Applicable to Android (C Rules/Recomendations)
Rules
- DCL30-C. Declare objects with appropriate storage durations
- DCL31-C. Declare identifiers before using them
- DCL36-C. Do not declare an identifier with conflicting linkage classifications
- DCL37-C. Do not declare or define a reserved identifier
- DCL39-C. Avoid information leakage when passing a structure across a trust boundary
- DCL40-C. Do not create incompatible declarations of the same function or object
- DCL41-C. Do not declare variables inside a switch statement before the first case label
- ENV30-C. Do not modify the object referenced by the return value of certain functions
- ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
- ENV32-C. All exit handlers must return normally
- ENV33-C. Do not call system()
- ENV34-C. Do not store pointers returned by certain functions
- ERR30-C. Take care when reading errno
- ERR32-C. Do not rely on indeterminate values of errno
- ERR33-C. Detect and handle standard library errors
- ERR34-C. Detect errors when converting a string to a number
- EXP30-C. Do not depend on the order of evaluation for side effects
- EXP32-C. Do not access a volatile object through a nonvolatile reference
- EXP33-C. Do not read uninitialized memory
- EXP34-C. Do not dereference null pointers
- EXP37-C. Call functions with the correct number and type of arguments
- EXP39-C. Do not access a variable through a pointer of an incompatible type
- EXP40-C. Do not modify constant objects
- EXP42-C. Do not compare padding data
- EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
- EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
- EXP45-C. Do not perform assignments in selection statements
- EXP46-C. Do not use a bitwise operator with a Boolean-like operand
- FLP30-C. Do not use floating-point variables as loop counters
- INT30-C. Ensure that unsigned integer operations do not wrap
- INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
- INT32-C. Ensure that operations on signed integers do not result in overflow
- INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
- INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
- MEM30-C. Do not access freed memory
- MEM31-C. Free dynamically allocated memory when no longer needed
- MEM34-C. Only free memory allocated dynamically
- MEM35-C. Allocate sufficient memory for an object
- MEM36-C. Do not modify the alignment of objects by calling realloc()
- MSC30-C. Do not use the rand() function for generating pseudorandom numbers
- MSC32-C. Properly seed pseudorandom number generators
- MSC33-C. Do not pass invalid data to the asctime() function
- MSC37-C. Ensure that control never reaches the end of a non-void function
- MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
- MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
- MSC40-C. Do not violate constraints
- PRE30-C. Do not create a universal character name through concatenation
- PRE31-C. Avoid side effects in arguments to unsafe macros
- PRE32-C. Do not use preprocessor directives in invocations of function-like macros
- STR30-C. Do not attempt to modify string literals
- STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
- STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
- STR34-C. Cast characters to unsigned char before converting to larger integer sizes
- STR37-C. Arguments to character-handling functions must be representable as an unsigned char
- STR38-C. Do not confuse narrow and wide character strings and functions
Recommendations
- API00-C. Functions should validate their parameters
- API03-C. Create consistent interfaces and capabilities across related functions
- API04-C. Provide a consistent and usable error-checking mechanism
- API07-C. Enforce type safety
- DCL00-C. Const-qualify immutable objects
- DCL01-C. Do not reuse variable names in subscopes
- DCL02-C. Use visually distinct identifiers
- DCL03-C. Use a static assertion to test the value of a constant expression
- DCL04-C. Do not declare more than one variable per declaration
- DCL05-C. Use typedefs of non-pointer types only
- DCL06-C. Use meaningful symbolic constants to represent literal values
- DCL07-C. Include the appropriate type information in function declarators
- DCL08-C. Properly encode relationships in constant definitions
- DCL09-C. Declare functions that return errno with a return type of errno_t
- DCL10-C. Maintain the contract between the writer and caller of variadic functions
- DCL11-C. Understand the type issues associated with variadic functions
- DCL12-C. Implement abstract data types using opaque types
- DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
- DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
- DCL16-C. Use "L," not "l," to indicate a long value
- DCL17-C. Beware of miscompiled volatile-qualified variables
- DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
- DCL19-C. Minimize the scope of variables and functions
- DCL20-C. Explicitly specify void when a function accepts no arguments
- DCL21-C. Understand the storage of compound literals
- DCL22-C. Use volatile for data that cannot be cached
- DCL23-C. Guarantee that mutually visible identifiers are unique
- ENV01-C. Do not make assumptions about the size of an environment variable
- ENV02-C. Beware of multiple environment variables with the same effective name
- ENV03-C. Sanitize the environment when invoking external programs
- ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
- ERR01-C. Use ferror() rather than errno to check for FILE stream errors
- ERR02-C. Avoid in-band error indicators
- ERR04-C. Choose an appropriate termination strategy
- ERR05-C. Application-independent code should provide error detection without dictating error handling
- ERR06-C. Understand the termination behavior of assert() and abort()
- ERR07-C. Prefer functions that support error checking over equivalent functions that don't
- EXP00-C. Use parentheses for precedence of operation
- EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
- EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members
- EXP05-C. Do not cast away a const qualification
- EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions
- EXP08-C. Ensure pointer arithmetic is used correctly
- EXP09-C. Use sizeof to determine the size of a type or variable
- EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
- EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields
- EXP12-C. Do not ignore values returned by functions
- EXP13-C. Treat relational and equality operators as if they were nonassociative
- EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
- EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
- EXP16-C. Do not compare function pointers to constant values
- EXP19-C. Use braces for the body of an if, for, or while statement
- EXP20-C. Perform explicit tests to determine success, true and false, and equality
- FLP00-C. Understand the limitations of floating-point numbers
- FLP01-C. Take care in rearranging floating-point expressions
- FLP02-C. Avoid using floating-point numbers when precise computation is needed
- FLP03-C. Detect and handle floating-point errors
- INT00-C. Understand the data model used by your implementation(s)
- INT01-C. Use size_t or rsize_t for all integer values representing the size of an object
- INT02-C. Understand integer conversion rules
- INT04-C. Enforce limits on integer values originating from tainted sources
- INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
- INT07-C. Use only explicitly signed or unsigned char type for numeric values
- INT08-C. Verify that all integer values are in range
- INT09-C. Ensure enumeration constants map to unique values
- INT10-C. Do not assume a positive remainder when using the % operator
- INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
- INT13-C. Use bitwise operators only on unsigned operands
- INT14-C. Avoid performing bitwise and arithmetic operations on the same data
- INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
- INT16-C. Do not make assumptions about representation of signed integers
- INT17-C. Define integer constants in an implementation-independent manner
- INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
- MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
- MEM01-C. Store a new value in pointers immediately after free()
- MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
- MEM03-C. Clear sensitive information stored in reusable resources
- MEM04-C. Beware of zero-length allocations
- MEM05-C. Avoid large stack allocations
- MEM06-C. Ensure that sensitive data is not written out to disk
- MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
- MEM10-C. Define and use a pointer validation function
- MEM11-C. Do not assume infinite heap space
- MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
- MSC00-C. Compile cleanly at high warning levels
- MSC01-C. Strive for logical completeness
- MSC04-C. Use comments consistently and in a readable fashion
- MSC05-C. Do not manipulate time_t typed values directly
- MSC06-C. Beware of compiler optimizations
- MSC07-C. Detect and remove dead code
- MSC09-C. Character encoding: Use subset of ASCII for safety
- MSC10-C. Character encoding: UTF8-related issues
- MSC11-C. Incorporate diagnostic tests using assertions
- MSC12-C. Detect and remove code that has no effect or is never executed
- MSC13-C. Detect and remove unused values
- MSC14-C. Do not introduce unnecessary platform dependencies
- MSC15-C. Do not depend on undefined behavior
- MSC17-C. Finish every set of statements associated with a case label with a break statement
- MSC18-C. Be careful while handling sensitive data, such as passwords, in program code