CERT C++ Regeln
CERT C++ ist eine Sammlung von Code-Anleitungen für Software-Entwickler. Sie konzentriert sich auf das sichere Codieren in der Sprache C++. Die Anleitungen helfen dabei, Konstrukte mit undefiniertem Verhalten zu eliminieren, die zur Laufzeit zu unerwarteten Ergebnissen führen und Sicherheitslücken darstellen können. Näheres dazu, inwiefern CERT C++ Regeln und in Polyspace abgedeckt sind, finden Sie unter Polyspace Support for Coding Standards. Polyspace Kann Ihren Code auf Einhaltung der CERT C++ Regeln überprüfen. Verwenden Sie die Analyseoption Check SEI CERT-C++ (-cert-cpp)
, um Untergruppen der Regeln zu aktivieren.
Polyspace-Ergebnisse
CERT C++: DCL30-C | Declare objects with appropriate storage durations |
CERT C++: DCL39-C | Avoid information leakage in structure padding |
CERT C++: DCL40-C | Do not create incompatible declarations of the same function or object |
CERT C++: DCL50-CPP | Do not define a C-style variadic function |
CERT C++: DCL51-CPP | Do not declare or define a reserved identifier |
CERT C++: DCL52-CPP | Never qualify a reference type with const or volatile |
CERT C++: DCL53-CPP | Do not write syntactically ambiguous declarations |
CERT C++: DCL54-CPP | Overload allocation and deallocation functions as a pair in the same scope |
CERT C++:DCL55-CPP | Avoid information leakage when passing a class object across a trust boundary (Seit R2022b) |
CERT C++:DCL56-CPP | Avoid cycles during initialization of static objects (Seit R2022b) |
CERT C++: DCL57-CPP | Do not let exceptions escape from destructors or deallocation functions |
CERT C++:DCL58-CPP | Do not modify the standard namespaces |
CERT C++:DCL59-CPP | Do not define an unnamed namespace in a header file |
CERT C++: DCL60-CPP | Obey the one-definition rule |
CERT C++: EXP34-C | Do not dereference null pointers |
CERT C++: EXP35-C | Do not modify objects with temporary lifetime |
CERT C++: EXP36-C | Do not cast pointers into more strictly aligned pointer types |
CERT C++: EXP37-C | Call functions with the correct number and type of arguments |
CERT C++: EXP39-C | Do not access a variable through a pointer of an incompatible type |
CERT C++: EXP42-C | Do not compare padding data |
CERT C++: EXP45-C | Do not perform assignments in selection statements |
CERT C++: EXP46-C | Do not use a bitwise operator with a Boolean-like operand |
CERT C++: EXP47-C | Do not call va_arg with an argument of the incorrect type |
CERT C++: EXP50-CPP | Do not depend on the order of evaluation for side effects |
CERT C++:EXP51-CPP | Do not delete an array through a pointer of the incorrect type (Seit R2022b) |
CERT C++: EXP52-CPP | Do not rely on side effects in unevaluated operands |
CERT C++: EXP53-CPP | Do not read uninitialized memory |
CERT C++: EXP54-CPP | Do not access an object outside of its lifetime |
CERT C++: EXP55-CPP | Do not access a cv-qualified object through a cv-unqualified type |
CERT C++:EXP56-CPP | Do not call a function with a mismatched language linkage (Seit R2023b) |
CERT C++: EXP57-CPP | Do not cast or delete pointers to incomplete classes |
CERT C++: EXP58-CPP | Pass an object of the correct type to va_start |
CERT C++: EXP59-CPP | Use offsetof() on valid types and members |
CERT C++:EXP60-CPP | Do not pass a nonstandard-layout type object across execution boundaries (Seit R2023b) |
CERT C++:EXP61-CPP | A lambda object must not outlive any of its reference captured objects |
CERT C++:EXP62-CPP | Do not access the bits of an object representation that are not part of the object's value representation (Seit R2022b) |
CERT C++:EXP63-CPP | Do not rely on the value of a moved-from object (Seit R2021a) |
CERT C++: INT30-C | Ensure that unsigned integer operations do not wrap |
CERT C++: INT31-C | Ensure that integer conversions do not result in lost or misinterpreted data |
CERT C++: INT32-C | Ensure that operations on signed integers do not result in overflow |
CERT C++: INT33-C | Ensure that division and remainder operations do not result in divide-by-zero errors |
CERT C++: INT34-C | Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
CERT C++: INT35-C | Use correct integer precisions |
CERT C++: INT36-C | Converting a pointer to integer or integer to pointer |
CERT C++:INT50-CPP | Do not cast to an out-of-range enumeration value (Seit R2023b) |
CERT C++: ARR30-C | Do not form or use out-of-bounds pointers or array subscripts |
CERT C++: ARR37-C | Do not add or subtract an integer to a pointer to a non-array object |
CERT C++: ARR38-C | Guarantee that library functions do not form invalid pointers |
CERT C++: ARR39-C | Do not add or subtract a scaled integer to a pointer |
CERT C++: CTR50-CPP | Guarantee that container indices and iterators are within the valid range |
CERT C++:CTR51-CPP | Use valid references, pointers, and iterators to reference elements of a container (Seit R2022a) |
CERT C++:CTR52-CPP | Guarantee that library functions do not overflow (Seit R2022b) |
CERT C++:CTR53-CPP | Use valid iterator ranges (Seit R2022b) |
CERT C++:CTR54-CPP | Do not subtract iterators that do not refer to the same container (Seit R2022b) |
CERT C++:CTR55-CPP | Do not use an additive operator on an iterator if the result would overflow (Seit R2022b) |
CERT C++:CTR56-CPP | Do not use pointer arithmetic on polymorphic objects (Seit R2023a) |
CERT C++:CTR57-CPP | Provide a valid ordering predicate (Seit R2022a) |
CERT C++:CTR58-CPP | Predicate function objects should not be mutable (Seit R2022a) |
CERT C++: STR30-C | Do not attempt to modify string literals |
CERT C++: STR31-C | Guarantee that storage for strings has sufficient space for character data and the null terminator |
CERT C++: STR32-C | Do not pass a non-null-terminated character sequence to a library function that expects a string |
CERT C++: STR34-C | Cast characters to unsigned char before converting to larger integer sizes |
CERT C++: STR37-C | Arguments to character-handling functions must be representable as an unsigned char |
CERT C++: STR38-C | Do not confuse narrow and wide character strings and functions |
CERT C++: STR50-CPP | Guarantee that storage for strings has sufficient space for character data and the null terminator |
CERT C++:STR51-CPP | Do not attempt to create a std::string from a null pointer (Seit R2022b) |
CERT C++:STR52-CPP | Use valid references, pointers, and iterators to reference elements of a basic_string (Seit R2022b) |
CERT C++: STR53-CPP | Range check element access |
CERT C++: MEM30-C | Do not access freed memory |
CERT C++: MEM31-C | Free dynamically allocated memory when no longer needed |
CERT C++: MEM34-C | Only free memory allocated dynamically |
CERT C++: MEM35-C | Allocate sufficient memory for an object |
CERT C++: MEM36-C | Do not modify the alignment of objects by calling realloc() |
CERT C++: MEM50-CPP | Do not access freed memory |
CERT C++: MEM51-CPP | Properly deallocate dynamically allocated resources |
CERT C++: MEM52-CPP | Detect and handle memory allocation errors |
CERT C++:MEM53-CPP | Explicitly construct and destruct objects when manually managing object lifetime (Seit R2022b) |
CERT C++: MEM54-CPP | Provide placement new with properly aligned pointers to sufficient storage capacity |
CERT C++: MEM55-CPP | Honor replacement dynamic storage management requirements |
CERT C++: MEM56-CPP | Do not store an already-owned pointer value in an unrelated smart pointer (Seit R2021a) |
CERT C++: MEM57-CPP | Avoid using default operator new for over-aligned types |
CERT C++: FIO30-C | Exclude user input from format strings |
CERT C++: FIO32-C | Do not perform operations on devices that are only appropriate for files |
CERT C++: FIO34-C | Distinguish between characters read from a file and EOF or WEOF |
CERT C++: FIO37-C | Do not assume that fgets() or fgetws() returns a nonempty string when successful |
CERT C++: FIO38-C | Do not copy a FILE object |
CERT C++: FIO39-C | Do not alternately input and output from a stream without an intervening flush or positioning call |
CERT C++: FIO40-C | Reset strings on fgets() or fgetws() failure |
CERT C++: FIO41-C | Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects |
CERT C++: FIO42-C | Close files when they are no longer needed |
CERT C++: FIO44-C | Only use values for fsetpos() that are returned from fgetpos() |
CERT C++: FIO45-C | Avoid TOCTOU race conditions while accessing files |
CERT C++: FIO46-C | Do not access a closed file |
CERT C++: FIO47-C | Use valid format strings |
CERT C++: FIO50-CPP | Do not alternately input and output from a file stream without an intervening positioning call |
CERT C++: FIO51-CPP | Close files when they are no longer needed |
CERT C++: ERR30-C | Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure |
CERT C++: ERR32-C | Do not rely on indeterminate values of errno |
CERT C++: ERR33-C | Detect and handle standard library errors |
CERT C++: ERR34-C | Detect errors when converting a string to a number |
CERT C++: ERR50-CPP | Do not abruptly terminate the program |
CERT C++: ERR51-CPP | Handle all exceptions |
CERT C++: ERR52-CPP | Do not use setjmp() or longjmp() |
CERT C++: ERR53-CPP | Do not reference base classes or class data members in a constructor or destructor function-try-block handler |
CERT C++: ERR54-CPP | Catch handlers should order their parameter types from most derived to least derived |
CERT C++:ERR55-CPP | Honor exception specifications |
CERT C++:ERR56-CPP | Guarantee exception safety (Seit R2022a) |
CERT C++:ERR57-CPP | Do not leak resources when handling exceptions (Seit R2021a) |
CERT C++:ERR58-CPP | Handle all exceptions thrown before main() begins executing |
CERT C++:ERR59-CPP | Do not throw an exception across execution boundaries (Seit R2022b) |
CERT C++:ERR60-CPP | Exception objects must be nothrow copy constructible (Seit R2021a) |
CERT C++: ERR61-CPP | Catch exceptions by lvalue reference |
CERT C++:ERR62-CPP | Detect errors when converting a string to a number (Seit R2023b) |
CERT C++:OOP50-CPP | Do not invoke virtual functions from constructors or destructors (Seit R2021a) |
CERT C++: OOP51-CPP | Do not slice derived objects |
CERT C++: OOP52-CPP | Do not delete a polymorphic object without a virtual destructor |
CERT C++:OOP53-CPP | Write constructor member initializers in the canonical order |
CERT C++: OOP54-CPP | Gracefully handle self-copy assignment |
CERT C++: OOP55-CPP | Do not use pointer-to-member operators to access nonexistent members (Seit R2022a) |
CERT C++:OOP56-CPP | Honor replacement handler requirements (Seit R2023b) |
CERT C++: OOP57-CPP | Prefer special member functions and overloaded operators to C Standard Library functions |
CERT C++: OOP58-CPP | Copy operations must not mutate the source object |
CERT C++: CON33-C | Avoid race conditions when using library functions |
CERT C++: CON37-C | Do not call signal() in a multithreaded program |
CERT C++: CON40-C | Do not refer to an atomic variable twice in an expression |
CERT C++: CON41-C | Wrap functions that can fail spuriously in a loop |
CERT C++: CON43-C | Do not allow data races in multithreaded code |
CERT C++: CON50-CPP | Do not destroy a mutex while it is locked |
CERT C++: CON51-CPP | Ensure actively held locks are released on exceptional conditions (Seit R2023b) |
CERT C++: CON52-CPP | Prevent data races when accessing bit-fields from multiple threads |
CERT C++: CON53-CPP | Avoid deadlock by locking in a predefined order |
CERT C++: CON54-CPP | Wrap functions that can spuriously wake up in a loop |
CERT C++: CON55-CPP | Preserve thread safety and liveness when using condition variables (Seit R2023b) |
CERT C++: CON56-CPP | Do not speculatively lock a non-recursive mutex that is already owned by the calling thread (Seit R2023b) |
CERT C++: ENV30-C | Do not modify the object referenced by the return value of certain functions |
CERT C++: ENV31-C | Do not rely on an environment pointer following an operation that may invalidate it |
CERT C++: ENV32-C | All exit handlers must return normally |
CERT C++: ENV33-C | Do not call system() |
CERT C++: ENV34-C | Do not store pointers returned by certain functions |
CERT C++: FLP30-C | Do not use floating-point variables as loop counters |
CERT C++: FLP32-C | Prevent or detect domain and range errors in math functions |
CERT C++: FLP34-C | Ensure that floating-point conversions are within range of the new type |
CERT C++: FLP36-C | Preserve precision when converting integral values to floating-point type |
CERT C++: FLP37-C | Do not use object representations to compare floating-point values |
CERT C++: MSC30-C | Do not use the rand() function for generating pseudorandom numbers |
CERT C++: MSC32-C | Properly seed pseudorandom number generators |
CERT C++: MSC33-C | Do not pass invalid data to the asctime() function |
CERT C++: MSC37-C | Ensure that control never reaches the end of a non-void function |
CERT C++: MSC38-C | Do not treat a predefined identifier as an object if it might only be implemented as a macro |
CERT C++: MSC39-C | Do not call va_arg() on a va_list that has an indeterminate value |
CERT C++: MSC40-C | Do not violate constraints |
CERT C++:MSC41-C | Never hard code sensitive information |
CERT C++: MSC50-CPP | Do not use std::rand() for generating pseudorandom numbers |
CERT C++: MSC51-CPP | Ensure your random number generator is properly seeded |
CERT C++: MSC52-CPP | Value-returning functions must return a value from all exit paths |
CERT C++:MSC53-CPP | Do not return from a function declared [[noreturn]] |
CERT C++:MSC54-CPP | A signal handler must be a plain old function (Seit R2023b) |
CERT C++: PRE30-C | Do not create a universal character name through concatenation |
CERT C++: PRE31-C | Avoid side effects in arguments to unsafe macros |
CERT C++: PRE32-C | Do not use preprocessor directives in invocations of function-like macros |
CERT C++: SIG31-C | Do not access shared objects in signal handlers |
CERT C++: SIG34-C | Do not call signal() from within interruptible signal handlers |
CERT C++: SIG35-C | Do not return from a computational exception signal handler |
Themen
- Polyspace Support for Coding Standards
Check the Polyspace support for different coding standards.
- Check for and Review Coding Standard Violations
Check for violations of AUTOSAR C++14, CERT® C, CERT C++, CWE, MISRA C™, MISRA™ C++, JSF AV C++, or ISO-17961 standards with Polyspace Bug Finder.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Website auswählen
Wählen Sie eine Website aus, um übersetzte Inhalte (sofern verfügbar) sowie lokale Veranstaltungen und Angebote anzuzeigen. Auf der Grundlage Ihres Standorts empfehlen wir Ihnen die folgende Auswahl: .
Sie können auch eine Website aus der folgenden Liste auswählen:
So erhalten Sie die bestmögliche Leistung auf der Website
Wählen Sie für die bestmögliche Website-Leistung die Website für China (auf Chinesisch oder Englisch). Andere landesspezifische Websites von MathWorks sind für Besuche von Ihrem Standort aus nicht optimiert.
Amerika
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)