| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| EXP30-C | Medium | Probable | No | Yes | P8 | L2 |
| EXP32-C | Low | Likely | No | Yes | P6 | L2 |
| EXP33-C | High | Probable | No | Yes | P12 | L1 |
| EXP34-C | High | Likely | No | Yes | P18 | L1 |
| EXP35-C | Low | Probable | Yes | Yes | P6 | L2 |
| EXP36-C | Low | Probable | No | No | P2 | L3 |
| EXP37-C | Medium | Probable | No | No | P4 | L3 |
| EXP39-C | Medium | Unlikely | No | No | P2 | L3 |
| EXP40-C | Low | Unlikely | Yes | No | P2 | L3 |
| EXP42-C | Medium | Probable | Yes | Yes | P12 | L1 |
| EXP43-C | Medium | Probable | No | No | P4 | L3 |
| EXP44-C | Low | Unlikely | Yes | Yes | P3 | L3 |
| EXP45-C | Low | Likely | Yes | No | P6 | L2 |
Recommendations
EXP00-A. Use parentheses for precedence of operation
EXP01-A. Do not take the size of a pointer to determine the size of the pointed-to type
EXP02-A. Be aware of the short-circuit behavior of the logical AND and OR operators
EXP03-A. Do not assume the size of a structure is the sum of the sizes of its members
EXP04-A. Do not perform byte-by-byte comparisons between structures
EXP05-A. Do not cast away a const qualification
EXP06-A. Operands to the sizeof operator should not contain side effects
EXP07-A. Do not diminish the benefits of constants by assuming their values in expressions
EXP08-A. Ensure pointer arithmetic is used correctly
EXP09-A. Use sizeof to determine the size of a type or variable
EXP11-A. Do not apply operators expecting one type to data of an incompatible type
Rules
EXP30-C. Do not depend on order of evaluation between sequence points
EXP31-C. Avoid side effects in assertions
EXP32-C. Do not cast away a volatile qualification
EXP33-C. Do not reference uninitialized memory
EXP34-C. Ensure a null pointer is not dereferenced
EXP35-C. Do not access or modify the result of a function call after a subsequent sequence point
EXP36-C. Do not convert pointers into more strictly aligned pointer types
EXP37-C. Call functions with the arguments intended by the API
EXP38-C. Do not call offsetof() on bit-field members or invalid types
Risk Assessment Summary
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP00-A | low | probable | medium | P4 | L3 |
EXP01-A | high | probable | medium | P12 | L1 |
EXP02-A | low | unlikely | medium | P2 | L3 |
EXP03-A | medium | unlikely | high | P2 | L3 |
EXP04-A | medium | unlikely | high | P2 | L3 |
EXP05-A | low | probable | high | P2 | L3 |
EXP06-A | low | unlikely | low | P3 | L3 |
EXP07-A | low | unlikely | medium | P2 | L3 |
EXP08-A | high | probable | high | P6 | L2 |
EXP09-A | high | unlikely | medium | P6 | L2 |
EXP10-A | medium | probable | medium | P8 | L2 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP30-C | medium | probable | medium | P8 | L2 |
EXP31-C | low | unlikely | medium | P2 | L3 |
EXP32-C | low | likely | medium | P6 | L2 |
EXP33-C | high | unlikely | medium | P6 | L2 |
EXP34-C | high | likely | medium | P18 | L1 |
EXP35-C | low | probable | low | P6 | L2 |
EXP36-C | low | probable | medium | P4 | L3 |
EXP37-C | low | unlikely | low | P3 | L3 |
EXP38-C | low | unlikely | medium | P2 | L3 |
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
02. Declarations and Initialization (DCL) EXP00-A. Use parentheses for precedence of operation