This is machine translation

Translated by Microsoft
Mouseover text to see original. Click the button below to return to the English version of the page.

Note: This page has been translated by MathWorks. Click here to see
To view all translated materials including this page, select Country from the country navigator on the bottom of this page.

Polyspace Results in Polyspace Bug Finder - By Category

Alphabetical List By Category

Review Analysis Results

Polyspace Bug Finder Results

Defects

Numerical Defects
Absorption of float operandOne addition or subtraction operand is absorbed by the other operand
Bitwise operation on negative valueUndefined behavior for bitwise operations on negative values
Float conversion overflowOverflow when converting between floating point data types
Float division by zeroDividing floating point number by zero
Float overflowOverflow from operation between floating points
Integer constant overflowConstant value falls outside range of integer data type
Integer conversion overflowOverflow when converting between integer types
Integer division by zeroDividing integer number by zero
Integer overflowOverflow from operation between integers
Integer precision exceeded Operation using integer size instead of precision can cause undefined behavior
Invalid use of standard library floating point routineWrong arguments to standard library function
Invalid use of standard library integer routineWrong arguments to standard library function
Possible invalid operation on boolean operandOperation can exceed precision of Boolean operand or result in arbitrary value
Precision loss from integer to float conversionLeast significant bits of integer lost during conversion to floating-point type
Shift of a negative valueShift operator on negative value
Shift operation overflowOverflow from shifting operation
Sign change integer conversion overflowOverflow when converting between signed and unsigned integers
Unsigned integer constant overflowConstant value falls outside range of unsigned integer data type
Unsigned integer conversion overflowOverflow when converting between unsigned integer types
Unsigned integer overflowOverflow from operation between unsigned integers
Use of plain char type for numerical valuePlain char variable in arithmetic operation without explicit signedness
Static Memory Defects
Arithmetic operation with NULL pointerArithmetic operation performed on NULL pointer
Array access out of boundsArray index outside bounds during array access
Buffer overflow from incorrect string format specifierString format specifier causes buffer argument of standard library functions to overflow
Destination buffer overflow in string manipulationFunction writes to buffer at offset greater than buffer size
Destination buffer underflow in string manipulationFunction writes to buffer at a negative offset from beginning of buffer
Invalid use of standard library memory routineStandard library memory function called with invalid arguments
Invalid use of standard library string routineStandard library string function called with invalid arguments
Null pointerNULL pointer dereferenced
Pointer access out of boundsPointer dereferenced outside its bounds
Pointer or reference to stack variable leaving scopePointer to local variable leaves the variable scope
Subtraction or comparison between pointers to different arraysSubtraction or comparison between pointers causes undefined behavior
Unreliable cast of function pointerFunction pointer cast to another function pointer with different argument or return type
Unreliable cast of pointerPointer implicitly cast to different data type
Use of automatic variable as putenv-family function argumentputenv-family function argument not accessible outside its scope
Use of path manipulation function without maximum sized buffer checkingDestination buffer of getwd or realpath is smaller than PATH_MAX bytes
Wrong allocated object size for castAllocated memory does not match destination pointer
Dynamic Memory Defects
Alignment changed after memory reallocationMemory reallocation changes the originally stricter alignment of an object
Deallocation of previously deallocated pointerMemory freed more than once without allocation
Invalid free of pointerPointer deallocation without a corresponding dynamic allocation
Invalid deletion of pointerPointer deallocation using delete without corresponding allocation using new
Memory leakMemory allocated dynamically not freed
Mismatched alloc/dealloc functions on WindowsImproper deallocation function causes memory corruption issues
Unprotected dynamic memory allocationPointer returned from dynamic allocation not checked for NULL value
Use of previously freed pointerMemory accessed after deallocation
Programming Defects
Abnormal termination of exit handlerExit handler function interrupts the normal execution of a program
Accessing object with temporary lifetimeRead or write operations on the object are undefined behavior
Alternating input and output from a stream without flush or positioning callUndefined behavior for input or output stream operations
AssertionFailed assertion statement
Bad file access mode or statusAccess mode argument of function in fopen or open group is invalid
Call through non-prototyped function pointerFunction pointer declared without its type or number of parameters causes unexpected behavior
Call to memset with unintended valuememset or wmemset used with possibly incorrect arguments
Character value absorbed into EOFData type conversion makes a valid character value same as End-of-File (EOF)
Copy of overlapping memorySource and destination arguments of a copy function have overlapping memory
Declaration mismatchMismatch between function or variable declarations
Environment pointer invalidated by previous operationCall to setenv or putenv family function modifies environment pointed to by pointer
Errno not reseterrno not reset before calling a function that sets errno
Exception caught by valuecatch statement accepts an object by value
Exception handler hidden by previous handlercatch statement is not reached because of an earlier catch statement for the same exception
Floating point comparison with equality operatorsImprecise comparison of floating-point variables
Format string specifiers and arguments mismatchString specifiers do not match corresponding arguments
Function called from signal handler not asynchronous-safeCall to interrupted function causes undefined program behavior
Function called from signal handler not asynchronous-safe (strict)Call to interrupted function causes undefined program behavior
Improper array initializationIncorrect array initialization when using initializers
Incorrect data type passed to va_argData type of variadic function argument does not match type in va_arg call
Incorrect pointer scalingImplicit scaling in pointer arithmetic might be ignored
Inline constraint not respectedModifiable static variable is modified in nonstatic inline function
Invalid assumptions about memory organizationAddress is computed by adding or subtracting from address of a variable
Invalid file positionfsetpos() is invoked with a file position argument not obtained from fgetpos()
Invalid use of = (assignment) operatorAssignment in conditional statement
Invalid use of == (equality) operatorEquality operation in assignment statement
Invalid use of standard library routineWrong arguments to standard library function
Invalid va_list argumentVariable argument list used after invalidation with va_end or not initialized with va_start or va_copy
Memory comparison of padding datamemcmp compares data stored in structure padding
Memory comparison of float-point valuesObject representation of floating-point values can be different (same) for equal (not equal) floating-point values
Memory comparison of stringsmemcmp compares data stored in strings after the null terminator
Missing byte reordering when transferring dataDifferent endianness of host and network
Missing null in string arrayString does not terminate with null character
Misuse of a FILE objectUse of copy of FILE object
Misuse of errnoerrno incorrectly checked for error conditions
Misuse of narrow or wide character stringNarrow (wide) character string passed to wide (narrow) string function
Misuse of errno in a signal handlerYou read errno after calling an errno-setting function in a signal handler
Misuse of structure with flexible array memberMemory allocation ignores flexible array member
Misuse of sign-extended character valueData type conversion with sign extension causes unexpected behavior
Misuse of return value from nonreentrant standard functionPointer to static buffer from previous call is used despite a subsequent call that modifies the buffer
Modification of internal buffer returned from nonreentrant standard functionFunction attempts to modify internal buffer returned from a nonreentrant standard function
Overlapping assignmentMemory overlap between left and right sides of an assignment
Possible misuse of sizeofUse of sizeof operator can cause unintended results
Possibly unintended evaluation of expression because of operator precedence rulesOperator precedence rules cause unexpected evaluation order in arithmetic expression
Predefined macro used as objectYou use standard library macros such as assert and errno as objects
Preprocessor directive in macro argumentYou use a preprocessor directive in the argument to a function-like macro
Qualifier removed in conversionVariable qualifier is lost during conversion
Return from computational exception signal handlerUndefined behavior when signal handler returns normally from program error
Side effect in arguments to unsafe macroMacro contains arguments that can be evaluated multiple times or not evaluated
Side effect of expression ignoredsizeof, _Alignof, or _Generic operates on expression with side effect
Signal call from within signal handlerNonpersistent signal handler calling signal() in Windows system causes race condition
Shared data access within signal handlerAccess or modification of shared data causes inconsistent state
Standard function call with incorrect argumentsArgument to a standard function does not meet requirements for use in the function
Stream argument with possibly unintended side effectsStream argument side effects occur more than once
Too many va_arg calls for current argument listNumber of calls to va_arg exceeds number of arguments passed to variadic function
Typedef mismatchMismatch between typedef statements
Universal character name from token concatenationYou create a universal character name by joining tokens with ## operator
Unsafe conversion between pointer and integerMisaligned or invalid results from conversions between pointer and integer types
Unsafe conversion from string to numerical valueString to number conversion without validation checks
Use of indeterminate stringUse of buffer from fgets-family function
Use of memset with size argument zeroSize argument of function in memset family is zero
Variable length array with nonpositive sizeSize of variable-length array is zero or negative
Writing to const qualified objectObject declared with a const qualifier is modified
Wrong type used in sizeofsizeof argument does not match pointed type
Data Flow Defects
Code deactivated by constant false conditionCode segment deactivated by #if 0 directive or if(0) condition
Dead codeCode does not execute
Missing return statementFunction does not return value though return type is not void
Non-initialized variableVariable not initialized before use
Non-initialized pointerPointer not initialized before dereference
Partially accessed arrayArray partly read or written before end of scope
Pointer to non-initialized value converted to const pointerPointer to constant assigned address that does not contain a value
Static uncalled functionFunction with static scope not called in file
Unreachable codeCode not executed because of preceding control-flow statements
Useless ifUnnecessary if conditional
Variable shadowingVariable hides another variable of same name with nested scope
Write without a further readVariable never read after assignment
Security Defects
File access between time of check and use (TOCTOU)File or folder might change state due to access race
File descriptor exposure to child processCopied file descriptor used in multiple processes
File manipulation after chroot without chdirPath-related vulnerabilities for file manipulated after call to chroot
Inappropriate I/O operation on device filesOperation can result in security vulnerabilities or a system failure
Unsafe call to a system functionUnsanitized command argument has exploitable vulnerabilities
Use of non-secure temporary fileTemporary generated file name not secure
Vulnerable path manipulationPath argument with /../, /abs/path/, or other unsecure elements
Bad order of dropping privilegesDropped higher elevated privileges before dropping lower elevated privileges
Privilege drop not verifiedAttacker can gain unintended elevated access to program
Umask used with chmod-style argumentsArgument to umask allows external user too much control
Vulnerable permission assignmentsArgument gives read/write/search permissions to external users
Unsafe standard encryption functionFunction is not reentrant or uses a risky encryption algorithm
Unsafe standard functionFunction unsafe for security-related purposes
Use of dangerous standard functionDangerous functions cause possible buffer overflow in destination buffer
Use of obsolete standard functionObsolete routines can cause security vulnerabilities and portability issues
Deterministic random output from constant seedSeeding routine uses a constant seed making the output deterministic
Predictable random output from predictable seedSeeding routine uses a predictable seed making the output predictable
Vulnerable pseudo-random number generatorUsing a cryptographically weak pseudo-random number generator
Errno not checkederrno is not checked for error conditions following function call
Execution of a binary from a relative path can be controlled by an external actorCommand with relative path is vulnerable to malicious attack
Function pointer assigned with absolute addressConstant expression is used as function address is vulnerable to code injection
Incorrect order of network connection operationsSocket is not correctly established due to bad order of connection steps or missing steps
Information leak via structure paddingPadding bytes can contain sensitive information
Load of library from a relative path can be controlled by an external actorLibrary loaded with relative path is vulnerable to malicious attacks
Mismatch between data length and sizeData size argument is not computed from actual data length
Missing case for switch conditionswitch variable not covered by cases and default case is missing
Misuse of readlink()Third argument of readlink does not leave space for null terminator in buffer
Returned value of a sensitive function not checkedSensitive functions called without checking for unexpected return values and errors
Sensitive data printed outFunction prints sensitive data
Sensitive heap memory not cleared before releaseSensitive data not cleared or released by memory routine
Uncleared sensitive data in stackVariable in stack is not cleared and contains sensitive data
Cryptography Defects
Constant block cipher initialization vectorInitialization vector is constant instead of randomized
Predictable block cipher initialization vectorInitialization vector is generated from a weak random number generator
Missing block cipher initialization vectorContext used for encryption or decryption is associated with NULL initialization vector or not associated with an initialization vector
Constant cipher keyEncryption or decryption key is constant instead of randomized
Predictable cipher keyEncryption or decryption key is generated from a weak random number generator
Missing cipher keyContext used for encryption or decryption is associated with NULL key or not associated with a key
Inconsistent cipher operationsYou perform encryption and decryption steps in succession with the same cipher context without a reinitialization in between
Missing cipher data to processFinal encryption or decryption step is performed without previous update steps
Missing cipher final stepYou do not perform a final step after update steps for encrypting or decrypting data
Missing cipher algorithmAn encryption or decryption algorithm is not associated with the cipher context
Weak cipher algorithmEncryption algorithm associated with the cipher context is weak
Weak cipher modeEncryption mode associated with the cipher context is weak
Context initialized incorrectly for cryptographic operationContext used for public key cryptography operation is initialized for a different operation
Incorrect key for cryptographic algorithmPublic key cryptography operation is not supported by the algorithm used in context initialization
Missing data for encryption, decryption or signing operationData provided for public key cryptography operation is NULL or data length is zero
Missing parameters for key generationContext used for key generation is associated with NULL parameters
Missing peer keyContext used for shared secret derivation is associated with NULL peer key or not associated with a peer key at all
Missing private keyContext used for cryptography operation is associated with NULL private key or not associated with a private key at all
Missing public keyContext used for cryptography operation is associated with NULL public key or not associated with a public key at all
Nonsecure parameters for key generationContext used for key generation is associated with weak parameters
Incompatible padding for RSA algorithm operationCryptography operation is not supported by the padding type set in context
Missing blinding for RSA algorithmContext used in decryption or signature verification is not blinded against timing attacks
Missing padding for RSA algorithmContext used in encryption or signing operation is not associated with any padding
Nonsecure RSA public exponentContext used in key generation is associated with low exponent value
Weak padding for RSA algorithmContext used in encryption or signing operation is associated with insecure padding type
Context initialized incorrectly for digest operationContext used for digest operation is initialized for a different digest operation
Nonsecure hash algorithmContext used for message digest creation is associated with weak algorithm
Nonsecure SSL/TLS protocolContext used for handling SSL/TLS connections is associated with weak protocol
Tainted Data Defects
Array access with tainted indexArray index from unsecure source possibly outside array bounds
Command executed from externally controlled pathPath argument from an unsecure source
Execution of externally controlled commandCommand argument from an unsecure source vulnerable to operating system command injection
Host change using externally controlled elementsChanging host ID from an unsecure source
Library loaded from externally controlled pathUsing a library argument from an externally controlled path
Loop bounded with tainted valueLoop controlled by a value from an unsecure source
Memory allocation with tainted sizeSize argument to memory function is from an unsecure source
Pointer dereference with tainted offsetOffset is from an unsecure source and dereference may be out of bounds
Tainted division operandDivision / operands from an unsecure source
Tainted modulo operandRemainder % operands are from an unsecure source
Tainted NULL or non-null-terminated stringArgument is from an unsecure source and may be NULL or not NULL-terminated
Tainted sign change conversionValue from an unsecure source changes sign
Tainted size of variable length arraySize of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large
Tainted string formatInput format argument is from an unsecure source
Use of externally controlled environment variableValue of environment variable from an unsecure source
Use of tainted pointerPointer from an unsecure source may be NULL or point to unknown memory
Concurrency Defects
Atomic load and store sequence not atomicVariable accessible between load and store operations
Atomic variable accessed twice in an expressionVariable can be modified between accesses
Blocking operation while holding lockTask performs lengthy operation while holding a lock
Data raceMultiple tasks perform unprotected nonatomic operations on shared variable
Data race including atomic operationsMultiple tasks perform unprotected operations on shared variable
Data race through standard library function callMultiple tasks make unprotected calls to thread-unsafe standard library function
DeadlockCall sequence to lock functions cause two tasks to block each other
Destruction of locked mutexTask tries to destroy a mutex in the locked state
Double lockLock function is called twice in a task without an intermediate call to unlock function
Double unlockUnlock function is called twice in a task without an intermediate call to lock function
Function that can spuriously fail not wrapped in loopLoop checks failure condition after possible spurious failure
Function that can spuriously wake up not wrapped in loopLoop checks wake-up condition after possible spurious wake-up
Missing lockUnlock function without lock function
Missing unlockLock function without unlock function
Signal call in multithreaded programProgram with multiple threads uses signal function
Thread-specific memory leakDynamically allocated thread-specific memory not freed before end of thread
Use of signal killing threadUncaught signal kills entire process instead of specific thread
Object Oriented Defects
*this not returned in copy assignment operatoroperator= method does not return a pointer to the current object
Base class assignment operator not calledCopy assignment operator does not call copy assignment operators of base subobjects
Base class destructor not virtualClass cannot behave polymorphically for deletion of derived class objects
Copy constructor or assignment operator modifying source operandCopy operation modifies data member of source object
Copy constructor not called in initialization listCopy constructor does not call copy constructors of some members or base classes
Incompatible types prevent overridingDerived class method hides a virtual base class method instead of overriding it
Incomplete class pointerYou delete or cast to a pointer to an incomplete class
Member not initialized in constructorConstructor does not initialize some members of a class
Missing explicit keywordConstructor missing the explicit specifier
Missing virtual inheritanceA base class is inherited virtually and nonvirtually in the same hierarchy
Object slicingDerived class object passed by value to function with base class parameter
Partial override of overloaded virtual functionsClass overrides fraction of inherited virtual functions with a given name
Return of non const handle to encapsulated data memberMethod returns pointer or reference to internal member of object
Self assignment not tested in operatorCopy assignment operator does not test for self-assignment
Resource Management Defects
Closing a previously closed resourceFunction closes a previously closed stream
Opening previously opened resourceOpening an already opened file
Resource leakFile stream not closed before FILE pointer scope ends or pointer is reassigned
Use of previously closed resourceFunction operates on a previously closed stream
Writing to read-only resourceFile initially opened as read only is modified
Good Practice Defects
Bitwise and arithmetic operation on the same dataStatement with mixed bitwise and arithmetic operations
Delete of void pointerdelete operates on a void* pointer pointing to an object
Hard-coded buffer sizeSize of memory buffer is a numerical value instead of symbolic constant
Hard-coded loop boundaryLoop boundary is a numerical value instead of symbolic constant
Hard-coded object size used to manipulate memoryMemory manipulation with hard-coded size instead of sizeof
Incorrect syntax of flexible array member sizeFlexible array member defined with size zero or one
Large pass-by-value argumentLarge argument passed by value between functions
Line with more than one statementMultiple statements on a line
Missing break of switch caseNo comments at the end of switch case without a break statement
Missing reset of a freed pointerPointer free not followed by a reset statement to clear leftover data
Unused parameterFunction prototype has parameters not read or written in function body
Use of setjmp/longjmpsetjmp and longjmp cause deviation from normal control flow

Coding Rules

MISRA C:2012 Directives and Rules
MISRA C:2012 Dir 1.1Any implementation-defined behavior on which the output of the program depends shall be documented and understood
MISRA C:2012 Dir 2.1All source files shall compile without any compilation errors
MISRA C:2012 Dir 4.1Run-time failures shall be minimized
MISRA C:2012 Dir 4.3Assembly language shall be encapsulated and isolated
MISRA C:2012 Dir 4.5Identifiers in the same name space with overlapping visibility should be typographically unambiguous
MISRA C:2012 Dir 4.6typedefs that indicate size and signedness should be used in place of the basic numerical types
MISRA C:2012 Dir 4.7If a function returns error information, then that error information shall be tested
MISRA C:2012 Dir 4.8If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden
MISRA C:2012 Dir 4.9A function should be used in preference to a function-like macro where they are interchangeable
MISRA C:2012 Dir 4.10Precautions shall be taken in order to prevent the contents of a header file being included more than once
MISRA C:2012 Dir 4.11The validity of values passed to library functions shall be checked
MISRA C:2012 Dir 4.13Functions which are designed to provide operations on a resource should be called in an appropriate sequence
MISRA C:2012 Dir 4.14The validity of values received from external sources shall be checked
MISRA C:2012 Rule 1.1The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation’s translation limits
MISRA C:2012 Rule 1.2Language extensions should not be used
MISRA C:2012 Rule 1.3There shall be no occurrence of undefined or critical unspecified behaviour
MISRA C:2012 Rule 2.1A project shall not contain unreachable code
MISRA C:2012 Rule 2.2There shall be no dead code
MISRA C:2012 Rule 2.3A project should not contain unused type declarations
MISRA C:2012 Rule 2.4A project should not contain unused tag declarations
MISRA C:2012 Rule 2.5A project should not contain unused macro declarations
MISRA C:2012 Rule 2.6A function should not contain unused label declarations
MISRA C:2012 Rule 2.7There should be no unused parameters in functions
MISRA C:2012 Rule 3.1The character sequences /* and // shall not be used within a comment
MISRA C:2012 Rule 3.2Line-splicing shall not be used in // comments
MISRA C:2012 Rule 4.1Octal and hexadecimal escape sequences shall be terminated
MISRA C:2012 Rule 4.2Trigraphs should not be used
MISRA C:2012 Rule 5.1External identifiers shall be distinct
MISRA C:2012 Rule 5.2Identifiers declared in the same scope and name space shall be distinct
MISRA C:2012 Rule 5.3An identifier declared in an inner scope shall not hide an identifier declared in an outer scope
MISRA C:2012 Rule 5.4Macro identifiers shall be distinct
MISRA C:2012 Rule 5.5Identifiers shall be distinct from macro names
MISRA C:2012 Rule 5.6A typedef name shall be a unique identifier
MISRA C:2012 Rule 5.7A tag name shall be a unique identifier
MISRA C:2012 Rule 5.8Identifiers that define objects or functions with external linkage shall be unique
MISRA C:2012 Rule 5.9Identifiers that define objects or functions with internal linkage should be unique
MISRA C:2012 Rule 6.1Bit-fields shall only be declared with an appropriate type
MISRA C:2012 Rule 6.2Single-bit named bit fields shall not be of a signed type
MISRA C:2012 Rule 7.1Octal constants shall not be used
MISRA C:2012 Rule 7.2A “u” or “U” suffix shall be applied to all integer constants that are represented in an unsigned type
MISRA C:2012 Rule 7.3The lowercase character “l” shall not be used in a literal suffix
MISRA C:2012 Rule 7.4A string literal shall not be assigned to an object unless the object’s type is “pointer to const-qualified char”
MISRA C:2012 Rule 8.1Types shall be explicitly specified
MISRA C:2012 Rule 8.2Function types shall be in prototype form with named parameters
MISRA C:2012 Rule 8.3All declarations of an object or function shall use the same names and type qualifiers
MISRA C:2012 Rule 8.4A compatible declaration shall be visible when an object or function with external linkage is defined
MISRA C:2012 Rule 8.5An external object or function shall be declared once in one and only one file
MISRA C:2012 Rule 8.6An identifier with external linkage shall have exactly one external definition
MISRA C:2012 Rule 8.7Functions and objects should not be defined with external linkage if they are referenced in only one translation unit
MISRA C:2012 Rule 8.8The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage
MISRA C:2012 Rule 8.9An object should be defined at block scope if its identifier only appears in a single function
MISRA C:2012 Rule 8.10An inline function shall be declared with the static storage class
MISRA C:2012 Rule 8.11When an array with external linkage is declared, its size should be explicitly specified
MISRA C:2012 Rule 8.12Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique
MISRA C:2012 Rule 8.13A pointer should point to a const-qualified type whenever possible
MISRA C:2012 Rule 8.14The restrict type qualifier shall not be used
MISRA C:2012 Rule 9.1The value of an object with automatic storage duration shall not be read before it has been set
MISRA C:2012 Rule 9.2The initializer for an aggregate or union shall be enclosed in braces
MISRA C:2012 Rule 9.3Arrays shall not be partially initialized
MISRA C:2012 Rule 9.4An element of an object shall not be initialized more than once
MISRA C:2012 Rule 9.5Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly
MISRA C:2012 Rule 10.1Operands shall not be of an inappropriate essential type
MISRA C:2012 Rule 10.2Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations
MISRA C:2012 Rule 10.3The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
MISRA C:2012 Rule 10.4Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category
MISRA C:2012 Rule 10.5The value of an expression should not be cast to an inappropriate essential type
MISRA C:2012 Rule 10.6The value of a composite expression shall not be assigned to an object with wider essential type
MISRA C:2012 Rule 10.7If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type
MISRA C:2012 Rule 10.8The value of a composite expression shall not be cast to a different essential type category or a wider essential type
MISRA C:2012 Rule 11.1Conversions shall not be performed between a pointer to a function and any other type
MISRA C:2012 Rule 11.2Conversions shall not be performed between a pointer to an incomplete type and any other type
MISRA C:2012 Rule 11.3A cast shall not be performed between a pointer to object type and a pointer to a different object type
MISRA C:2012 Rule 11.4A conversion should not be performed between a pointer to object and an integer type
MISRA C:2012 Rule 11.5A conversion should not be performed from pointer to void into pointer to object
MISRA C:2012 Rule 11.6A cast shall not be performed between pointer to void and an arithmetic type
MISRA C:2012 Rule 11.7A cast shall not be performed between pointer to object and a non-integer arithmetic type
MISRA C:2012 Rule 11.8A cast shall not remove any const or volatile qualification from the type pointed to by a pointer
MISRA C:2012 Rule 11.9The macro NULL shall be the only permitted form of integer null pointer constant
MISRA C:2012 Rule 12.1The precedence of operators within expressions should be made explicit
MISRA C:2012 Rule 12.2The right hand operand of a shift operator shall lie in the range zero to one less than the width in bits of the essential type of the left hand operand
MISRA C:2012 Rule 12.3The comma operator should not be used
MISRA C:2012 Rule 12.4Evaluation of constant expressions should not lead to unsigned integer wrap-around
MISRA C:2012 Rule 12.5The sizeof operator shall not have an operand which is a function parameter declared as “array of type”
MISRA C:2012 Rule 13.1Initializer lists shall not contain persistent side effects
MISRA C:2012 Rule 13.2The value of an expression and its persistent side effects shall be the same under all permitted evaluation orders
MISRA C:2012 Rule 13.3A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator
MISRA C:2012 Rule 13.4The result of an assignment operator should not be used
MISRA C:2012 Rule 13.5The right hand operand of a logical && or || operator shall not contain persistent side effects
MISRA C:2012 Rule 13.6The operand of the sizeof operator shall not contain any expression which has potential side effects
MISRA C:2012 Rule 14.1A loop counter shall not have essentially floating type
MISRA C:2012 Rule 14.2A for loop shall be well-formed
MISRA C:2012 Rule 14.3Controlling expressions shall not be invariant
MISRA C:2012 Rule 14.4The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type
MISRA C:2012 Rule 15.1The goto statement should not be used
MISRA C:2012 Rule 15.2The goto statement shall jump to a label declared later in the same function
MISRA C:2012 Rule 15.3Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement
MISRA C:2012 Rule 15.4There should be no more than one break or goto statement used to terminate any iteration statement
MISRA C:2012 Rule 15.5A function should have a single point of exit at the end
MISRA C:2012 Rule 15.6The body of an iteration-statement or a selection-statement shall be a compound statement
MISRA C:2012 Rule 15.7All if … else if constructs shall be terminated with an else statement
MISRA C:2012 Rule 16.1All switch statements shall be well-formed
MISRA C:2012 Rule 16.2A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement
MISRA C:2012 Rule 16.3An unconditional break statement shall terminate every switch-clause
MISRA C:2012 Rule 16.4Every switch statement shall have a default label
MISRA C:2012 Rule 16.5A default label shall appear as either the first or the last switch label of a switch statement
MISRA C:2012 Rule 16.6Every switch statement shall have at least two switch-clauses
MISRA C:2012 Rule 16.7A switch-expression shall not have essentially Boolean type
MISRA C:2012 Rule 17.1The features of <stdarg.h> shall not be used
MISRA C:2012 Rule 17.2Functions shall not call themselves, either directly or indirectly
MISRA C:2012 Rule 17.3A function shall not be declared implicitly
MISRA C:2012 Rule 17.4All exit paths from a function with non-void return type shall have an explicit return statement with an expression
MISRA C:2012 Rule 17.5The function argument corresponding to a parameter declared to have an array type shall have an appropriate number of elements
MISRA C:2012 Rule 17.6The declaration of an array parameter shall not contain the static keyword between the [ ]
MISRA C:2012 Rule 17.7The value returned by a function having non-void return type shall be used
MISRA C:2012 Rule 17.8A function parameter should not be modified
MISRA C:2012 Rule 18.1A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
MISRA C:2012 Rule 18.2Subtraction between pointers shall only be applied to pointers that address elements of the same array
MISRA C:2012 Rule 18.3The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object
MISRA C:2012 Rule 18.4The +, -, += and -= operators should not be applied to an expression of pointer type
MISRA C:2012 Rule 18.5Declarations should contain no more than two levels of pointer nesting
MISRA C:2012 Rule 18.6The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist
MISRA C:2012 Rule 18.7Flexible array members shall not be declared
MISRA C:2012 Rule 18.8Variable-length array types shall not be used
MISRA C:2012 Rule 19.1An object shall not be assigned or copied to an overlapping object
MISRA C:2012 Rule 19.2The union keyword should not be used
MISRA C:2012 Rule 20.1#include directives should only be preceded by preprocessor directives or comments
MISRA C:2012 Rule 20.2The ', " or \ characters and the /* or // character sequences shall not occur in a header file name
MISRA C:2012 Rule 20.3The #include directive shall be followed by either a <filename> or \"filename\" sequence
MISRA C:2012 Rule 20.4A macro shall not be defined with the same name as a keyword
MISRA C:2012 Rule 20.5#undef should not be used
MISRA C:2012 Rule 20.6Tokens that look like a preprocessing directive shall not occur within a macro argument
MISRA C:2012 Rule 20.7Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses
MISRA C:2012 Rule 20.8The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1
MISRA C:2012 Rule 20.9All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define’d before evaluation
MISRA C:2012 Rule 20.10The # and ## preprocessor operators should not be used
MISRA C:2012 Rule 20.11A macro parameter immediately following a # operator shall not immediately be followed by a ## operator
MISRA C:2012 Rule 20.12A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators
MISRA C:2012 Rule 20.13A line whose first token is # shall be a valid preprocessing directive
MISRA C:2012 Rule 20.14All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are related
MISRA C:2012 Rule 21.1#define and #undef shall not be used on a reserved identifier or reserved macro name
MISRA C:2012 Rule 21.2A reserved identifier or macro name shall not be declared
MISRA C:2012 Rule 21.3The memory allocation and deallocation functions of <stdlib.h> shall not be used
MISRA C:2012 Rule 21.4The standard header file <setjmp.h> shall not be used
MISRA C:2012 Rule 21.5The standard header file <signal.h> shall not be used
MISRA C:2012 Rule 21.6The Standard Library input/output functions shall not be used
MISRA C:2012 Rule 21.7The atof, atoi, atol, and atoll functions of <stdlib.h> shall not be used
MISRA C:2012 Rule 21.8The library functions abort, exit, getenv and system of <stdlib.h> shall not be used
MISRA C:2012 Rule 21.9The library functions bsearch and qsort of <stdlib.h> shall not be used
MISRA C:2012 Rule 21.10The Standard Library time and date functions shall not be used
MISRA C:2012 Rule 21.11The standard header file <tgmath.h> shall not be used
MISRA C:2012 Rule 21.12The exception handling features of <fenv.h> should not be used
MISRA C:2012 Rule 21.13Any value passed to a function in <ctype.h> shall be representable as an unsigned char or be the value EOF
MISRA C:2012 Rule 21.14The Standard Library function memcmp shall not be used to compare null terminated strings
MISRA C:2012 Rule 21.15The pointer arguments to the Standard Library functions memcpy, memmove and memcmp shall be pointers to qualified or unqualified versions of compatible types
MISRA C:2012 Rule 21.16The pointer arguments to the Standard Library function memcmp shall point to either a pointer type, an essentially signed type, an essentially unsigned type, an essentially Boolean type or an essentially enum type
MISRA C:2012 Rule 21.17Use of the string handling function from <string.h> shall not result in accesses beyond the bounds of the objects referenced by their pointer parameters
MISRA C:2012 Rule 21.18The size_t argument passed to any function in <string.h> shall have an appropriate value
MISRA C:2012 Rule 21.19The pointers returned by the Standard Library functions localeconv, getenv, setlocale or strerror shall only be used as if they have pointer to const-qualified type
MISRA C:2012 Rule 21.20The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, getenv, setlocale or strerror shall not be used following a subsequent call to the same function
MISRA C:2012 Rule 22.1All resources obtained dynamically by means of Standard Library functions shall be explicitly released
MISRA C:2012 Rule 22.2A block of memory shall only be freed if it was allocated by means of a Standard Library function
MISRA C:2012 Rule 22.3The same file shall not be open for read and write access at the same time on different streams
MISRA C:2012 Rule 22.4There shall be no attempt to write to a stream which has been opened as read-only
MISRA C:2012 Rule 22.5A pointer to a FILE object shall not be dereferenced
MISRA C:2012 Rule 22.6The value of a pointer to a FILE shall not be used after the associated stream has been closed
MISRA C:2012 Rule 22.7The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF
MISRA C:2012 Rule 22.8The value of errno shall be set to zero prior to a call to an errno-setting-function
MISRA C:2012 Rule 22.9The value of errno shall be tested against zero after calling an errno-setting function
MISRA C:2012 Rule 22.10The value of errno shall only be tested when the last function to be called was an errno-setting function
MISRA C++:2008 Rules
MISRA C++:2008 Rule 0-1-1A project shall not contain unreachable code
MISRA C++:2008 Rule 0-1-2A project shall not contain infeasible paths
MISRA C++:2008 Rule 0-1-3A project shall not contain unused variables
MISRA C++:2008 Rule 0-1-5A project shall not contain unused type declarations
MISRA C++:2008 Rule 0-1-7The value returned by a function having a non- void return type that is not an overloaded operator shall always be used
MISRA C++:2008 Rule 0-1-9There shall be no dead code
MISRA C++:2008 Rule 0-1-10Every defined function shall be called at least once
MISRA C++:2008 Rule 0-1-11There shall be no unused parameters (named or unnamed) in nonvirtual functions
MISRA C++:2008 Rule 0-1-12There shall be no unused parameters (named or unnamed) in the set of parameters for a virtual function and all the functions that override it
MISRA C++:2008 Rule 0-2-1An object shall not be assigned to an overlapping object
MISRA C++:2008 Rule 1-0-1All code shall conform to ISO/IEC 14882:2003 "The C++ Standard Incorporating Technical Corrigendum 1"
MISRA C++:2008 Rule 2-3-1Trigraphs shall not be used
MISRA C++:2008 Rule 2-5-1Digraphs should not be used
MISRA C++:2008 Rule 2-7-1The character sequence /* shall not be used within a C-style comment
MISRA C++:2008 Rule 2-10-1Different identifiers shall be typographically unambiguous
MISRA C++:2008 Rule 2-10-2Identifiers declared in an inner scope shall not hide an identifier declared in an outer scope
MISRA C++:2008 Rule 2-10-3A typedef name (including qualification, if any) shall be a unique identifier
MISRA C++:2008 Rule 2-10-4A class, union or enum name (including qualification, if any) shall be a unique identifier
MISRA C++:2008 Rule 2-10-5The identifier name of a non-member object or function with static storage duration should not be reused
MISRA C++:2008 Rule 2-10-6If an identifier refers to a type, it shall not also refer to an object or a function in the same scope
MISRA C++:2008 Rule 2-13-1Only those escape sequences that are defined in ISO/IEC 14882:2003 shall be used
MISRA C++:2008 Rule 2-13-2Octal constants (other than zero) and octal escape sequences (other than "\0") shall not be used
MISRA C++:2008 Rule 2-13-3A "U" suffix shall be applied to all octal or hexadecimal integer literals of unsigned type
MISRA C++:2008 Rule 2-13-4Literal suffixes shall be upper case
MISRA C++:2008 Rule 2-13-5Narrow and wide string literals shall not be concatenated
MISRA C++:2008 Rule 3-1-1It shall be possible to include any header file in multiple translation units without violating the One Definition Rule
MISRA C++:2008 Rule 3-1-2Functions shall not be declared at block scope
MISRA C++:2008 Rule 3-1-3When an array is declared, its size shall either be stated explicitly or defined implicitly by initialization
MISRA C++:2008 Rule 3-2-1All declarations of an object or function shall have compatible types
MISRA C++:2008 Rule 3-2-2The One Definition Rule shall not be violated
MISRA C++:2008 Rule 3-2-3A type, object or function that is used in multiple translation units shall be declared in one and only one file
MISRA C++:2008 Rule 3-2-4An identifier with external linkage shall have exactly one definition
MISRA C++:2008 Rule 3-3-1Objects or functions with external linkage shall be declared in a header file
MISRA C++:2008 Rule 3-3-2If a function has internal linkage then all re-declarations shall include the static storage class specifier
MISRA C++:2008 Rule 3-4-1An identifier declared to be an object or type shall be defined in a block that minimizes its visibility
MISRA C++:2008 Rule 3-9-1The types used for an object, a function return type, or a function parameter shall be token-for-token identical in all declarations and re-declarations
MISRA C++:2008 Rule 3-9-2typedefs that indicate size and signedness should be used in place of the basic numerical types
MISRA C++:2008 Rule 3-9-3The underlying bit representations of floating-point values shall not be used
MISRA C++:2008 Rule 4-5-1Expressions with type bool shall not be used as operands to built-in operators other than the assignment operator =, the logical operators &&, ||, !, the equality operators == and !=, the unary & operator, and the conditional operator
MISRA C++:2008 Rule 4-5-2Expressions with type enum shall not be used as operands to built- in operators other than the subscript operator [ ], the assignment operator =, the equality operators == and !=, the unary & operator, and the relational operators <, <=, >, >=
MISRA C++:2008 Rule 4-5-3Expressions with type (plain) char and wchar_t shall not be used as operands to built-in operators other than the assignment operator =, the equality operators == and !=, and the unary & operator N
MISRA C++:2008 Rule 4-10-1NULL shall not be used as an integer value
MISRA C++:2008 Rule 4-10-2Literal zero (0) shall not be used as the null-pointer-constant
MISRA C++:2008 Rule 5-0-1The value of an expression shall be the same under any order of evaluation that the standard permits
MISRA C++:2008 Rule 5-0-2Limited dependence should be placed on C++ operator precedence rules in expressions
MISRA C++:2008 Rule 5-0-3A cvalue expression shall not be implicitly converted to a different underlying type
MISRA C++:2008 Rule 5-0-4An implicit integral conversion shall not change the signedness of the underlying type
MISRA C++:2008 Rule 5-0-5There shall be no implicit floating-integral conversions
MISRA C++:2008 Rule 5-0-6An implicit integral or floating-point conversion shall not reduce the size of the underlying type
MISRA C++:2008 Rule 5-0-7There shall be no explicit floating-integral conversions of a cvalue expression
MISRA C++:2008 Rule 5-0-8An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression
MISRA C++:2008 Rule 5-0-9An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression
MISRA C++:2008 Rule 5-0-10If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand
MISRA C++:2008 Rule 5-0-11The plain char type shall only be used for the storage and use of character values
MISRA C++:2008 Rule 5-0-12Signed char and unsigned char type shall only be used for the storage and use of numeric values
MISRA C++:2008 Rule 5-0-13The condition of an if-statement and the condition of an iteration- statement shall have type bool
MISRA C++:2008 Rule 5-0-14The first operand of a conditional-operator shall have type bool
MISRA C++:2008 Rule 5-0-15Array indexing shall be the only form of pointer arithmetic
MISRA C++:2008 Rule 5-0-17Subtraction between pointers shall only be applied to pointers that address elements of the same array
MISRA C++:2008 Rule 5-0-18>, >=, <, <= shall not be applied to objects of pointer type, except where they point to the same array
MISRA C++:2008 Rule 5-0-19The declaration of objects shall contain no more than two levels of pointer indirection
MISRA C++:2008 Rule 5-0-20Non-constant operands to a binary bitwise operator shall have the same underlying type
MISRA C++:2008 Rule 5-0-21Bitwise operators shall only be applied to operands of unsigned underlying type
MISRA C++:2008 Rule 5-2-1Each operand of a logical && or || shall be a postfix - expression
MISRA C++:2008 Rule 5-2-2A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast
MISRA C++:2008 Rule 5-2-3Casts from a base class to a derived class should not be performed on polymorphic types
MISRA C++:2008 Rule 5-2-4C-style casts (other than void casts) and functional notation casts (other than explicit constructor calls) shall not be used
MISRA C++:2008 Rule 5-2-5A cast shall not remove any const or volatile qualification from the type of a pointer or reference
MISRA C++:2008 Rule 5-2-6A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type
MISRA C++:2008 Rule 5-2-7An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly
MISRA C++:2008 Rule 5-2-8An object with integer type or pointer to void type shall not be converted to an object with pointer type
MISRA C++:2008 Rule 5-2-9A cast should not convert a pointer type to an integral type
MISRA C++:2008 Rule 5-2-10The increment ( ++ ) and decrement ( -- ) operators should not be mixed with other operators in an expression
MISRA C++:2008 Rule 5-2-11The comma operator, && operator and the || operator shall not be overloaded
MISRA C++:2008 Rule 5-2-12An identifier with array type passed as a function argument shall not decay to a pointer
MISRA C++:2008 Rule 5-3-1Each operand of the ! operator, the logical && or the logical || operators shall have type bool
MISRA C++:2008 Rule 5-3-2The unary minus operator shall not be applied to an expression whose underlying type is unsigned
MISRA C++:2008 Rule 5-3-3The unary & operator shall not be overloaded
MISRA C++:2008 Rule 5-3-4Evaluation of the operand to the sizeof operator shall not contain side effects
MISRA C++:2008 Rule 5-8-1The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the underlying type of the left hand operand
MISRA C++:2008 Rule 5-14-1The right hand operand of a logical && or || operator shall not contain side effects
MISRA C++:2008 Rule 5-18-1The comma operator shall not be used
MISRA C++:2008 Rule 5-19-1Evaluation of constant unsigned integer expressions should not lead to wrap-around
MISRA C++:2008 Rule 6-2-1Assignment operators shall not be used in sub-expressions
MISRA C++:2008 Rule 6-2-2Floating-point expressions shall not be directly or indirectly tested for equality or inequality
MISRA C++:2008 Rule 6-2-3Before preprocessing, a null statement shall only occur on a line by itself; it may be followed by a comment, provided that the first character following the null statement is a white - space character
MISRA C++:2008 Rule 6-3-1The statement forming the body of a switch, while, do while or for statement shall be a compound statement
MISRA C++:2008 Rule 6-4-1An if ( condition ) construct shall be followed by a compound statement The else keyword shall be followed by either a compound statement, or another if statement
MISRA C++:2008 Rule 6-4-2All if else if constructs shall be terminated with an else clause
MISRA C++:2008 Rule 6-4-3A switch statement shall be a well-formed switch statement
MISRA C++:2008 Rule 6-4-4A switch-label shall only be used when the most closely-enclosing compound statement is the body of a switch statement
MISRA C++:2008 Rule 6-4-5An unconditional throw or break statement shall terminate every non - empty switch-clause
MISRA C++:2008 Rule 6-4-6The final clause of a switch statement shall be the default-clause
MISRA C++:2008 Rule 6-4-7The condition of a switch statement shall not have bool type
MISRA C++:2008 Rule 6-4-8Every switch statement shall have at least one case-clause
MISRA C++:2008 Rule 6-5-1A for loop shall contain a single loop-counter which shall not have floating type
MISRA C++:2008 Rule 6-5-2If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=
MISRA C++:2008 Rule 6-5-3The loop-counter shall not be modified within condition or statement
MISRA C++:2008 Rule 6-5-4The loop-counter shall be modified by one of: --, ++, -=n, or +=n ; where n remains constant for the duration of the loop
MISRA C++:2008 Rule 6-5-5A loop-control-variable other than the loop-counter shall not be modified within condition or expression
MISRA C++:2008 Rule 6-5-6A loop-control-variable other than the loop-counter which is modified in statement shall have type bool
MISRA C++:2008 Rule 6-6-1Any label referenced by a goto statement shall be declared in the same block, or in a block enclosing the goto statement
MISRA C++:2008 Rule 6-6-2The goto statement shall jump to a label declared later in the same function body
MISRA C++:2008 Rule 6-6-3The continue statement shall only be used within a well-formed for loop
MISRA C++:2008 Rule 6-6-4For any iteration statement there shall be no more than one break or goto statement used for loop termination
MISRA C++:2008 Rule 6-6-5A function shall have a single point of exit at the end of the function
MISRA C++:2008 Rule 7-1-1A variable which is not modified shall be const qualified
MISRA C++:2008 Rule 7-1-2A pointer or reference parameter in a function shall be declared as pointer to const or reference to const if the corresponding object is not modified
MISRA C++:2008 Rule 7-3-1The global namespace shall only contain main, namespace declarations and extern "C" declarations
MISRA C++:2008 Rule 7-3-2The identifier main shall not be used for a function other than the global function main
MISRA C++:2008 Rule 7-3-3There shall be no unnamed namespaces in header files
MISRA C++:2008 Rule 7-3-4using-directives shall not be used
MISRA C++:2008 Rule 7-3-5Multiple declarations for an identifier in the same namespace shall not straddle a using-declaration for that identifier
MISRA C++:2008 Rule 7-3-6using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files
MISRA C++:2008 Rule 7-4-2Assembler instructions shall only be introduced using the asm declaration
MISRA C++:2008 Rule 7-4-3Assembly language shall be encapsulated and isolated
MISRA C++:2008 Rule 7-5-1A function shall not return a reference or a pointer to an automatic variable (including parameters), defined within the function
MISRA C++:2008 Rule 7-5-2The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist
MISRA C++:2008 Rule 7-5-3A function shall not return a reference or a pointer to a parameter that is passed by reference or const reference
MISRA C++:2008 Rule 7-5-4Functions should not call themselves, either directly or indirectly
MISRA C++:2008 Rule 8-0-1An init-declarator-list or a member-declarator-list shall consist of a single init-declarator or member-declarator respectively
MISRA C++:2008 Rule 8-3-1Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments
MISRA C++:2008 Rule 8-4-1Functions shall not be defined using the ellipsis notation
MISRA C++:2008 Rule 8-4-2The identifiers used for the parameters in a re-declaration of a function shall be identical to those in the declaration
MISRA C++:2008 Rule 8-4-3All exit paths from a function with non- void return type shall have an explicit return statement with an expression
MISRA C++:2008 Rule 8-4-4A function identifier shall either be used to call the function or it shall be preceded by &
MISRA C++:2008 Rule 8-5-1All variables shall have a defined value before they are used
MISRA C++:2008 Rule 8-5-2Braces shall be used to indicate and match the structure in the non- zero initialization of arrays and structures
MISRA C++:2008 Rule 8-5-3In an enumerator list, the = construct shall not be used to explicitly initialize members other than the first, unless all items are explicitly initialized
MISRA C++:2008 Rule 9-3-1const member functions shall not return non-const pointers or references to class-data
MISRA C++:2008 Rule 9-3-2Member functions shall not return non-const handles to class-data
MISRA C++:2008 Rule 9-3-3If a member function can be made static then it shall be made static, otherwise if it can be made const then it shall be made const
MISRA C++:2008 Rule 9-5-1Unions shall not be used
MISRA C++:2008 Rule 9-6-2Bit-fields shall be either bool type or an explicitly unsigned or signed integral type
MISRA C++:2008 Rule 9-6-3Bit-fields shall not have enum type
MISRA C++:2008 Rule 9-6-4Named bit-fields with signed integer type shall have a length of more than one bit
MISRA C++:2008 Rule 10-1-1Classes should not be derived from virtual bases
MISRA C++:2008 Rule 10-1-2A base class shall only be declared virtual if it is used in a diamond hierarchy
MISRA C++:2008 Rule 10-1-3An accessible base class shall not be both virtual and non-virtual in the same hierarchy
MISRA C++:2008 Rule 10-2-1All accessible entity names within a multiple inheritance hierarchy should be unique
MISRA C++:2008 Rule 10-3-1There shall be no more than one definition of each virtual function on each path through the inheritance hierarchy
MISRA C++:2008 Rule 10-3-2Each overriding virtual function shall be declared with the virtual keyword
MISRA C++:2008 Rule 10-3-3A virtual function shall only be overridden by a pure virtual function if it is itself declared as pure virtual
MISRA C++:2008 Rule 11-0-1Member data in non- POD class types shall be private
MISRA C++:2008 Rule 12-1-1An object's dynamic type shall not be used from the body of its constructor or destructor
MISRA C++:2008 Rule 12-1-2All constructors of a class should explicitly call a constructor for all of its immediate base classes and all virtual base classes
MISRA C++:2008 Rule 12-1-3All constructors that are callable with a single argument of fundamental type shall be declared explicit
MISRA C++:2008 Rule 12-8-1A copy constructor shall only initialize its base classes and the non- static members of the class of which it is a member
MISRA C++:2008 Rule 12-8-2The copy assignment operator shall be declared protected or private in an abstract class
MISRA C++:2008 Rule 14-5-2A copy constructor shall be declared when there is a template constructor with a single parameter that is a generic parameter
MISRA C++:2008 Rule 14-5-3A copy assignment operator shall be declared when there is a template assignment operator with a parameter that is a generic parameter
MISRA C++:2008 Rule 14-6-1In a class template with a dependent base, any name that may be found in that dependent base shall be referred to using a qualified-id or this->
MISRA C++:2008 Rule 14-6-2The function chosen by overload resolution shall resolve to a function declared previously in the translation unit
MISRA C++:2008 Rule 14-7-3All partial and explicit specializations for a template shall be declared in the same file as the declaration of their primary template
MISRA C++:2008 Rule 14-8-1Overloaded function templates shall not be explicitly specialized
MISRA C++:2008 Rule 14-8-2The viable function set for a function call should either contain no function specializations, or only contain function specializations
MISRA C++:2008 Rule 15-0-2An exception object should not have pointer type
MISRA C++:2008 Rule 15-0-3Control shall not be transferred into a try or catch block using a goto or a switch statement
MISRA C++:2008 Rule 15-1-2NULL shall not be thrown explicitly
MISRA C++:2008 Rule 15-1-3An empty throw (throw;) shall only be used in the compound- statement of a catch handler
MISRA C++:2008 Rule 15-3-2There should be at least one exception handler to catch all otherwise unhandled exceptions
MISRA C++:2008 Rule 15-3-3Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases
MISRA C++:2008 Rule 15-3-5A class type exception shall always be caught by reference
MISRA C++:2008 Rule 15-3-6Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class
MISRA C++:2008 Rule 15-3-7Where multiple handlers are provided in a single try-catch statement or function-try-block, any ellipsis (catch-all) handler shall occur last
MISRA C++:2008 Rule 15-4-1If a function is declared with an exception-specification, then all declarations of the same function (in other translation units) shall be declared with the same set of type-ids
MISRA C++:2008 Rule 15-5-1A class destructor shall not exit with an exception
MISRA C++:2008 Rule 15-5-2Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s)
MISRA C++:2008 Rule 15-5-3The terminate() function shall not be called implicitly
MISRA C++:2008 Rule 16-0-1#include directives in a file shall only be preceded by other preprocessor directives or comments
MISRA C++:2008 Rule 16-0-2Macros shall only be #define 'd or #undef 'd in the global namespace
MISRA C++:2008 Rule 16-0-3#undef shall not be used
MISRA C++:2008 Rule 16-0-4Function-like macros shall not be defined
MISRA C++:2008 Rule 16-0-5Arguments to a function-like macro shall not contain tokens that look like preprocessing directives
MISRA C++:2008 Rule 16-0-6In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##
MISRA C++:2008 Rule 16-0-7Undefined macro identifiers shall not be used in #if or #elif preprocessor directives, except as operands to the defined operator
MISRA C++:2008 Rule 16-0-8If the # token appears as the first token on a line, then it shall be immediately followed by a preprocessing token
MISRA C++:2008 Rule 16-1-1The defined preprocessor operator shall only be used in one of the two standard forms
MISRA C++:2008 Rule 16-1-2All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if or #ifdef directive to which they are related
MISRA C++:2008 Rule 16-2-1The preprocessor shall only be used for file inclusion and include guards
MISRA C++:2008 Rule 16-2-2C++ macros shall only be used for: include guards, type qualifiers, or storage class specifiers
MISRA C++:2008 Rule 16-2-3Include guards shall be provided
MISRA C++:2008 Rule 16-2-4The ', ", /* or // characters shall not occur in a header file name
MISRA C++:2008 Rule 16-2-5The \ character should not occur in a header file name
MISRA C++:2008 Rule 16-2-6The #include directive shall be followed by either a <filename> or "filename" sequence
MISRA C++:2008 Rule 16-3-1There shall be at most one occurrence of the # or ## operators in a single macro definition
MISRA C++:2008 Rule 16-3-2The # and ## operators should not be used
MISRA C++:2008 Rule 16-6-1All uses of the #pragma directive shall be documented
MISRA C++:2008 Rule 17-0-1Reserved identifiers, macros and functions in the standard library shall not be defined, redefined or undefined
MISRA C++:2008 Rule 17-0-2The names of standard library macros and objects shall not be reused
MISRA C++:2008 Rule 17-0-3The names of standard library functions shall not be overridden
MISRA C++:2008 Rule 17-0-5The setjmp macro and the longjmp function shall not be used
MISRA C++:2008 Rule 18-0-1The C library shall not be used
MISRA C++:2008 Rule 18-0-2The library functions atof, atoi and atol from library <cstdlib> shall not be used
MISRA C++:2008 Rule 18-0-3The library functions abort, exit, getenv and system from library <cstdlib> shall not be used
MISRA C++:2008 Rule 18-0-4The time handling functions of library <ctime> shall not be used
MISRA C++:2008 Rule 18-0-5The unbounded functions of library <cstring> shall not be used
MISRA C++:2008 Rule 18-2-1The macro offsetof shall not be used
MISRA C++:2008 Rule 18-4-1Dynamic heap memory allocation shall not be used
MISRA C++:2008 Rule 18-7-1The signal handling facilities of <csignal> shall not be used
MISRA C++:2008 Rule 19-3-1The error indicator errno shall not be used
MISRA C++:2008 Rule 27-0-1The stream input/output library <cstdio> shall not be used

Code Metrics

Number of Direct RecursionsNumber of instances of a function calling itself directly
Number of Header FilesNumber of included header files
Number of FilesNumber of source files
Number of RecursionsNumber of call graph cycles over one or more functions
Comment DensityRatio of number of comments to number of statements
Estimated Function CouplingMeasure of complexity between levels of call tree
Number of LinesTotal number of lines in a file
Number of Lines Without CommentNumber of lines of code excluding comments
Cyclomatic ComplexityNumber of linearly independent paths in function body
Higher Estimate of Local Variable SizeTotal size of all local variables in function
Language ScopeLanguage scope
Lower Estimate of Local Variable SizeTotal size of local variables in function taking nested scopes into account
Number of Call LevelsMaximum depth of nesting of control flow structures
Number of Call OccurrencesNumber of calls in function body
Number of Called FunctionsNumber of callees of a function
Number of Calling FunctionsNumber of distinct callers of a function
Number of Executable LinesNumber of executable lines in function body
Number of Function ParametersNumber of function arguments
Number of Goto StatementsNumber of goto statements
Number of InstructionsNumber of instructions per function
Number of Lines Within BodyNumber of lines in function body
Number of Local Non-Static VariablesTotal number of local variables in function
Number of Local Static VariablesTotal number of local static variables in function
Number of PathsEstimated static path count
Number of Return StatementsNumber of return statements in a function