Recommendations

DCL00-A. Const-qualify immutable objects

DCL01-A. Do not reuse variable names in subscopes

DCL02-A. Use visually distinct identifiers

DCL03-A. Use a static assertion to test the value of a constant expression

DCL04-A. Avoid declaring more than one variable per declaration

DCL05-A. Use typedefs to improve code readability

DCL06-A. Use meaningful symbolic constants to represent literal values in program logic

DCL07-A. Include the appropriate type information in function declarators

DCL08-A. Properly encode relationships in constant definitions

DCL09-A. Declare functions that return an errno error code with a return type of errno_t

DCL10-A. Maintain the contract between the writer and caller of variadic functions

DCL11-A. Understand the type issues associated with variadic functions

DCL12-A. Create and use abstract data types

DCL13-A. Function arguments that are pointers to values not changed by the function should be declared const

Rules

DCL30-C. Declare objects with appropriate storage durations

DCL31-C. Declare identifiers before using them

DCL32-C. Guarantee that mutually-visible identifiers are unique

DCL33-C. Ensure that restrict-qualified source and destination pointers in function arguments do not reference overlapping objects

DCL34-C. Use volatile for data that cannot be cached

DCL35-C. Do not convert a function pointer to an incompatible type

DCL36-C. Do not declare an identifier with conflicting linkage classifications

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL00-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL01-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL02-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL03-A

1 (low)

1 (unlikely)

1 (high)

P1

L3

DCL04-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL05-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL06-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL07-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL08-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL09-A

1 (low)

1 (unlikely)

2 (medium)

P2

L3

DCL10-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

DCL11-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

DCL12-A

1 (low)

1 (unlikely)

1 (high)

P1

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL30-C

3 (high)

2 (probable)

1 (high)

P6

L2

DCL31-C

 

 

 

 

 

DCL32-C

2 (medium)

1 (unlikely)

3 (low)

P6

L2

DCL33-C

2 (medium)

2 (probable)

1 (high)

P4

L3

DCL34-C

2 (medium)

1 (unlikely)

2 (medium)

P4

L3

DCL35-C

1 (low)

1 (unlikely)

3 (low)

P3

L3

DCL36-C

1 (low)

2 (probable)

3 (low)

P6

L2


PRE31-C. Never invoke an unsafe macro with arguments containing assignment, increment, decrement, volatile access, or function call      CERT C Secure Coding Standard       DCL00-A. Const-qualify immutable objects