Checker | Guideline |
|---|
| CERT_CPP-CON50-a | CON50 | EXP51-CPP. Do not delete an array through a pointer of the incorrect type | EXP53-CPP. Do not read uninitialized memory | EXP54-CPP. Do not access an object outside of its lifetime | EXP57-CPP. Do not cast or delete pointers to incomplete classes | MEM50-CPP. Do not access freed memory | MEM51-CPP. Properly deallocate dynamically allocated resources | MEM52-CPP. Detect and handle memory allocation errors | FIO51-CPP. Close files when they are no longer needed | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members | DCL19-CPP. Initialize automatic local variables on declaration | FIO04-CPP. Detect and handle input and output errors | MEM01-CPP. Store a valid value in pointers immediately after deallocation | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| BD-PB-ARRAY | EXP08-CPP. Ensure pointer arithmetic is used correctly |
| BD-PB-NOTINIT | EXP53-CPP. Do not read uninitialized memory |
| BD-PB-NP | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members |
| BD-PB-NP | MSC08-CPP. Functions should validate their parameters |
| BD-PB-OVERFWR | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| BD-PB-OVERF{RD, WR, FMT, NZT} | CTR52-CPP. Guarantee that library functions do not form invalid iterators |
| BD-PB-OVERF{RD, WR, FMT, NZT} | STR53-CPP. Range check element access |
| BD-PB-OVERNZT | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
| BD-PB-SWITCH, JSF-186_{a, b, c, d, e, f, g} | MSC07-CPP. Detect and remove dead code |
| BD-PB-SWITCH, JSF-186_{a,b,c,d,e,f,g} | MSC12-CPP. Detect and remove code that has no effect |
| BD-PB-ZERO, MISRA2004-10_2_{b,c,d} | FLP03-CPP. Detect and handle floating point errors |
| BD-RES-FREE | EXP54-CPP. Do not access an object outside of its lifetime |
| BD-RES-FREE | MEM50-CPP. Do not access freed memory |
| BD-RES-LEAKS | FIO51-CPP. Close files when they are no longer needed |
| BD-RES-LEAKS | ERR56-CPP. Guarantee exception safety |
| BD-RES-LEAKS | ERR57-CPP. Do not leak resources when handling exceptions |
| BD-SECURITY-INTOVERF | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| BD-SECURITY-OVERFRD | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| BD-SECURITY-OVERFWR | INT04-CPP. Enforce limits on integer values originating from untrusted sources |
| BD-SECURITY-TDFNAMES | FIO02-CPP. Canonicalize path names originating from untrusted sources |
| BD-SECURITY-TDFNAMES | MSC09-CPP. Character encoding: Use subset of ASCII for safety |
| BD-SECURITY-TDFNAMES | MSC10-CPP. Character encoding: UTF8-related issues |
| BD-SECURITY-{TDCMD, TDFNAMES, TDSQL} | STR02-CPP. Sanitize data passed to complex subsystems |
| CODSTA-11 | MSC11-CPP. Incorporate diagnostic tests using assertions |
| CODSTA-122_{a,b} | ERR10-CPP. Check for error conditions |
| CODSTA-122{a,b} | EXP12-CPP. Do not ignore values returned by functions or methods |
| CODSTA-198 | MSC01-CPP. Strive for logical completeness |
| CODSTA-26 | DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic |
| CODSTA-34 | DCL05-CPP. Use typedefs to improve code readability |
| CODSTA-63 | EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts |
| CODSTA-69 | STR07-CPP. Don't assume numeric values for expressions with type plain character |
| destroy a mutex while it is locked |
| CERT_CPP-CON51-a | CON51-CPP. Ensure actively held locks are released on exceptional conditions |
| CERT_CPP-CON52-a | CON52-CPP. Prevent data races when accessing bit-fields from multiple threads |
| CERT_CPP-CON53-a | CON53-CPP. Avoid deadlock by locking in a predefined order |
| CERT_CPP-CON54-a | CON54-CPP. Wrap functions that can spuriously wake up in a loop |
| CERT_CPP-CON55-a | CON55-CPP. Preserve thread safety and liveness when using condition variables |
| CERT_CPP-CON56-a | CON56-CPP. Do not speculatively lock a non-recursive mutex that is already owned by the calling thread |
| CERT_CPP-CTR50-a | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
| CERT_CPP-CTR51-a | CTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container |
| CERT_CPP-CTR52-a | CTR52-CPP. Guarantee that library functions do not overflow |
| CERT_CPP-CTR53-a | CTR53-CPP. Use valid iterator ranges |
| CERT_CPP-CTR53-b | CTR53-CPP. Use valid iterator ranges |
| CERT_CPP-CTR54-a | CTR54-CPP. Do not subtract iterators that do not refer to the same container |
| CERT_CPP-CTR54-b | CTR54-CPP. Do not subtract iterators that do not refer to the same container |
| CERT_CPP-CTR55-a | CTR55-CPP. Do not use an additive operator on an iterator if the result would overflow |
| CERT_CPP-CTR56-a | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
| CERT_CPP-CTR56-b | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
| CERT_CPP-CTR56-c | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
| CERT_CPP-CTR57-a | CTR57-CPP. Provide a valid ordering predicate |
| CERT_CPP-CTR58-a | CTR58-CPP. Predicate function objects should not be mutable |
| CERT_CPP-DCL50-a | DCL50-CPP. Do not define a C-style variadic function |
| CERT_CPP-DCL51-a | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL51-b | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL51-c | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL51-d | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL51-e | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL51-f | DCL51-CPP. Do not declare or define a reserved identifier |
| CERT_CPP-DCL52-a | DCL52-CPP. Never qualify a reference type with const or volatile |
| CERT_CPP-DCL53-a | DCL53-CPP. Do not write syntactically ambiguous declarations |
| CERT_CPP-DCL53-b | DCL53-CPP. Do not write syntactically ambiguous declarations |
| CERT_CPP-DCL54-a | DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope |
| CERT_CPP-DCL55-a | DCL55-CPP. Avoid information leakage when passing a class object across a trust boundary |
| CERT_CPP-DCL56-a | DCL56-CPP. Avoid cycles during initialization of static objects |
| CERT_CPP-DCL57-a | DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions |
| CERT_CPP-DCL57-b | DCL57-CPP. Do not let exceptions escape from destructors or deallocation functions |
| CERT_CPP-DCL58-a | DCL58-CPP. Do not modify the standard namespaces |
| CERT_CPP-DCL59-a CODSTA-74 | DCL59-CPP. Do not define an unnamed namespace in a header file |
| CODSTA-97 | EXP00-CPP. Use parentheses for precedence of operation |
| CODSTA-CPP-01 | FIO17-CPP. Prefer streams to C-style input and output |
| CODSTA-CPP-05 | OOP01-CPP. Be careful with the definition of conversion operators |
| CODSTA-CPP-09 | EXP13-CPP. Prefer dynamic_cast over static_cast over reinterpret_cast |
| CODSTA-CPP-09 | EXP14-CPP. Do not use reinterpret_cast on pointers to class objects with multiple inheritence |
| CODSTA-CPP-70 | MSC21-CPP. Use inequality to terminate a loop whose counter changes by more than one |
| CODSTA-CPP04 | OOP09-CPP. Ensure that single-argument constructors are marked "explicit" |
| CPP-83 | DCL01-CPP. Do not reuse variable names in subscopes |
| CPP-84 | DCL01-CPP. Do not reuse variable names in subscopes |
| EXCEPT-02 | ERR09-CPP. Throw anonymous temporaries |
| EXCEPT-13 | ERR51-CPP. Handle all exceptions |
| EXCEPT-14 | ERR55-CPP. Honor exception specifications |
| EXCEPT-16 | ERR53-CPP. Do not reference base classes or class data members in a constructor or destructor function-try-block handler |
| EXCEPT-17 | ERR54-CPP. Catch handlers should order their parameter types from most derived to least derived |
| EXCEPT-18 | ERR58-CPP. Constructors of objects with static or thread storage duration must not throw exceptions |
| FORMAT-29 | DCL04-CPP. Do not declare more than one variable per declaration |
| FORMAT-31 | EXP17-CPP. Treat relational and equality operators as if they were nonassociative |
| INIT-03 | DCL19-CPP. Initialize automatic local variables on declaration |
| INIT-04 | DCL19-CPP. Initialize automatic local variables on declaration |
| INIT-10 | OOP53-CPP. Write constructor member initializers in the canonical order |
| INIT-12 | DCL14-CPP. Avoid assumptions about the initialization order between translation units |
| JSF-009 | MSC09-CPP. Character encoding: Use subset of ASCII for safety |
| JSF-014 | DCL16-CPP. Use "L," not "l," to indicate a long value |
| JSF-094 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
| JSF-094_b | OOP02-CPP. Do not hide inherited non-virtual member functions |
| JSF-114 | MSC54-CPP. Value-returning functions must return a value from all exit paths |
| JSF-117_a | OOP51-CPP. Do not slice derived objects |
| JSF-118 | DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const |
| JSF-126 | MSC04-CPP. Use comments consistently and in a readable fashion |
| JSF-136_{a,b} | DCL07-CPP. Minimize the scope of variables and methods |
| JSF-137 | DCL15-CPP. Declare file-scope objects or functions that do not need external linkage in an unnamed namespace |
| JSF-147 | MSC14-CPP. Do not introduce unnecessary platform dependencies |
| JSF-157 | EXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operators |
| JSF-159 | DCL10-CPP. Do not overload the ampersand, comma, logical AND or logical OR operators |
| JSF-159b | DCL10-CPP. Do not overload the ampersand, comma, logical AND or logical OR operators |
| JSF-166, JSF-166_{b,c} | EXP52-CPP. Do not rely on side effects in unevaluated operands |
| JSF-187 | MSC03-CPP. Avoid errors of addition |
| JSF-193 | MSC18-CPP. Finish every set of statements associated with a case label with a break statement |
| JSF-194 | MSC01-CPP. Strive for logical completeness |
| JSF-203 | MSC15-CPP. Do not depend on undefined behavior |
| JSF-204.1{a,b,c,d,g} | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| MEM-06 | MEM51-CPP. Properly deallocate dynamically allocated resources |
| MEM-12 | MEM51-CPP. Properly deallocate dynamically allocated resources |
| MEM-28 | MEM51-CPP. Properly deallocate dynamically allocated resources |
| MEM-29 | MEM51-CPP. Properly deallocate dynamically allocated resources |
| MISRA-043_{c,d} | FLP05-CPP. Convert integers to floating point for floating point operations |
| MISRA-043{b} | INT02-CPP. Understand integer conversion rules |
| MISRA-043{b} | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| MISRA-096 | PRE02-CPP. Macro replacement lists should be parenthesized |
| MISRA-101 | EXP08-CPP. Ensure pointer arithmetic is used correctly |
| MISRA2004-11_4 | EXP56-CPP. Do not cast pointers into more strictly aligned pointer types |
| MISRA2004-13_3 | FLP00-CPP. Understand the limitations of floating-point numbers |
| MISRA2004-13_3 | FLP02-CPP. Avoid using floating point numbers when precise computation is needed |
| MISRA2004-14_2 | MSC13-CPP. Detect and remove unused values |
| MISRA2004-16_1 | DCL50-CPP. Do not define a C-style variadic function |
| MISRA2004-19_10 | PRE01-CPP. Use parentheses within macros around parameter names |
| MISRA2004-19_7 | PRE00-CPP. Avoid defining macros |
| MISRA2004-20_10 | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| MISRA2004-4_2-3 | PRE07-CPP. Avoid using repeated question marks |
| MISRA2004-6_1 | STR00-CPP. Represent characters using an appropriate type |
| MISRA2004-6_1 | STR04-CPP. Use plain char for characters in the basic character set |
| MISRA2004-6_4 | INT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression |
| MISRA2004-6_{1,2} | INT07-CPP. Use only explicitly signed or unsigned char type for numeric values |
| MISRA2008-15_3_1 | ERR58-CPP. Constructors of objects with static or thread storage duration must not throw exceptions |
| MISRA2008-15_5_2 | ERR55-CPP. Honor exception specifications |
| MISRA2008-17_0_1_{a, b} | DCL51-CPP. Do not declare or define a reserved identifier |
| MISRA2008-5_0_21 | INT13-CPP. Use bitwise operators only on unsigned operands |
| MISRA2008-5_0_21 | INT16-CPP. Do not make assumptions about representation of signed integers |
| MISRA2008-5_2_8 | EXP16-CPP. Avoid conversions using void pointers |
| MISRA2008-5_2_8 | INT11-CPP. Take care when converting from pointer to integer or integer to pointer |
| MISRA2008-7_1_1 | DCL00-CPP. Const-qualify immutable objects |
| MISRA2012-RULE-21_4_{a,b}, JSF-020 | ERR52-CPP. Do not use setjmp() or longjmp() |
| MISRA2012-RULE-21_5_b | MSC56-CPP. A signal handler must be a plain old function |
| MISRA2012-RULE-21_5_b | SIG00-CPP. Mask signals handled by noninterruptible signal handlers |
| MISRA2012-RULE-21_5_b | SIG01-CPP. Understand implementation-specific details regarding signal handler persistence |
| MISRA2012-RULE-21_5_b | SIG02-CPP. Avoid using signals to implement normal functionality |
| MISRA2012-RULE-21_8 | ENV02-CPP. Do not call system() if you do not need a command processor |
| MISRA2012-RULE-21_8 | ERR04-CPP. Choose an appropriate termination strategy |
| MISRA2012-RULE-21_8 | ERR05-CPP. Application-independent code should provide error detection without dictating error handling |
| MISRA2012-RULE-8_12 | INT09-CPP. Ensure enumeration constants map to unique values |
| MRM-09 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
| MRM-10 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
| MRM-11 | MEM01-CPP. Store a valid value in pointers immediately after deallocation |
| MRM-14 | MEM55-CPP. Honor replacement dynamic storage management requirements |
| MRM-15 | MEM55-CPP. Honor replacement dynamic storage management requirements |
| MRM-18 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| MRM-19 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| MRM-20 | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| MRM-26 | DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope |
| MRM-27 | DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope |
| MRM-34 | MEM52-CPP. Detect and handle memory allocation errors |
| MRM-39, CODSTA-122_{a,b} | FIO04-CPP. Detect and handle input and output errors |
| MRM-45 | EXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to type |
| MRM-50 | OOP06-CPP. Create a private copy constructor and assignment operator for non copyable objects |
| NAMING-45 | DCL02-CPP. Use visually distinct identifiers |
| OOP-02 | OOP51-CPP. Do not slice derived objects |
| OOP-03 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
| OOP-04 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
| OOP-07 | OOP07-CPP. Do not inherit from multiple classes that have distinct objects with the same name |
| OOP-12 | OOP08-CPP. Do not return references to private data |
| OOP-13 | OOP04-CPP. Prefer not to give virtual functions default argument initializers |
| CERT_CPP-DCL60-a | DCL60-CPP. Obey the one-definition rule |
| CERT_CPP-ERR50-a | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-b | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-c | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-d | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-e | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-f | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-g | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-h | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-i | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-j | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-k | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-l | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR50-m | ERR50-CPP. Do not abruptly terminate the program |
| CERT_CPP-ERR51-a | ERR51-CPP. Handle all exceptions |
| CERT_CPP-ERR51-b | ERR51-CPP. Handle all exceptions |
| CERT_CPP-ERR52-a | ERR52-CPP. Do not use setjmp() or longjmp() |
| CERT_CPP-ERR52-b | ERR52-CPP. Do not use setjmp() or longjmp() |
| CERT_CPP-ERR53-a | ERR53-CPP. Do not reference base classes or class data members in a constructor or destructor function-try-block handler |
| CERT_CPP-ERR54-a | ERR54-CPP. Catch handlers should order their parameter types from most derived to least derived |
| CERT_CPP-ERR55-a | ERR55-CPP. Honor exception specifications |
| CERT_CPP-ERR56-a | ERR56-CPP. Guarantee exception safety |
| CERT_CPP-ERR57-a | ERR57-CPP. Do not leak resources when handling exceptions |
| CERT_CPP-ERR58-a | ERR58-CPP. Handle all exceptions thrown before main() begins executing |
| CERT_CPP-ERR59-a | ERR59-CPP. Do not throw an exception across execution boundaries |
| CERT_CPP-ERR60-a | ERR60-CPP. Exception objects must be nothrow copy constructible |
| CERT_CPP-ERR60-b | ERR60-CPP. Exception objects must be nothrow copy constructible |
| CERT_CPP-ERR61-a | ERR61-CPP. Catch exceptions by lvalue reference |
| CERT_CPP-ERR61-b | ERR61-CPP. Catch exceptions by lvalue reference |
| CERT_CPP-ERR62-a | ERR62-CPP. Detect errors when converting a string to a number |
| CERT_CPP-EXP50-a | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP50-b | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP50-c | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP50-d | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP50-e | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP50-f | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| CERT_CPP-EXP51-a | EXP51-CPP. Do not delete an array through a pointer of the incorrect type |
| CERT_CPP-EXP52-a | EXP52-CPP. Do not rely on side effects in unevaluated operands |
| CERT_CPP-EXP52-b | EXP52-CPP. Do not rely on side effects in unevaluated operands |
| CERT_CPP-EXP52-c | EXP52-CPP. Do not rely on side effects in unevaluated operands |
| CERT_CPP-EXP53-a | EXP53-CPP. Do not read uninitialized memory |
| CERT_CPP-EXP54-a | EXP54-CPP. Do not access an object outside of its lifetime |
| CERT_CPP-EXP54-b | EXP54-CPP. Do not access an object outside of its lifetime |
| CERT_CPP-EXP54-c | EXP54-CPP. Do not access an object outside of its lifetime |
| CERT_CPP-EXP55-a | EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type |
| CERT_CPP-EXP56-a | EXP56-CPP. Do not call a function with a mismatched language linkage |
| CERT_CPP-EXP57-a | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| CERT_CPP-EXP57-b | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| CERT_CPP-EXP58-a | EXP58-CPP. Pass an object of the correct type to va_start |
| CERT_CPP-EXP59-a | EXP59-CPP. Use offsetof() on valid types and members |
| CERT_CPP-EXP60-a | EXP60-CPP. Do not pass a nonstandard-layout type object across execution boundaries |
| CERT_CPP-EXP61-a | EXP61-CPP. A lambda object must not outlive any of its reference captured objects |
| CERT_CPP-EXP61-b | EXP61-CPP. A lambda object must not outlive any of its reference captured objects |
| CERT_CPP-EXP61-c | EXP61-CPP. A lambda object must not outlive any of its reference captured objects |
| CERT_CPP-EXP62-a | EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation |
| CERT_CPP-EXP63-a | EXP63-CPP. Do not rely on the value of a moved-from object |
| CERT_CPP-FIO50-a | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call |
| CERT_CPP-FIO51-a | FIO51-CPP. Close files when they are no longer needed |
| CERT_CPP-INT50-a | INT50-CPP. Do not cast to an out-of-range enumeration value |
| CERT_CPP-MEM50-a | MEM50-CPP. Do not access freed memory |
| CERT_CPP-MEM51-a | MEM51-CPP. Properly deallocate dynamically allocated resources |
| CERT_CPP-MEM51-b | MEM51-CPP. Properly deallocate dynamically allocated resources |
| CERT_CPP-MEM51-c | MEM51-CPP. Properly deallocate dynamically allocated resources |
| CERT_CPP-MEM51-d | MEM51-CPP. Properly deallocate dynamically allocated resources |
| CERT_CPP-MEM52-a | MEM52-CPP. Detect and handle memory allocation errors |
| CERT_CPP-MEM52-b | MEM52-CPP. Detect and handle memory allocation errors |
| CERT_CPP-MEM53-a | MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime |
| CERT_CPP-MEM54-a | MEM54-CPP. Provide placement new with properly aligned pointers to sufficient storage capacity |
| CERT_CPP-MEM54-b | MEM54-CPP. Provide placement new with properly aligned pointers to sufficient storage capacity |
| CERT_CPP-MEM55-a | MEM55-CPP. Honor replacement dynamic storage management requirements |
| CERT_CPP-MEM56-a | MEM56-CPP. Do not store an already-owned pointer value in an unrelated smart pointer |
| CERT_CPP-MEM57-a | MEM57-CPP. Avoid using default operator new for over-aligned types |
| CERT_CPP-MSC50-a | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers |
| CERT_CPP-MSC51-a | MSC51-CPP. Ensure your random number generator is properly seeded |
| CERT_CPP-MSC52-a | MSC52-CPP. Value-returning functions must return a value from all exit paths |
| CERT_CPP-MSC53-a | MSC53-CPP. Do not return from a function declared [[noreturn]] |
| CERT_CPP-MSC54-a | MSC54-CPP. A signal handler must be a plain old function |
| CERT_CPP-OOP50-a | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
| CERT_CPP-OOP50-b | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
| CERT_CPP-OOP50-c | OOP50-CPP. Do not invoke virtual functions from constructors or destructors |
| CERT_CPP-OOP50-d OOP-16 | OOP50-CPP. Do not invoke virtual functions from constructors or destructors | OOP-17 |
| CERT_CPP-OOP51-a | OOP51OOP03-CPP. Prefer not to overload virtual functionsDo not slice derived objects |
| CERT_CPP-OOP52-a OOP-22 | OOP52-CPP. Do not delete a polymorphic object without a virtual destructor |
| OOP-34 | OOP54-CPP. Gracefully handle self-assignment |
| OOP-48 | OOP00-CPP. Declare data members private |
| OPT-04 | EXP18-CPP. Prefer the prefix forms of ++ and -- |
| OPT-14 | DCL17-CPP. Declare function parameters that are large data structures and are not changed by the function as const references |
| PB-10 | EXP51-CPP. Do not delete an array through a pointer of the incorrect type |
| PB-10 | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
| PB-32 | CTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array |
| PB-32 | EXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to type |
| PB-35 | MSC02-CPP. Avoid errors of omission |
| PB-45 | FIO00-CPP. Take care when creating format strings |
| PB-46 | FIO00-CPP. Take care when creating format strings |
| PB-47 | FIO00-CPP. Take care when creating format strings |
| PB-48 | FIO00-CPP. Take care when creating format strings |
| PB-49 | FIO00-CPP. Take care when creating format strings |
| PB-50 | FIO00-CPP. Take care when creating format strings |
| PB-54 | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| PB-55 | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| PB-BD-CC | MSC02-CPP. Avoid errors of omission |
| PFO-02 | PRE06-CPP. Enclose header files in an inclusion guard |
| SECURITY-02 | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers |
| SECURITY-03 | ENV00-CPP. Beware of multiple environment variables with the same effective name |
| SECURITY-12 | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| SECURITY-13 | INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs |
| SECURITY-15 | ERR12-CPP. Do not allow exceptions to transmit sensitive information |
| SECURITY-19 | FIO19-CPP. Do not create temporary files in shared directories |
| SECURITY-25 | CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified |
| SECURITY-27 | FIO01-CPP. Be careful using functions that use file names for identification |
| SECURITY-40 | FIO06-CPP. Create files with appropriate access permissions |
| STL-02 | CTR56-CPP. Do not use pointer arithmetic on polymorphic objects |
| STL-07 | CTR04-CPP. Assume responsibility for cleaning up data referenced by a container of pointers |
| STL-10 | CTR00-CPP. Understand when to prefer vectors over arrays |
| STL-36 | CTR50-CPP. Guarantee that container indices and iterators are within the valid range |
|
| CERT_CPP-OOP53-a | OOP53-CPP. Write constructor member initializers in the canonical order |
| CERT_CPP-OOP54-a | OOP54-CPP. Gracefully handle self-copy assignment |
| CERT_CPP-OOP55-a | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members |
| CERT_CPP-OOP56-a | OOP56-CPP. Honor replacement handler requirements |
| CERT_CPP-OOP56-b | OOP56-CPP. Honor replacement handler requirements |
| CERT_CPP-OOP56-c | OOP56-CPP. Honor replacement handler requirements |
| CERT_CPP-OOP57-a | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions |
| CERT_CPP-OOP57-b | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions |
| CERT_CPP-OOP58-a | OOP58-CPP. Copy operations must not mutate the source object |
| CERT_CPP-STR50-a | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-b | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-c | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-d | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-e | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-f | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR50-g | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| CERT_CPP-STR51-a | STR51-CPP. Do not attempt to create a std::string from a null pointer |
| CERT_CPP-STR52-a | STR52-CPP. Use valid references, pointers, and iterators to reference elements of a basic_string |
| CERT_CPP-STR53-a | STR53-CPP. Range check element access |
| Runtime detection | EXP51-CPP. Do not delete an array through a pointer of the incorrect type |
| Runtime detection | EXP53-CPP. Do not read uninitialized memory |
| Runtime detection | EXP54-CPP. Do not access an object outside of its lifetime |
| Runtime detection | EXP57-CPP. Do not cast or delete pointers to incomplete classes |
| Runtime detection | MEM50-CPP. Do not access freed memory |
| Runtime detection | MEM51-CPP. Properly deallocate dynamically allocated resources |
| Runtime detection | MEM52-CPP. Detect and handle memory allocation errors |
| Runtime detection | FIO51-CPP. Close files when they are no longer needed |
| Runtime detection | OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members | STL-36 | CTR53-CPP. Use valid iterator ranges |
