-2-2``` The One Definition Rule shall not be violated. ```AUTOSAR C++14 Rule M3-2-3``` A type, object or function that is used in multiple translation units shall be declared in one and only one file. ```AUTOSAR C++14 Rule M3-2-4``` An identifier with external linkage shall have exactly one definition. ```AUTOSAR C++14 Rule M3-3-2``` If a function has internal linkage then all re-declarations shall include the static storage class specifier. ```AUTOSAR C++14 Rule M3-4-1``` An identifier declared to be an object or type shall be defined in a block that minimizes its visibility. ```AUTOSAR C++14 Rule M3-9-1``` The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations. ```AUTOSAR C++14 Rule M3-9-3``` The underlying bit representations of floating-point values shall not be used. ```AUTOSAR C++14 Rule M4-5-1``` Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and ! =, the unary & operator, and the conditional operator. ```AUTOSAR C++14 Rule M4-5-3``` Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and ! =, and the unary & operator. ```AUTOSAR C++14 Rule M4-10-1``` NULL shall not be used as an integer value. ```AUTOSAR C++14 Rule M4-10-2``` Literal zero (0) shall not be used as the null-pointer-constant. ```AUTOSAR C++14 Rule A5-0-1``` The value of an expression shall be the same under any order of evaluation that the standard permits. ```AUTOSAR C++14 Rule A5-0-2``` The condition of an if-statement and the condition of an iteration statement shall have type bool. ```AUTOSAR C++14 Rule A5-0-3``` The declaration of objects shall contain no more than two levels of pointer indirection. ```AUTOSAR C++14 Rule A5-0-4``` Pointer arithmetic shall not be used with pointers to non-final classes. ```AUTOSAR C++14 Rule A5-2-2``` Traditional C-style casts shall not be used. ```AUTOSAR C++14 Rule A5-2-3``` A cast shall not remove any const or volatile qualification from the type of a pointer or reference. `AUTOSAR C++14 Rule A5-2-4` reinterpret_cast shall not be used ```AUTOSAR C++14 Rule A5-2-6``` The operands of a logical && or \\ shall be parenthesized if the operands contain binary operators. `AUTOSAR C++14 Rule A5-3-3` Pointers to incomplete class types shall not be deleted. `AUTOSAR C++14 Rule A5-6-1` The right hand operand of the integer division or remainder operators shall not be equal to zero. ```AUTOSAR C++14 Rule M5-0-2``` Limited dependence should be placed on C++ operator precedence rules in expressions. ```AUTOSAR C++14 Rule M5-0-3``` A cvalue expression shall not be implicitly converted to a different underlying type. ```AUTOSAR C++14 Rule M5-0-4``` An implicit integral conversion shall not change the signedness of the underlying type. ```AUTOSAR C++14 Rule M5-0-5``` There shall be no implicit floating-integral conversions. ```AUTOSAR C++14 Rule M5-0-6``` An implicit integral or floating-point conversion shall not reduce the size of the underlying type. ```AUTOSAR C++14 Rule M5-0-7``` There shall be no explicit floating-integral conversions of a cvalue expression. ```AUTOSAR C++14 Rule M5-0-8``` An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression. ```AUTOSAR C++14 Rule M5-0-9``` An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression. ```AUTOSAR C++14 Rule M5-0-10``` If the bitwise operators ~and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand. ```AUTOSAR C++14 Rule M5-0-11``` The plain char type shall only be used for the storage and use of character values. ```AUTOSAR C++14 Rule M5-0-12``` Signed char and unsigned char type shall only be used for the storage and use of numeric values. ```AUTOSAR C++14 Rule M5-0-14``` The first operand of a conditional-operator shall have type bool. ```AUTOSAR C++14 Rule M5-0-15``` Array indexing shall be the only form of pointer arithmetic. ```AUTOSAR C++14 Rule M5-0-17``` Subtraction between pointers shall only be applied to pointers that address elements of the same array. ```AUTOSAR C++14 Rule M5-0-18``` >, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array. ```AUTOSAR C++14 Rule M5-0-20``` Non-constant operands to a binary bitwise operator shall have the same underlying type. ```AUTOSAR C++14 Rule M5-0-21``` Bitwise operators shall only be applied to operands of unsigned underlying type. `AUTOSAR C++14 Rule A5-1-1` Literal values shall not be used apart from type initialization, otherwise symbolic names shall be used instead. ```AUTOSAR C++14 Rule M5-2-2``` A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast. ```AUTOSAR C++14 Rule M5-2-3``` Casts from a base class to a derived class should not be performed on polymorphic types. ```AUTOSAR C++14 Rule M5-2-6``` A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type. ```AUTOSAR C++14 Rule M5-2-8``` An object with integer type or pointer to void type shall not be converted to an object with pointer type. ```AUTOSAR C++14 Rule M5-2-9``` A cast shall not convert a pointer type to an integral type. ```AUTOSAR C++14 Rule M5-2-10``` The increment (++) and decrement (âˆ’âˆ’) operators shall not be mixed with other operators in an expression. ```AUTOSAR C++14 Rule M5-2-11``` The comma operator, && operator and the || operator shall not be overloaded. ```AUTOSAR C++14 Rule M5-2-12``` An identifier with array type passed as a function argument shall not decay to a pointer. ```AUTOSAR C++14 Rule M5-3-1``` Each operand of the ! operator, the logical && or the logical || operators shall have type bool. ```AUTOSAR C++14 Rule M5-3-2``` The unary minus operator shall not be applied to an expression whose underlying type is unsigned. ```AUTOSAR C++14 Rule M5-3-3``` The unary & operator shall not be overloaded. ```AUTOSAR C++14 Rule M5-3-4``` Evaluation of the operand to the sizeof operator shall not contain side effects. ```AUTOSAR C++14 Rule M5-8-1``` The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand. ```AUTOSAR C++14 Rule M5-14-1``` The right hand operand of a logical &&, || operators shall not contain side effects. ```AUTOSAR C++14 Rule M5-18-1``` The comma operator shall not be used. ```AUTOSAR C++14 Rule M5-19-1``` Evaluation of constant unsigned integer expressions shall not lead to wrap-around. ```AUTOSAR C++14 Rule A6-4-1``` A switch statement shall have at least two case-clauses, distinct from the default label. ```AUTOSAR C++14 Rule A6-5-2``` A for loop shall contain a single loop-counter which shall not have floating-point type. ```AUTOSAR C++14 Rule A6-5-4``` For-init-statement and expression should not perform actions other than loop-counter initialization and modification. ```AUTOSAR C++14 Rule A6-6-1``` The goto statement shall not be used. ```AUTOSAR C++14 Rule M6-2-1``` Assignment operators shall not be used in sub-expressions. ```AUTOSAR C++14 Rule M6-2-2``` Floating-point expressions shall not be directly or indirectly tested for equality or inequality. ```AUTOSAR C++14 Rule M6-2-3``` Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white-space character. ```AUTOSAR C++14 Rule M6-3-1``` The statement forming the body of a switch, while, do ... while or for statement shall be a compound statement. ```AUTOSAR C++14 Rule M6-4-1``` An if ( condition ) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement. ```AUTOSAR C++14 Rule M6-4-2``` All if ... else if constructs shall be terminated with an else clause. ```AUTOSAR C++14 Rule M6-4-3``` A switch statement shall be a well-formed switch statement. ```AUTOSAR C++14 Rule M6-4-4``` A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement. ```AUTOSAR C++14 Rule M6-4-5``` An unconditional throw or break statement shall terminate every non-empty switch-clause. ```AUTOSAR C++14 Rule M6-4-6``` The final clause of a switch statement shall be the default-clause. ```AUTOSAR C++14 Rule M6-4-7``` The condition of a switch statement shall not have bool type. ```AUTOSAR C++14 Rule M6-5-2``` If loop-counter is not modified by âˆ’âˆ’ or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=. ```AUTOSAR C++14 Rule M6-5-3``` The loop-counter shall not be modified within condition or statement. ```AUTOSAR C++14 Rule M6-5-4``` The loop-counter shall be modified by one of: âˆ’âˆ’, ++, âˆ’ = n, or + = n; where n remains constant for the duration of the loop. ```AUTOSAR C++14 Rule M6-5-5``` A loop-control-variable other than the loop-counter shall not be modified within condition or expression. ```AUTOSAR C++14 Rule M6-5-6``` A loop-control-variable other than the loop-counter which is modified in statement shall have type bool. ```AUTOSAR C++14 Rule M6-6-1``` Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement. ```AUTOSAR C++14 Rule M6-6-2``` The goto statement shall jump to a label declared later in the same function body. ```AUTOSAR C++14 Rule M6-6-3``` The continue statement shall only be used within a well-formed for loop. ```AUTOSAR C++14 Rule A7-1-4``` The register keyword shall not be used. `AUTOSAR C++14 Rule A7-1-6` The typedef specifier shall not be used ```AUTOSAR C++14 Rule A7-1-7``` Each expression statement and identifier declaration shall be placed on a separate line. ```AUTOSAR C++14 Rule A7-1-9``` A class, structure, or enumeration shall not be declared in the definition of its type. ```AUTOSAR C++14 Rule A7-2-4``` In an enumeration, either (1) none, (2) the first or (3) all enumerators shall be initialized. ```AUTOSAR C++14 Rule A7-3-1``` All overloads of a function shall be visible from where it is called. ```AUTOSAR C++14 Rule A7-5-1``` A function shall not return a reference or a pointer to a parameter that is passed by reference to const. ```AUTOSAR C++14 Rule A7-5-2``` Functions shall not call themselves, either directly or indirectly. ```AUTOSAR C++14 Rule M7-1-2``` A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified. ```AUTOSAR C++14 Rule M7-3-1``` The global namespace shall only contain main, namespace declarations and extern "C" declarations. ```AUTOSAR C++14 Rule M7-3-2``` The identifier main shall not be used for a function other than the global function main. ```AUTOSAR C++14 Rule M7-3-3``` There shall be no unnamed namespaces in header files. ```AUTOSAR C++14 Rule M7-3-4``` Using-directives shall not be used. ```AUTOSAR C++14 Rule M7-3-6``` Using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files. ```AUTOSAR C++14 Rule M7-4-2``` Assembler instructions shall only be introduced using the asm declaration. ```AUTOSAR C++14 Rule M7-4-3``` Assembly language shall be encapsulated and isolated. ```AUTOSAR C++14 Rule M7-5-1``` A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function. ```AUTOSAR C++14 Rule A8-4-1``` Functions shall not be defined using the ellipsis notation. ```AUTOSAR C++14 Rule A8-4-2``` All exit paths from a function with non-void return type shall have an explicit return statement with an expression. ```AUTOSAR C++14 Rule A8-4-7``` "in" parameters for "cheap to copy" types shall be passed by value. ```AUTOSAR C++14 Rule A8-5-0``` All memory shall be initialized before it is read. ```AUTOSAR C++14 Rule A8-5-1``` In an initialization list, the order of initialization shall be following: (1) virtual base classes in depth and left to right order of the inheritance graph, (2) direct base classes in left to right order of inheritance list, (3) non-static data members in the order they were declared in the class definition. `AUTOSAR C++14 Rule A8-5-2` Braced-initialization {}, without equals sign, shall be used for variable initialization. ```AUTOSAR C++14 Rule M8-0-1``` An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively. ```AUTOSAR C++14 Rule M8-3-1``` Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments. ```AUTOSAR C++14 Rule M8-4-2``` The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration. ```AUTOSAR C++14 Rule M8-4-4``` A function identifier shall either be used to call the function or it shall be preceded by &. ```AUTOSAR C++14 Rule M8-5-2``` Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures. ```AUTOSAR C++14 Rule A9-3-1``` Member functions shall not return non-const "raw" pointers or references to private or protected data owned by the class. ```AUTOSAR C++14 Rule A9-5-1``` Unions shall not be used. ```AUTOSAR C++14 Rule A9-6-1``` Bit-fields shall be either unsigned integral, or enumeration (with underlying type of unsigned integral type). ```AUTOSAR C++14 Rule M9-3-1``` Const member functions shall not return non-const pointers or references to class-data. ```AUTOSAR C++14 Rule M9-3-3``` If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const. ```AUTOSAR C++14 Rule A10-2-1``` Non-virtual member functions shall not be redefined in derived classes. ```AUTOSAR C++14 Rule M10-1-1``` Classes should not be derived from virtual bases. ```AUTOSAR C++14 Rule M10-1-2``` A base class shall only be declared virtual if it is used in a diamond hierarchy. ```AUTOSAR C++14 Rule M10-1-3``` An accessible base class shall not be both virtual and non-virtual in the same hierarchy. ```AUTOSAR C++14 Rule M10-2-1``` All accessible entity names within a multiple inheritance hierarchy should be unique. ```AUTOSAR C++14 Rule M10-3-3``` A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual. `AUTOSAR C++ 14 Rule A11-3-1` Friend declarations shall not be used ```AUTOSAR C++14 Rule M11-0-1``` Member data in non-POD class types shall be private. ```AUTOSAR C++14 Rule A12-1-1``` Constructors shall explicitly initialize all virtual base classes, all direct non-virtual base classes and all non-static data members. ```AUTOSAR C++14 Rule A12-1-4``` All constructors that are callable with a single argument of fundamental type shall be declared explicit. ```AUTOSAR C++14 Rule A12-6-1``` All class data members that are initialized by the constructor shall be initialized using member initializers. ```AUTOSAR C++14 Rule A12-8-5``` A copy assignment and a move assignment operators shall handle self-assignment. ```AUTOSAR C++14 Rule M12-1-1``` An object's dynamic type shall not be used from the body of its constructor or destructor. ```AUTOSAR C++14 Rule A13-2-1``` An assignment operator shall return a reference to "this". ```AUTOSAR C++14 Rule M14-5-3``` A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter. ```AUTOSAR C++14 Rule M14-6-1``` In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this->. ```AUTOSAR C++14 Rule A15-1-2``` An exception object shall not be a pointer. ```AUTOSAR C++14 Rule A15-3-5``` A class type exception shall be caught by reference or const reference. ```AUTOSAR C++14 Rule A15-5-3``` The std::terminate() function shall not be called implicitly. ```AUTOSAR C++14 Rule M15-0-3``` Control shall not be transferred into a try or catch block using a goto or a switch statement. ```AUTOSAR C++14 Rule M15-1-2``` NULL shall not be thrown explicitly. ```AUTOSAR C++14 Rule M15-1-3``` An empty throw (throw;) shall only be used in the compound statement of a catch handler. ```AUTOSAR C++14 Rule M15-3-3``` Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases. ```AUTOSAR C++14 Rule M15-3-6``` Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class. ```AUTOSAR C++14 Rule M15-3-7``` Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last. ```AUTOSAR C++14 Rule A16-2-1``` The ', ", /*, //, \ characters shall not occur in a header file name or in #include directive. ```AUTOSAR C++14 Rule M16-0-1``` #include directives in a file shall only be preceded by other pre-processor directives or comments. ```AUTOSAR C++14 Rule M16-0-2``` Macros shall only be #define'd or #undef'd in the global namespace. ```AUTOSAR C++14 Rule M16-0-5``` Arguments to a function-like macro shall not contain tokens that look like pre-processing directives. ```AUTOSAR C++14 Rule M16-0-6``` In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##. ```AUTOSAR C++14 Rule M16-0-7``` Undefined macro identifiers shall not be used in #if or #elif pre-processor directives, except as operands to the defined operator. ```AUTOSAR C++14 Rule M16-0-8``` If the # token appears as the first token on a line, then it shall be immediately followed by a pre-processing token. ```AUTOSAR C++14 Rule M16-1-1``` The defined pre-processor operator shall only be used in one of the two standard forms. ```AUTOSAR C++14 Rule M16-1-2``` All #else, #elif and #endif pre-processor directives shall reside in the same file as the #if or #ifdef directive to which they are related. ```AUTOSAR C++14 Rule M16-2-3``` Include guards shall be provided. ```AUTOSAR C++14 Rule M16-3-1``` There shall be at most one occurrence of the # or ## operators in a single macro definition. ```AUTOSAR C++14 Rule M16-3-2``` The # and ## operators should not be used. ```AUTOSAR C++14 Rule A17-0-1``` Reserved identifiers, macros and functions in the C++ standard library shall not be defined, redefined or undefined. ```AUTOSAR C++14 Rule M17-0-2``` The names of standard library macros and objects shall not be reused. ```AUTOSAR C++14 Rule M17-0-3``` The names of standard library functions shall not be overridden. ```AUTOSAR C++14 Rule M17-0-5``` The setjmp macro and the longjmp function shall not be used. ```AUTOSAR C++14 Rule A18-0-1``` The C library facilities shall only be accessed through C++ library headers. ```AUTOSAR C++14 Rule A18-0-2``` The error state of a conversion from string to a numeric value shall be checked. ```AUTOSAR C++14 Rule A18-0-3``` The library (locale.h) and the setlocale function shall not be used. `AUTOSAR C++14 Rule A18-5-3` The form of delete operator shall match the form of new operator used to allocate the memory `AUTOSAR C++14 Rule A18-5-4` If a project has sized or unsized version of operator 'delete' globally defined, then both sized and unsized versions shall be defined. ```AUTOSAR C++14 Rule M18-0-3``` The library functions abort, exit, getenv and system from library shall not be used. ```AUTOSAR C++14 Rule M18-0-4``` The time handling functions of library shall not be used. ```AUTOSAR C++14 Rule M18-0-5``` The unbounded functions of library shall not be used. ```AUTOSAR C++14 Rule M18-2-1``` The macro offsetof shall not be used. ```AUTOSAR C++14 Rule M18-7-1``` The signal handling facilities of shall not be used. ```AUTOSAR C++14 Rule M19-3-1``` The error indicator errno shall not be used. `AUTOSAR C++14 Rule A21-8-1` Arguments to character-handling functions shall be representable as an unsigned char. `AUTOSAR C++14 Rule A26-5-1` Pseudorandom numbers shall not be generated using std::rand(). ```AUTOSAR C++14 Rule M27-0-1``` The stream input/output library shall not be used.
##### CERT C++ Rules
 ```CERT C++: DCL30-C``` Declare objects with appropriate storage durations ```CERT C++: DCL39-C``` Avoid information leakage in structure padding ```CERT C++: DCL40-C``` Do not create incompatible declarations of the same function or object ```CERT C++: DCL50-CPP``` Do not define a C-style variadic function ```CERT C++: DCL51-CPP``` Do not declare or define a reserved identifier ```CERT C++: DCL52-CPP``` Never qualify a reference type with const or volatile ```CERT C++: DCL53-CPP``` Do not write syntactically ambiguous declarations ```CERT C++: DCL54-CPP``` Overload allocation and deallocation functions as a pair in the same scope ```CERT C++: DCL57-CPP``` Do not let exceptions escape from destructors or deallocation functions ```CERT C++: DCL60-CPP``` Obey the one-definition rule ```CERT C++: EXP34-C``` Do not dereference null pointers ```CERT C++: EXP35-C``` Do not modify objects with temporary lifetime ```CERT C++: EXP36-C``` Do not cast pointers into more strictly aligned pointer types ```CERT C++: EXP37-C``` Call functions with the correct number and type of arguments ```CERT C++: EXP39-C``` Do not access a variable through a pointer of an incompatible type ```CERT C++: EXP42-C``` Do not compare padding data ```CERT C++: EXP45-C``` Do not perform assignments in selection statements ```CERT C++: EXP46-C``` Do not use a bitwise operator with a Boolean-like operand ```CERT C++: EXP47-C``` Do not call va_arg with an argument of the incorrect type ```CERT C++: EXP50-CPP``` Do not depend on the order of evaluation for side effects ```CERT C++: EXP52-CPP``` Do not rely on side effects in unevaluated operands ```CERT C++: EXP53-CPP``` Do not read uninitialized memory ```CERT C++: EXP54-CPP``` Do not access an object outside of its lifetime ```CERT C++: EXP55-CPP``` Do not access a cv-qualified object through a cv-unqualified type ```CERT C++: EXP57-CPP``` Do not cast or delete pointers to incomplete classes ```CERT C++: EXP58-CPP``` Pass an object of the correct type to va_start ```CERT C++: EXP59-CPP``` Use offsetof() on valid types and members ```CERT C++: INT30-C``` Ensure that unsigned integer operations do not wrap ```CERT C++: INT31-C``` Ensure that integer conversions do not result in lost or misinterpreted data ```CERT C++: INT32-C``` Ensure that operations on signed integers do not result in overflow ```CERT C++: INT33-C``` Ensure that division and remainder operations do not result in divide-by-zero errors ```CERT C++: INT34-C``` Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand ```CERT C++: INT35-C``` Use correct integer precisions ```CERT C++: INT36-C``` Converting a pointer to integer or integer to pointer ```CERT C++: ARR30-C``` Do not form or use out-of-bounds pointers or array subscripts ```CERT C++: ARR37-C``` Do not add or subtract an integer to a pointer to a non-array object ```CERT C++: ARR38-C``` Guarantee that library functions do not form invalid pointers ```CERT C++: ARR39-C``` Do not add or subtract a scaled integer to a pointer ```CERT C++: CTR50-CPP``` Guarantee that container indices and iterators are within the valid range ```CERT C++: STR30-C``` Do not attempt to modify string literals ```CERT C++: STR31-C``` Guarantee that storage for strings has sufficient space for character data and the null terminator ```CERT C++: STR32-C``` Do not pass a non-null-terminated character sequence to a library function that expects a string ```CERT C++: STR34-C``` Cast characters to unsigned char before converting to larger integer sizes ```CERT C++: STR37-C``` Arguments to character-handling functions must be representable as an unsigned char ```CERT C++: STR38-C``` Do not confuse narrow and wide character strings and functions ```CERT C++: STR50-CPP``` Guarantee that storage for strings has sufficient space for character data and the null terminator ```CERT C++: STR53-CPP``` Range check element access ```CERT C++: MEM30-C``` Do not access freed memory ```CERT C++: MEM31-C``` Free dynamically allocated memory when no longer needed ```CERT C++: MEM34-C``` Only free memory allocated dynamically ```CERT C++: MEM35-C``` Allocate sufficient memory for an object ```CERT C++: MEM36-C``` Do not modify the alignment of objects by calling realloc() ```CERT C++: MEM50-CPP``` Do not access freed memory ```CERT C++: MEM51-CPP``` Properly deallocate dynamically allocated resources ```CERT C++: MEM52-CPP``` Detect and handle memory allocation errors ```CERT C++: FIO30-C``` Exclude user input from format strings ```CERT C++: FIO32-C``` Do not perform operations on devices that are only appropriate for files ```CERT C++: FIO34-C``` Distinguish between characters read from a file and EOF or WEOF ```CERT C++: FIO37-C``` Do not assume that fgets() or fgetws() returns a nonempty string when successful ```CERT C++: FIO38-C``` Do not copy a FILE object ```CERT C++: FIO39-C``` Do not alternately input and output from a stream without an intervening flush or positioning call ```CERT C++: FIO40-C``` Reset strings on fgets() or fgetws() failure ```CERT C++: FIO41-C``` Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects ```CERT C++: FIO42-C``` Close files when they are no longer needed ```CERT C++: FIO44-C``` Only use values for fsetpos() that are returned from fgetpos() ```CERT C++: FIO45-C``` Avoid TOCTOU race conditions while accessing files ```CERT C++: FIO46-C``` Do not access a closed file ```CERT C++: FIO47-C``` Use valid format strings ```CERT C++: FIO50-CPP``` Do not alternately input and output from a file stream without an intervening positioning call ```CERT C++: FIO51-CPP``` Close files when they are no longer needed ```CERT C++: ERR30-C``` Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure ```CERT C++: ERR32-C``` Do not rely on indeterminate values of errno ```CERT C++: ERR33-C``` Detect and handle standard library errors ```CERT C++: ERR34-C``` Detect errors when converting a string to a number ```CERT C++: ERR50-CPP``` Do not abruptly terminate the program ```CERT C++: ERR51-CPP``` Handle all exceptions ```CERT C++: ERR52-CPP``` Do not use setjmp() or longjmp() ```CERT C++: ERR53-CPP``` Do not reference base classes or class data members in a constructor or destructor function-try-block handler ```CERT C++: ERR54-CPP``` Catch handlers should order their parameter types from most derived to least derived ```CERT C++: OOP51-CPP``` Do not slice derived objects ```CERT C++: OOP52-CPP``` Do not delete a polymorphic object without a virtual destructor ```CERT C++: OOP54-CPP``` Gracefully handle self-copy assignment ```CERT C++: OOP58-CPP``` Copy operations must not mutate the source object ```CERT C++: CON33-C``` Avoid race conditions when using library functions ```CERT C++: CON37-C``` Do not call signal() in a multithreaded program ```CERT C++: CON40-C``` Do not refer to an atomic variable twice in an expression ```CERT C++: CON41-C``` Wrap functions that can fail spuriously in a loop ```CERT C++: CON43-C``` Do not allow data races in multithreaded code ```CERT C++: CON50-CPP``` Do not destroy a mutex while it is locked ```CERT C++: CON52-CPP``` Prevent data races when accessing bit-fields from multiple threads ```CERT C++: CON53-CPP``` Avoid deadlock by locking in a predefined order ```CERT C++: CON54-CPP``` Wrap functions that can spuriously wake up in a loop ```CERT C++: ENV30-C``` Do not modify the object referenced by the return value of certain functions ```CERT C++: ENV31-C``` Do not rely on an environment pointer following an operation that may invalidate it ```CERT C++: ENV32-C``` All exit handlers must return normally ```CERT C++: ENV33-C``` Do not call system() ```CERT C++: ENV34-C``` Do not store pointers returned by certain functions ```CERT C++: FLP30-C``` Do not use floating-point variables as loop counters ```CERT C++: FLP32-C``` Prevent or detect domain and range errors in math functions ```CERT C++: FLP34-C``` Ensure that floating-point conversions are within range of the new type ```CERT C++: FLP36-C``` Preserve precision when converting integral values to floating-point type ```CERT C++: FLP37-C``` Do not use object representations to compare floating-point values ```CERT C++: MSC30-C``` Do not use the rand() function for generating pseudorandom numbers ```CERT C++: MSC32-C``` Properly seed pseudorandom number generators ```CERT C++: MSC33-C``` Do not pass invalid data to the asctime() function ```CERT C++: MSC37-C``` Ensure that control never reaches the end of a non-void function ```CERT C++: MSC38-C``` Do not treat a predefined identifier as an object if it might only be implemented as a macro ```CERT C++: MSC39-C``` Do not call va_arg() on a va_list that has an indeterminate value ```CERT C++: MSC40-C``` Do not violate constraints ```CERT C++: MSC50-CPP``` Do not use std::rand() for generating pseudorandom numbers ```CERT C++: MSC51-CPP``` Ensure your random number generator is properly seeded ```CERT C++: MSC52-CPP``` Value-returning functions must return a value from all exit paths ```CERT C++: PRE30-C``` Do not create a universal character name through concatenation ```CERT C++: PRE31-C``` Avoid side effects in arguments to unsafe macros ```CERT C++: PRE32-C``` Do not use preprocessor directives in invocations of function-like macros ```CERT C++: SIG31-C``` Do not access shared objects in signal handlers ```CERT C++: SIG34-C``` Do not call signal() from within interruptible signal handlers ```CERT C++: SIG35-C``` Do not return from a computational exception signal handler

#### Code Metrics

 ```Number of Direct Recursions``` Number of instances of a function calling itself directly ```Number of Header Files``` Number of included header files `Number of Files` Number of source files ```Number of Recursions``` Number of call graph cycles over one or more functions `Comment Density` Ratio of number of comments to number of statements ```Estimated Function Coupling``` Measure of complexity between levels of call tree `Number of Lines` Total number of lines in a file ```Number of Lines Without Comment``` Number of lines of code excluding comments ```Cyclomatic Complexity``` Number of linearly independent paths in function body ```Higher Estimate of Local Variable Size``` Total size of all local variables in function `Language Scope` Language scope ```Lower Estimate of Local Variable Size``` Total size of local variables in function taking nested scopes into account ```Number of Call Levels``` Maximum depth of nesting of control flow structures ```Number of Call Occurrences``` Number of calls in function body ```Number of Called Functions``` Number of callees of a function ```Number of Calling Functions``` Number of distinct callers of a function ```Number of Executable Lines``` Number of executable lines in function body ```Number of Function Parameters``` Number of function arguments ```Number of Goto Statements``` Number of goto statements ```Number of Instructions``` Number of instructions per function ```Number of Lines Within Body``` Number of lines in function body ```Number of Local Non-Static Variables``` Total number of local variables in function ```Number of Local Static Variables``` Total number of local static variables in function `Number of Paths` Estimated static path count ```Number of Return Statements``` Number of return statements in a function

Get trial now