| Checker | Guideline |
| (C++) | EXP34-C. Do not dereference null pointers |
| (C++) | EXP34-C. Do not dereference null pointers |
| (C++) | EXP34-C. Do not dereference null pointers |
| (C++) | EXP34-C. Do not dereference null pointers |
| (C++) | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| (C++) | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| (C++) | MEM30-C. Do not access freed memory |
| (C++) | MEM30-C. Do not access freed memory |
| (C++) | MEM31-C. Free dynamically allocated memory when no longer needed |
| (C++) | CON37-C. Do not call signal() in a multithreaded program |
| (C++) | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| (C++) | MSC32-C. Properly seed pseudorandom number generators |
| alignas-extended | MSC40-C. Do not violate constraints |
| alignof-side-effect | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
| alloc-without-cast | MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
| alloc-without-sizeof | EXP09-C. Use sizeof to determine the size of a type or variable |
| arithmetics-on-time-type | MSC05-C. Do not manipulate time_t typed values directly |
| array-index-range | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| array-index-range | MSC15-C. Do not depend on undefined behavior |
| array-index-range-constant | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| array-size-global | ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer |
| array_out_of_bounds | DCL38-C. Use the correct syntax when declaring a flexible array member |
| array_out_of_bounds | ARR38-C. Guarantee that library functions do not form invalid pointers |
| array_out_of_bounds | API01-C. Avoid laying out strings in memory directly before sensitive data |
| assignment-conditional | EXP45-C. Do not perform assignments in selection statements |
| assignment-to-non-modifiable-lvalue | EXP40-C. Do not modify constant objects |
| assignment-to-non-modifiable-lvalue | MSC40-C. Do not violate constraints |
| bad-enumerator | POS47-C. Do not use threads that can be canceled asynchronously |
| bad-enumerator | POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks |
| bad-function | CON37-C. Do not call signal() in a multithreaded program |
| bad-function | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| bad-function | API04-C. Provide a consistent and usable error-checking mechanism |
| bad-function | ERR06-C. Understand the termination behavior of assert() and abort() |
| bad-function | ERR07-C. Prefer functions that support error checking over equivalent functions that don't |
| bad-function | WIN01-C. Do not forcibly terminate execution |
| bad-function-use | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| bad-function-use | ERR34-C. Detect errors when converting a string to a number |
| bad-function-use | CON33-C. Avoid race conditions when using library functions |
| bad-function-use | MSC33-C. Do not pass invalid data to the asctime() function |
| bad-function-use | API04-C. Provide a consistent and usable error-checking mechanism |
| bad-macro-use | POS47-C. Do not use threads that can be canceled asynchronously |
| bad-macro-use | ERR06-C. Understand the termination behavior of assert() and abort() |
| bad-macro-use | POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks |
| bitfield-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| bitfield-type | INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression |
| bitop-type | INT13-C. Use bitwise operators only on unsigned operands |
| bitop-type | INT16-C. Do not make assumptions about representation of signed integers |
| bitwise-operator-with-boolean-like-operand | EXP46-C. Do not use a bitwise operator with a Boolean-like operand |
| cast-pointer-void-arithmetic-implicit | MSC40-C. Do not violate constraints |
| chained-comparison | EXP13-C. Treat relational and equality operators as if they were nonassociative |
| chained-errno-function-calls | ERR30-C. Take care when reading errno |
| char-sign-conversion | STR34-C. Cast characters to unsigned char before converting to larger integer sizes |
| character-constant | MSC09-C. Character encoding: Use subset of ASCII for safety |
| cnd-mtx-relation | POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable |
| compound-ifelse | EXP19-C. Use braces for the body of an if, for, or while statement |
| compound-loop | EXP19-C. Use braces for the body of an if, for, or while statement |
| constant-call-argument | MSC32-C. Properly seed pseudorandom number generators |
| constant-call-argument | MSC41-C. Never hard code sensitive information |
| constant-expression-wrap-around | INT30-C. Ensure that unsigned integer operations do not wrap |
| csa-call-null-function-pointer | EXP34-C. Do not dereference null pointers |
| csa-call-null-object-pointer | EXP34-C. Do not dereference null pointers |
| csa-division-by-zero | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| csa-double-free | MEM30-C. Do not access freed memory |
| csa-memory-leak | MEM31-C. Free dynamically allocated memory when no longer needed |
| csa-null-dereference | EXP34-C. Do not dereference null pointers |
| csa-null-reference-param | EXP34-C. Do not dereference null pointers |
| csa-stack-address-escape | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| csa-use-after-free | MEM30-C. Do not access freed memory |
| ctype-limits | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
| dangling-pointer-use | MSC15-C. Do not depend on undefined behavior |
| dead-assignemnt | MSC07-C. Detect and remove dead code |
| dead-assignment | MSC12-C. Detect and remove code that has no effect or is never executed |
| dead-assignment | MSC13-C. Detect and remove unused values |
| dead-initializer | MSC07-C. Detect and remove dead code |
| dead-initializer | MSC12-C. Detect and remove code that has no effect or is never executed |
| dead-initializer | MSC13-C. Detect and remove unused values |
| deadlock | CON35-C. Avoid deadlock by locking in a predefined order |
| deadlock | POS51-C. Avoid deadlock with POSIX threads by locking in predefined order |
| deadlock | POS52-C. Do not perform operations that can block while holding a POSIX lock |
| default-construction | MSC32-C. Properly seed pseudorandom number generators |
| distinct-extern | DCL40-C. Do not create incompatible declarations of the same function or object |
| element-type-incomplete | MSC40-C. Do not violate constraints |
| empty-body | EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement |
| empty-parameter-list | DCL20-C. Explicitly specify void when a function accepts no arguments |
| encoding-mismatch | STR10-C. Do not concatenate different type of string literals |
| enum-implicit-value | INT09-C. Ensure enumeration constants map to unique values |
| enum-tag-spelling | MSC09-C. Character encoding: Use subset of ASCII for safety |
| enumeration-constant-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| eof-small-int-comparison | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| eof-small-int-comparison | FIO34-C. Distinguish between characters read from a file and EOF or WEOF |
| errno-reset | ERR30-C. Take care when reading errno |
| errno-test-after-wrong-call | ERR30-C. Take care when reading errno |
| error-information-unused | ERR33-C. Detect and handle standard library errors |
| error-information-unused | POS54-C. Detect and handle POSIX library errors |
| error-information-unused | API04-C. Provide a consistent and usable error-checking mechanism |
| error-information-unused | EXP12-C. Do not ignore values returned by functions |
| error-information-unused-computed | ERR33-C. Detect and handle standard library errors |
| error-information-unused-computed | POS54-C. Detect and handle POSIX library errors |
| error-information-unused-computed | API04-C. Provide a consistent and usable error-checking mechanism |
| error-information-unused-computed | EXP12-C. Do not ignore values returned by functions |
| evaluation-order | EXP30-C. Do not depend on the order of evaluation for side effects |
| evaluation-order | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
| exit-handler-bad-function | ENV32-C. All exit handlers must return normally |
| expanded-side-effect-multiplied | PRE31-C. Avoid side effects in arguments to unsafe macros |
| expanded-side-effect-not-evaluated | PRE31-C. Avoid side effects in arguments to unsafe macros |
| explicit-cast-overflow | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| expression-result-unused | MSC12-C. Detect and remove code that has no effect or is never executed |
| field-overflow-upon-dereference | MSC15-C. Do not depend on undefined behavior |
| field_overflow_upon_dereference | API01-C. Avoid laying out strings in memory directly before sensitive data |
| file-dereference | FIO38-C. Do not copy a FILE object |
| flexible-array-member-assignment | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
| flexible-array-member-declaration | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
| float-comparison | FLP02-C. Avoid using floating-point numbers when precise computation is needed |
| float-division-by-zero | FLP03-C. Detect and handle floating-point errors |
| float-division-by-zero | MSC15-C. Do not depend on undefined behavior |
| fopen-mode | FIO11-C. Take care when specifying the mode parameter of fopen() |
| fopen-s-mode | FIO11-C. Take care when specifying the mode parameter of fopen() |
| for-loop-float | FLP30-C. Do not use floating-point variables as loop counters |
| format-string-excessive-arguments | FIO47-C. Use valid format strings |
| format-string-mismatched-arguments | FIO47-C. Use valid format strings |
| function-argument-with-padding | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| function-like-macro-expansion | PRE00-C. Prefer inline or static functions to function-like macros |
| function-like-macro-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| function-name-constant-comparison | EXP16-C. Do not compare function pointers to constant values |
| function-pointer-incompatible-return-type | MSC15-C. Do not depend on undefined behavior |
| function-pointer-integer-cast | INT36-C. Converting a pointer to integer or integer to pointer |
| function-pointer-integer-cast-implicit | INT36-C. Converting a pointer to integer or integer to pointer |
| function-pointer-integer-cast-implicit | MSC40-C. Do not violate constraints |
| function-prototype | DCL07-C. Include the appropriate type information in function declarators |
| function-return-type | DCL31-C. Declare identifiers before using them |
| function-return-type | MSC40-C. Do not violate constraints |
| future-library-use | DCL37-C. Do not declare or define a reserved identifier |
| generic-selection-side-effect | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
| global-function-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| global-object-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| global-object-name-const | MSC09-C. Character encoding: Use subset of ASCII for safety |
| global-object-scope | DCL15-C. Declare file-scope objects or functions that do not need external linkage as static |
| global-object-scope | DCL19-C. Minimize the scope of variables and functions |
| header-filename | MSC09-C. Character encoding: Use subset of ASCII for safety |
| identifier-hidden | DCL01-C. Do not reuse variable names in subscopes |
| implementation-filename | MSC09-C. Character encoding: Use subset of ASCII for safety |
| implicit-function-declaration | DCL31-C. Declare identifiers before using them |
| implicit-function-declaration | DCL07-C. Include the appropriate type information in function declarators |
| imprecise-int-to-float-cast | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| imprecise-int-to-float-cast | FLP36-C. Preserve precision when converting integral values to floating-point type |
| imprecise-int-to-float-conversion | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| imprecise-int-to-float-conversion | FLP36-C. Preserve precision when converting integral values to floating-point type |
| inappropriate-pointer-cast | EXP39-C. Do not access a variable through a pointer of an incompatible type |
| inappropriate-pointer-cast-implicit | EXP39-C. Do not access a variable through a pointer of an incompatible type |
| inappropriate-pointer-cast-implicit | MSC40-C. Do not violate constraints |
| include-guard-missing | PRE06-C. Enclose header files in an include guard |
| include-guard-pragma-once | PRE06-C. Enclose header files in an include guard |
| incompatible-argument-type | EXP37-C. Call functions with the correct number and type of arguments |
| incompatible-argument-type | MSC15-C. Do not depend on undefined behavior |
| incompatible-function-pointer-conversion | MSC40-C. Do not violate constraints |
| incompatible-object-pointer-conversion | MSC40-C. Do not violate constraints |
| initializer-excess | MSC40-C. Do not violate constraints |
| initializer-excess | STR11-C. Do not specify the bound of a character array initialized with a string literal |
| int-division-by-zero | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| int-division-by-zero | MSC15-C. Do not depend on undefined behavior |
| int-modulo-by-zero | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| int-modulo-by-zero | MSC15-C. Do not depend on undefined behavior |
| int-undefined-modulo | MSC15-C. Do not depend on undefined behavior |
| integer-overflow | INT30-C. Ensure that unsigned integer operations do not wrap |
| integer-overflow | INT32-C. Ensure that operations on signed integers do not result in overflow |
| integer-overflow | INT08-C. Verify that all integer values are in range |
| internal-and-external-linkage | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| internal-and-external-linkage | MSC15-C. Do not depend on undefined behavior |
| invalid-array-size | MSC40-C. Do not violate constraints |
| invalid-format-string | FIO47-C. Use valid format strings |
| invalid-free | MEM30-C. Do not access freed memory |
| invalid-free | MEM34-C. Only free memory allocated dynamically |
| invalid-function-pointer | MSC15-C. Do not depend on undefined behavior |
| invalid-pointer-arithmetics | MSC15-C. Do not depend on undefined behavior |
| invalid-thread-operation | CON39-C. Do not join or detach a thread that was previously joined or detached |
| invalidated-system-pointer-use | ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it |
| language-override | DCL37-C. Do not declare or define a reserved identifier |
| language-undefine | DCL37-C. Do not declare or define a reserved identifier |
| left-shift-negative-first-argument | MSC15-C. Do not depend on undefined behavior |
| literal-assignment | STR05-C. Use pointers to const when referring to string literals |
| local-object-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| local-object-name-const | MSC09-C. Character encoding: Use subset of ASCII for safety |
| local-object-scope | DCL19-C. Minimize the scope of variables and functions |
| local-static-object-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| local-static-object-name-const | MSC09-C. Character encoding: Use subset of ASCII for safety |
| logop-side-effect | EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators |
| long-suffix | DCL16-C. Use "L," not "l," to indicate a long value |
| macro-argument-hash | PRE32-C. Do not use preprocessor directives in invocations of function-like macros |
| macro-final-semicolon | PRE11-C. Do not conclude macro definitions with a semicolon |
| macro-function-like | PRE00-C. Prefer inline or static functions to function-like macros |
| macro-function-like-strict | PRE00-C. Prefer inline or static functions to function-like macros |
| macro-parameter-multiplied | PRE12-C. Do not define unsafe macros |
| macro-parameter-parentheses | PRE01-C. Use parentheses within macros around parameter names |
| macro-parameter-unused | PRE12-C. Do not define unsafe macros |
| malloc-size-insufficient | MEM35-C. Allocate sufficient memory for an object |
| memcmp-with-float | FLP37-C. Do not use object representations to compare floating-point values |
| memcpy-with-padding | EXP42-C. Do not compare padding data |
| misaligned-dereference | MSC15-C. Do not depend on undefined behavior |
| missing-else | MSC01-C. Strive for logical completeness |
| mmline-comment | MSC04-C. Use comments consistently and in a readable fashion |
| multi-declaration | DCL04-C. Do not declare more than one variable per declaration |
| multiple-atomic-accesses | CON40-C. Do not refer to an atomic variable twice in an expression |
| multiple-volatile-accesses | EXP30-C. Do not depend on the order of evaluation for side effects |
| multiple-volatile-accesses | EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place |
| non-boolean-condition | EXP20-C. Perform explicit tests to determine success, true and false, and equality |
| non-constant-static-assert | MSC40-C. Do not violate constraints |
| null-dereferencing | EXP34-C. Do not dereference null pointers |
| null-dereferencing | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| null-dereferencing | MSC15-C. Do not depend on undefined behavior |
| object-like-macro-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| object-pointer-diff-cast | EXP39-C. Do not access a variable through a pointer of an incompatible type |
| object-pointer-diff-cast-implicit | EXP39-C. Do not access a variable through a pointer of an incompatible type |
| octal-constant | DCL18-C. Do not begin integer constants with 0 when specifying a decimal value |
| offset-overflow | MSC15-C. Do not depend on undefined behavior |
| overflow-upon-dereference | MSC15-C. Do not depend on undefined behavior |
| parameter-match | EXP37-C. Call functions with the correct number and type of arguments |
| parameter-match-computed | EXP37-C. Call functions with the correct number and type of arguments |
| parameter-match-type | EXP37-C. Call functions with the correct number and type of arguments |
| parameter-match-type | MSC40-C. Do not violate constraints |
| parameter-missing-const | DCL00-C. Const-qualify immutable objects |
| parameter-missing-const | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
| pointer-cast-alignment | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| pointer-comparison | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| pointer-comparison | MSC15-C. Do not depend on undefined behavior |
| pointer-integral-cast | INT36-C. Converting a pointer to integer or integer to pointer |
| pointer-integral-cast-implicit | INT36-C. Converting a pointer to integer or integer to pointer |
| pointer-integral-cast-implicit | MSC40-C. Do not violate constraints |
| pointer-qualifier-cast-const | EXP40-C. Do not modify constant objects |
| pointer-qualifier-cast-const | EXP05-C. Do not cast away a const qualification |
| pointer-qualifier-cast-const-implicit | EXP40-C. Do not modify constant objects |
| pointer-qualifier-cast-const-implicit | MSC40-C. Do not violate constraints |
| pointer-qualifier-cast-const-implicit | EXP05-C. Do not cast away a const qualification |
| pointer-qualifier-cast-volatile | EXP32-C. Do not access a volatile object through a nonvolatile reference |
| pointer-qualifier-cast-volatile-implicit | EXP32-C. Do not access a volatile object through a nonvolatile reference |
| pointer-qualifier-cast-volatile-implicit | MSC40-C. Do not violate constraints |
| pointer-subtraction | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| pointer-subtraction | MSC15-C. Do not depend on undefined behavior |
| pointer-typedef | DCL05-C. Use typedefs of non-pointer types only |
| pointered-deallocation | DCL30-C. Declare objects with appropriate storage durations |
| pointered-deallocation | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| precision-shift-width | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| precision-shift-width | INT35-C. Use correct integer precisions |
| precision-shift-width-constant | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| precision-shift-width-constant | INT35-C. Use correct integer precisions |
| putenv-arg-local | POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument |
| read-data-race | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
| read_data_race | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
| read_data_race | CON43-C. Do not allow data races in multithreaded code |
| redeclaration | MSC40-C. Do not violate constraints |
| redundant-operation | MSC12-C. Detect and remove code that has no effect or is never executed |
| reserved-declaration | DCL37-C. Do not declare or define a reserved identifier |
| reserved-identifier | DCL37-C. Do not declare or define a reserved identifier |
| restrict | EXP43-C. Avoid undefined behavior when using restrict-qualified pointers |
| return-empty | MSC40-C. Do not violate constraints |
| return-implicit | MSC37-C. Ensure that control never reaches the end of a non-void function |
| return-implicit | MSC15-C. Do not depend on undefined behavior |
| return-non-empty | MSC40-C. Do not violate constraints |
| return-reference-local | DCL30-C. Declare objects with appropriate storage durations |
| return-reference-local | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| scaled-pointer-arithmetic | ARR39-C. Do not add or subtract a scaled integer to a pointer |
| scanf-string-to-number | ERR34-C. Detect errors when converting a string to a number |
| side-effect-not-expanded | PRE31-C. Avoid side effects in arguments to unsafe macros |
| signal-handler-shared-access | SIG31-C. Do not access shared objects in signal handlers |
| signal-handler-signal-call | SIG34-C. Do not call signal() from within interruptible signal handlers |
| signal-handler-unsafe-call | SIG30-C. Call only asynchronous-safe functions within signal handlers |
| sizeof | EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic |
| sizeof-array-parameter | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array |
| sline-comment | MSC04-C. Use comments consistently and in a readable fashion |
| sline-splicing | MSC04-C. Use comments consistently and in a readable fashion |
| smline-comment | MSC04-C. Use comments consistently and in a readable fashion |
| statement-sideeffect | MSC12-C. Detect and remove code that has no effect or is never executed |
| static-assert | MSC40-C. Do not violate constraints |
| static-function-declaration | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| static-function-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| static-object-declaration | DCL36-C. Do not declare an identifier with conflicting linkage classifications |
| static-object-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| static-object-name-const | MSC09-C. Character encoding: Use subset of ASCII for safety |
| stdlib-array-size | ARR38-C. Guarantee that library functions do not form invalid pointers |
| stdlib-const-pointer-assign | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| stdlib-limits | FLP32-C. Prevent or detect domain and range errors in math functions |
| stdlib-macro-ato | MSC24-C. Do not use deprecated or obsolescent functions |
| stdlib-macro-atoll | MSC24-C. Do not use deprecated or obsolescent functions |
| stdlib-string-size | ARR38-C. Guarantee that library functions do not form invalid pointers |
| stdlib-string-size | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| stdlib-string-termination | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| stdlib-use-ato | MSC24-C. Do not use deprecated or obsolescent functions |
| stdlib-use-atoll | MSC24-C. Do not use deprecated or obsolescent functions |
| stdlib-use-rand | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| stdlib-use-signal | CON37-C. Do not call signal() in a multithreaded program |
| stdlib-use-system | ENV33-C. Do not call system() |
| strcpy-limits | ARR38-C. Guarantee that library functions do not form invalid pointers |
| strcpy-limits | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| stream-argument-with-side-effects | FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
| string-initializer-null | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| string-initializer-null | STR11-C. Do not specify the bound of a character array initialized with a string literal |
| string-literal | MSC09-C. Character encoding: Use subset of ASCII for safety |
| string-literal-modfication | STR30-C. Do not attempt to modify string literals |
| struct-member-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| struct-tag-spelling | MSC09-C. Character encoding: Use subset of ASCII for safety |
| Supported | FIO46-C. Do not access a closed file |
| Supported | ERR32-C. Do not rely on indeterminate values of errno |
| Supported | API00-C. Functions should validate their parameters |
| Supported | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
| Supported | INT02-C. Understand integer conversion rules |
| Supported by stubbing/taint analysis | STR02-C. Sanitize data passed to complex subsystems |
| Supported by taint analysis | INT04-C. Enforce limits on integer values originating from tainted sources |
| Supported indirectly via MISRA C:2004 rule 6.1. | STR04-C. Use plain char for characters in the basic character set |
| Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1. | STR00-C. Represent characters using an appropriate type |
| Supported indirectly via MISRA C:2004 Rule 17.4. | ARR37-C. Do not add or subtract an integer to a pointer to a non-array object |
| Supported indirectly via MISRA C:2012 rule 10.1. | STR09-C. Don't assume numeric values for expressions with type plain character |
| Supported indirectly via MISRA C:2012 Rules 5.1, 5.2, 5.3, 5.4 and 5.5. | DCL23-C. Guarantee that mutually visible identifiers are unique |
| Supported indirectly via MISRA C:2012 rules 10.1, 10.3 and 10.4. | INT07-C. Use only explicitly signed or unsigned char type for numeric values |
| Supported via stubbing/taint analysis | FIO30-C. Exclude user input from format strings |
| Supported, but no explicit checker | MEM36-C. Do not modify the alignment of objects by calling realloc() |
| Supported, but no explicit checker | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| Supported, but no explicit checker | FIO42-C. Close files when they are no longer needed |
| Supported, but no explicit checker | CON30-C. Clean up thread-specific storage |
| Supported, but no explicit checker | CON31-C. Do not destroy a mutex while it is locked |
| Supported, but no explicit checker | MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro |
| Supported, but no explicit checker | CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction |
| Supported, but no explicit checker | CON06-C. Ensure that every mutex outlives the data it protects |
| Supported, but no explicit checker | DCL10-C. Maintain the contract between the writer and caller of variadic functions |
| Supported, but no explicit checker | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| Supported, but no explicit checker | MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap |
| Supported, but no explicit checker | PRE09-C. Do not replace secure functions with deprecated or obsolescent functions |
| Supported. Astrée reports runtime errors resulting from the misuse of compound literals. | DCL21-C. Understand the storage of compound literals |
| Supported: Astrée reports accesses outside the bounds of allocated memory. | EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members |
| Supported: Astrée reports non-standard language elements. | MSC23-C. Beware of vendor-specific library and language differences |
| Supported: Astrée reports potential infinite loops. | MSC21-C. Use robust loop termination conditions |
| Supported: Astrée reports potential runtime error resulting from missing checks for exceptional values. | FLP04-C. Check floating-point inputs for exceptional values |
| Supported: Astrée reports potential runtime errors resulting from invalid pointer arithmetics. | EXP08-C. Ensure pointer arithmetic is used correctly |
| Supported: Astrée reports runtime errors resulting from invalid assumptions. | EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields |
| Supported: Astrée reports usage of invalid pointers. | MEM01-C. Store a new value in pointers immediately after free() |
| Supported: Can be checked with appropriate analysis stubs. | POS30-C. Use the readlink() function properly |
| Supported: Can be checked with appropriate analysis stubs. | WIN30-C. Properly pair allocation and deallocation functions |
| Supported: This rule aims to prevent truncations and overflows. All possible overflows are reported by Astrée. | FLP06-C. Convert integers to floating point for floating-point operations |
| switch-clause-break | MSC17-C. Finish every set of statements associated with a case label with a break statement |
| switch-clause-break-continue | MSC17-C. Finish every set of statements associated with a case label with a break statement |
| switch-clause-break-return | MSC17-C. Finish every set of statements associated with a case label with a break statement |
| switch-default | MSC01-C. Strive for logical completeness |
| switch-label | MSC20-C. Do not use a switch statement to transfer control into a complex block |
| switch-skipped-code | DCL41-C. Do not declare variables inside a switch statement before the first case label |
| taint_sink | POS39-C. Use the correct byte ordering when transferring data between systems |
| temporary-object-modification | EXP35-C. Do not modify objects with temporary lifetime |
| temporary-object-modification | MSC15-C. Do not depend on undefined behavior |
| thread-resource-storage-duration | CON34-C. Declare objects shared between threads with appropriate storage durations |
| trigraph | PRE07-C. Avoid using repeated question marks |
| type-compatibility | DCL40-C. Do not create incompatible declarations of the same function or object |
| type-compatibility | MSC40-C. Do not violate constraints |
| type-compatibility-link | DCL40-C. Do not create incompatible declarations of the same function or object |
| type-compatibility-link | MSC40-C. Do not violate constraints |
| type-specifier | DCL31-C. Declare identifiers before using them |
| type-specifier | MSC40-C. Do not violate constraints |
| typedef-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| undeclared-parameter | DCL31-C. Declare identifiers before using them |
| undeclared-parameter | MSC40-C. Do not violate constraints |
| undefined-shift-width | MSC15-C. Do not depend on undefined behavior |
| uninitialized-local-read | EXP33-C. Do not read uninitialized memory |
| uninitialized-variable-use | EXP33-C. Do not read uninitialized memory |
| uninitialized-variable-use | MSC15-C. Do not depend on undefined behavior |
| union-member-name | MSC09-C. Character encoding: Use subset of ASCII for safety |
| union-tag-spelling | MSC09-C. Character encoding: Use subset of ASCII for safety |
| universal-character-name-concatenation | PRE30-C. Do not create a universal character name through concatenation |
| unnamed-parameter | MSC40-C. Do not violate constraints |
| unreachable-code | MSC12-C. Detect and remove code that has no effect or is never executed |
| unreachable-code-after-jump | MSC12-C. Detect and remove code that has no effect or is never executed |
| unused-function | MSC12-C. Detect and remove code that has no effect or is never executed |
| unused-local-variable | MSC13-C. Detect and remove unused values |
| unused-parameter | MSC13-C. Detect and remove unused values |
| user_defined | POS35-C. Avoid race conditions while checking for the existence of a symbolic link |
| user_defined | POS36-C. Observe correct revocation order while relinquishing privileges |
| user_defined | POS37-C. Ensure that privilege relinquishment is successful |
| variable-array-length | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
| wide-narrow-string-cast | STR38-C. Do not confuse narrow and wide character strings and functions |
| wide-narrow-string-cast-implicit | STR38-C. Do not confuse narrow and wide character strings and functions |
| write-data-race | POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed |
| write-to-constant-memory | EXP40-C. Do not modify constant objects |
| write-to-constant-memory | MSC15-C. Do not depend on undefined behavior |
| write-to-string-literal | STR30-C. Do not attempt to modify string literals |
| write_data_race | CON32-C. Prevent data races when accessing bit-fields from multiple threads |
| write_data_race | CON43-C. Do not allow data races in multithreaded code |
| zero-size-alloc | MEM04-C. Beware of zero-length allocations |