Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Scroll Ignore
scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue
scroll-htmltrue

This release includes the following enhancements:

Table of Contents
maxLevel1

Release date: November 21, 2024

Enhanced

Security Compliance Pack

The ...test configurations have been updated.

Enhanced Static Analysis

  • New code analysis rules have been added to extend coverage of compliance standards. See New Rulesfor the list of new rules.
  • Static analysis rules have been updated to increase the accuracy of reported violations. See See Updated Rules for the list of updated rules.
  • Static analysis engine has been enhanced to better support modern C/C++ syntax.

Enhanced Unit Testing and Code Coverage

Unit testing and coverage engine has been enhanced to better support modern C/C++ syntax.

In-File Suppressions Enhancements

  • Added the ability to easily customize the location of suppression files in both the CLI and IDE. 
  • Enhancements to suppression definitions:
    • You can now use a file path containing wildcards for the file attribute.
    • You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.

For details, see Defining Suppressions in Suppression Files.

Support for Compilers

The following compilers are now supported:

Compiler NameCompiler Identifier
Clang C/C++ Compiler v 17.0 for x86_64
clang_17_0-x86_64
Clang C/C++ Compiler v 17.0 for aarch64/arm64clang_17_0-aarch64
Clang C/C++ Compiler v 18.0 for x86_64clang_18_0-x86_64
Clang C/C++ Compiler v 18.0 for aarch64/arm64
clang_18_0-aarch64
GNU GCC 11.x for PowerPC
gcc_11-powerpc
Green Hills Software Compiler for Tricore v. 2021.1.x
ghstri_2021_1
HighTec Clang C/C++ Compiler 8.1 for aarch32/arm* (hightec-clang_8_1-aarch32)

* - Runtime analysis support has been added.

The support level for the following compilers has been changed from Extended to Standard:

  • IAR Compiler for MSP430 v. 6.1x (icc430_6_1)
  • QNX GCC 5.x (ARM64) (qccarm_5-64)
  • QNX GCC 5.x (qcc_5)
  • Wind River Clang 8.0.x (wrclang_8_0)
  • Wind River Clang 9.0.x for aarch32 (wrclang_9_0-aarch32)
  • Wind River Diab 5.9.x (diab_5_9)

See Compilers.

Support for IDEs

The following IDEs are now supported:

  • Eclipse version 4.32 (2024-06)
  • Eclipse version 4.33 (2024-09)
  • Texas Instruments Code Composer Studio 12
New and

Updated Test Configurations

The Security Compliance Pack has been extended by adding support for the following test configurations :The following test configuration has have been updated with new rules:

  • AUTOSAR C++14 Coding Guidelines
  • CWE Top 25 + On the Cusp 2022
  • CWE Top 25 + On the Cusp 2023
  • CWE Top 25 2022
  • CWE Top 25 2023
  • Flow Analysis Aggressive
  • Flow Analysis Fast
  • Flow Analysis Standard
  • Joint Strike Fighter
  • MISRA C 1998
  • MISRA C 2004
  • MISRA C 2023 (MISRA C 2012)
  • MISRA C 2012 Legacy
  • MISRA C++ 2008
  • MISRA C++ 2023
  • OWASP API Security Top 10 2019
  • Recommended Rules
  • SEI CERT C Guidelines
  • SEI CERT C Rules
  • SEI CERT C++ Rules
  • Security Rules

Additional Updates

Deprecated and Removed Support

Deprecated Support for IDEs

Support for the following IDEs is deprecated and will be removed in future releases:

  • ARM DS-5 5.28
  • Eclipse 4.6 ('Neon') - 4.21 (2021-09)
  • QNX Software Development Platform 7
  • Texas Instruments Code Composer Studio 10
  • Wind River Workbench 4.0

Removed Support for IDEs

The following IDEs are no longer supported:

  • Texas Instruments Code Composer Studio 7.4
  • Texas Instruments Code Composer Studio 8.0

Compilers to Be Deprecated

Support for the following compilers will be deprecated in future releases:

  • ARM Compiler 6.9
  • Clang C/C++ Compiler v 8.0 (x86_64)
  • Clang C/C++ Compiler v 10.0 (x86_64)
  • Green Hills Software Compiler for ARM v. 2017.5.x
  • Green Hills Software Compiler for ARM64 v. 2017.5.x
  • Green Hills Software Compiler for PPC v. 2017.1.x
  • Hexagon Clang Compiler v. 8.4.x
  • IAR Compiler for ARM v. 8.11.x
  • Microchip MPLAB C32 Compiler for PIC32 v2.0x
  • QNX GCC 5.x
  • QNX GCC 5.x (x86-64)
  • QNX GCC 5.x (ARM)
  • QNX GCC 5.x (ARM64)
  • Renesas RX C/C++ Compiler 2.5x
  • TI ARM C/C++ Compiler v18.1
  • TI ARM C/C++ Compiler GNU GCC 7.x

Deprecated Compilers

Support for the following compilers is deprecated and will be removed in future releases:

  • ARM Compiler 5.0
  • ARM Compiler 5.0 for uVision
  • GNU GCC 6.x
  • GNU GCC 6.x (x86_64)
  • Green Hills Software Compiler for PPC v. 2013.1.x
  • IAR Compiler for MSP430 v. 6.1x
  • Microchip MPLAB C30 Compiler for dsPIC v3.2x
  • National Instruments LabWindows/CVI 2015 Clang C/C++ Compiler v3.3 for Win32

Removed Support for Compilers

The following compilers are no longer supported:

  • GNU GCC 5.x
  • GNU GCC 5.x (x86_64)
  • Green Hills Software Compiler for ARM64 v. 2014.1.x
  • Green Hills Software Compiler for PPC v. 4.2.x
  • Green Hills Software Compiler for PPC v. 5.0.x
  • Green Hills Software Compiler for V850 v. 2014.1.x
  • IAR Compiler for ARM v. 7.4x
  • IAR Compiler for ARM v. 7.8x
  • IAR Compiler for M16C & R8C v. 3.5x
  • Microsoft Visual C++ 14.0
  • Microsoft Visual C++ 14.0 (x64)
  • SH Series C/C++ Compiler V.9.04.xx
  • Vx-toolset for TriCore C/C++ Compiler 6.2
  • Wind River GCC 4.8.x

Deprecated Support for IAR Import

Importing Embedded Workbench .ewp project files is now deprecated and will be removed in future releases.

Resolved Bugs and FRs

Bug/FR ID

Description

CPP-46243

[static] Mapping for CERT FIO01-C and FIO21-C should be improved

CPP-47511

[static] Split MISRA2004-2_4 (AUTOSAR-A2_7_2-a) rule (exclude doxygen comments)

CPP-53074

[static] Optimize scope computation for large workspaces (with C/C++test Pro)

CPP-55517

[compiler] Support for Green Hills compiler 2021.1.5 for TriCore

CPP-55616

[static] The do-while(0) statements (used in macro) should not be counted in cyclomatic complexity

CPP-56180

[static] Remove AUTOSAR-A3_9_1-c rule mapping

CPP-56567

[static] MISRA2004-19_9 (MISRAC2012-RULE_20_6-a) does not report violation when '#' is followed by comment with non-ascii characters

CPP-56606

[ide] Improve support for linker option LinkLibraryDependencies in VS2019 and VS2022.

CPP-56716

[static] MISRACPP2023-28_3_1-a: False positive regarding "persistent side effects" in lambda functions

CPP-56736

[static] Improve mapping for MISRACPP2023-6_4_1 to focus on variable names only

CPP-56779

[static] MISRACPP2023-0_2_1-a does not support an exception from Rule 0.2.1

CPP-56793

[static] Improve output message in CODSTA-CPP-66 (MISRACPP2023-8_2_2-a) rule

CPP-56807

[engine] Parsing fails on a Modern C++ function declaration with "const auto"

CPP-56814

[compiler] Support for HighTec C compiler for ARM 8.1 (runtime analysis)

CPP-56989

[static] Improve support for CERT_C-DCL37

CPP-57005

[static] MISRACPP2023-0_1_2-a (CODSTA-CPP-58) false positives in unevaluated contexts (noexcept, typeid)

CPP-57006

[static] MISRACPP2023-6_4_2-b (OOP-53) false positive when introducing base method through a using declaration (templates)

CPP-57009

[static] AUTOSAR-M3_3_2-a: false positive for static keyword in explicit template specialization

CPP-57033

[static] TEMPL-16 reports false positive when a template forward declaration is used in another file

CPP-57057

[engine] Static inline field parsing error when not initialized explicitly

CPP-57209

[engine] error: no instance of function template "std::construct_at"

CPP-57361

[engine] cpptestcc fails on __c11_atomic_is_lock_free

CPP-57389

[engine] Coverage instrumentation error: Mixing void and non-void results of the functor in for_each is not supported

CPP-57398

[engine] Instrumentation compile error: ambiguous call of overloaded Matrix...

CPP-57399

[engine] Coverage instrumenation instrumentation error: TFixedBlockAllocator is not a template

CPP-57425

[static] MISRA2004-12_2_f (MISRAC2012-RULE_13_2-f) reports false positive when volatile member of volatile object is used

CPP-57427

[static] PORT-28 reports false positive when integer constants with big values are used

CPP-57428

[static] MISRACPP2023-6_4_1-e (CODSTA-CPP-85) false positives on heavily templated code

CPP-57484

[engine] cpptestcc fails on __c11_atomic_load

CPP-57517

[engine] error: declaration is incompatible with "CInfraComArray<CMasterClass ...

CPP-57524

[static] False positive for MRM-39

CPP-57525

[static] MRM-19 reports false positive when a pointer is cast before delete

CPP-57533

[compiler] Support for powerpc-eabi-gcc 11.2 compiler

CPP-57538

[static] Analysis error due to possible ppro crash if 'CR' line endings are used

CPP-57541

[static] Incorrectly detected typedef declaration (AUTOSAR-A7_1_6-a, CODSTA-MCPP-02, GLOBAL-UNIQUETYPEDEF, GLOBAL-UNIQUETYPEDEFC)

CPP-57553

[engine] Variadic template stubs are ignored

CPP-57594

[engine] error: expected an expression static constexpr bool isComplex = ((QTypeInfo<Ts>::isComplex) || ...);

CPP-57609

[engine] Add option for disabling C/C++test instrumentation for functions with OpenMP code

CPP-57628

[engine] afxpanecontainer.h line 35: error: expected a ")"

CPP-57659

[static] FORMAT-43 reports false positive when the closing brace of a block is in the same line as the last statement

CPP-57673

[static] Improve mapping for AUTOSAR A7-1-2

CPP-57678

[engine] static assertion failed when running SCA, the original code compiles w/o issues

CPP-57679

[engine] Improve compiler configuration for vxtc_6_3 (--fp-model=1)

CPP-57683

[ide] Debugging unit tests does not work in VS 2022 latest update (17.10.3)

CPP-57734

[engine] Improve support for CLA mode of tic2000_18_1 compiler for Static Analysis

CPP-57736

[static] PPRO crash from yylex() in lib/libppro.so

CPP-57738

[ide] Invalid libstdc++ dependency for Rulewizard native libraries

CPP-57739

[static] INIT-12 (CERT_CPP-DCL56-a) reports false positive when template variable is used in initializer

CPP-57744

[engine] xharness crash due to stack overflow during reconstruction

CPP-57748

[static] MISRA-005 reports cwc exit code 1 when very long strings are checked

CPP-57749

[static] cwc exit code 3 - Narrowing in list initialization ignored in non-evaluated context

CPP-57770

[engine] error: incomplete type "A<void>" is not allowed

CPP-57778

[engine] Errors with QT brace-initialization

CPP-57785

[static] Property 'CapturedVariables' detects local variables that are not captured

CPP-57796

[engine] error: expression must have a constant value

CPP-57802

[static] Analysis finished with code 33 - signal 11 in libppro.so

CPP-57834

[static] Improve support for CERT_C-PRE02

CPP-57835

[bazel] Add option to disable symlinks expansion (CPPTEST_COVERAGE_SRC_ROOT_RESOLVE_SYMLINKS)

CPP-57885

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4) should treat conversion operators differing by cv-qualifiers as function overloads

CPP-57886

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on const-lvalue-ref-qualified template function

CPP-57892

[static] MISRACPP2023-0_2_3-a false positive: does not consider decltype/template arg to be a use

CPP-57893

[static] Improve mapping for MISRACPP2023 Rule 15.1.3

CPP-57894

[static] OPT-02 (MISRACPP2023-0_2_1-a) reports false positive for a variable used inside 'static_if'

CPP-57899

[engine] Instrumentation parse error: more than one operator "=" matches these operands

CPP-57906

[static] CODSTA-CPP-212 (MISRACPP2023-7_0_2-a) reports false positive when parameter of 'auto' type is used

CPP-57918

[static] MISRA2004-19_16 (MISRAC2012-RULE_20_13-a) reports false positive when line in a comment starts from '#'

CPP-57919

[compiler] Improve support for -c99 option for TI compilers

CPP-57990

[compiler] Inconsistent handling of profiling flags with GNU GCC

CPP-57993

[ide] Corrupted Chinese comments after adding/deleting test cases

CPP-58001

[engine] C++23 literal suffixes for floats cause parse errors

CPP-58011

[static] Improve CERT_C-ERR32 mapping (BD-PB-ERRNO to BD-PB-SIGHAN)

CPP-58012

[static] cannot analyze file (cwc exit code: 4)

CPP-58013

[static] CODSTA-CPP-43 (AUTOSAR-A8_4_9-a) reports false positives on references to array types

CPP-58016

[static] OOP-07 (AUTOSAR-A10_1_1-a) reports false positive, when interface class contains deleted functions

CPP-58017

[static] CODSTA-29 (CERT_C-DCL06-a) reports false positive on enumerations ins[ide] functions

CPP-58053

[engine] 'static constexpr' array init error

CPP-58058

[engine] no instance of function template "printValue" matches the argument list

CPP-58060

[ide] For VS projects with both /std:c17 and /std:c++17 options, it is not possible to run analysis or tests

CPP-58070

[engine] Instrumentation problem when -ignore-const-decisions is enabled

CPP-58072

[engine] Class does not initialize correctly during instrumentation

CPP-58077

[engine] Instrumentation problem due to extra brackets

CPP-58091

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on ref-to-pointer and pointer-to-ref conversions for members which are not subobjects

CPP-58096

[static] CODSTA-38 works inconsistently for integer and floating constants

CPP-58251

[engine] I\O exception was caught - Unable to read XML file

CPP-58585

[engine] Instrumentation error: cannot deduce "auto" type

FA-4156

BD-PB-NP should report a violation when null is passed to printf-like function as the argument corresponding to "%s" specifier.

FA-9845

MISRACPP2023-11_6_2-a (BD-PB-NOTINIT) False positive - Avoid use before initialization for "*this"?

FA-9901

MISRACPP2023-28_6_3-a false positives on forwarding references and lvalues

FA-9907

BD-PB-VARARGS False Positive with MSVC

FA-9912

MISRAC2012-RULE_14_3-ac (BD-PB-CC) false positive

FA-9937

BD-PB-NOTINIT false positive

FA-9951

BD-PB-OVERFWR false negative with renesas compiler

FA-9953

The default value documented in the rules is not correct

FA-9961

BD-PB-ARRAY false positive

FA-9988

BD-CO-STRMOD false positive

FA-9990

MISRACPP2023-0_2_4-a - false positive, private virtual functions

FA-9991

BD-PB-NOTINIT false positive

FA-9996

BD-PB-NOTINIT false positive due to wrong assumption about the number of fields to initialize

FA-10003

BD-PB-OVERFNZT false positives with two-dimensional char array initialized with string literals.

FA-10007

BD-PB-NOTINIT false positive

FA-10013

BD-PB-NOTINIT false positive when array is initialized starting from non-first element

FA-10028

BD-PB-NOTINIT false positive for Nth loop iteration

FA-10046

Flow Analysis was not able to analyze a source file

Updates to Rules

Anchor
New Rules
New Rules
New Rules

Rule ID

Header

AUTOSAR-A5_2_5-e

Avoid accessing collections out of bounds

AUTOSAR-M0_1_3-f

A project shall not contain unused uninitialized local variables

AUTOSAR-M0_1_3-g

A project should not contain unused uninitialized variables with internal linkage

BD-PB-COOB

Avoid accessing collections out of bounds

CERT_C-DCL37-b

Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared

CERT_C-DCL37-c

Avoid declaring file-scoped objects whose names begin with an underscore

CERT_C-DCL37-d

The names of standard library macros should not be reused (C11 code)

CERT_C-DCL37-e

The names of standard library identifiers with file scope should not be reused (C11 code)

CERT_C-DCL37-f

The standard library identifiers with external linkage should not be reused (C11 code)

CERT_C-DCL37-g

Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined

CERT_C-ERR32-b

Properly define signal handlers

CERT_C-ERR33-e

Provide error handling for file opening errors right next to the call to fopen

CERT_C-FIO01-c

Be careful using functions that use file names for identification

CERT_C-FIO21-b

Use secure temporary file name functions

CODSTA-303

A variable declared in an inner scope shall not hide a variable declared in an outer scope

CODSTA-92_c

The names of standard library macros should not be reused (C11 code)

CODSTA-92_d

The names of standard library identifiers with file scope should not be reused (C11 code)

CODSTA-92_e

The standard library identifiers with external linkage should not be reused (C11 code)

CWE-119-l

Avoid accessing collections out of bounds

CWE-125-f

Avoid accessing collections out of bounds

CWE-787-i

Avoid accessing collections out of bounds

JSF-127_b

Sections of code should not be "commented out" using Doxygen comments

MISRA2004-2_4_b

Sections of code should not be "commented out" using Doxygen comments

MISRA2008-0_1_3_f

A project shall not contain unused uninitialized local variables

MISRA2008-0_1_3_g

A project should not contain unused uninitialized variables with internal linkage

MISRA2008-2_7_2_b

Sections of code shall not be "commented out" using C-style comments

MISRA2008-2_7_3_b

Sections of code should not be "commented out" using C++ comments

MISRA2012-DIR-4_4_b

Sections of code should not be "commented out" using Doxygen comments

MISRAC2012-DIR_4_4-b

Sections of code should not be "commented out" using Doxygen comments

MISRACPP2023-19_2_1-b

Use unique multiple include guards

MISRACPP2023-6_4_1-g

A variable declared in an inner scope shall not hide a variable declared in an outer scope

NAMING-33_c

Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined

NAMING-33_d

Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared

NAMING-33_e

Avoid declaring file-scoped objects whose names begin with an underscore

OPT-02_b

A project shall not contain unused uninitialized local variables

OPT-43_b

A project should not contain unused uninitialized variables with internal linkage

OWASP2019-API3-r

Avoid accessing collections out of bounds

PFO-02_b

Use unique multiple include guards

PREPROC-29

Use angle brackets <> to include standard library headers

SECURITY-55

Be careful using functions that use file names for identification

Anchor
Updated Rules
Updated Rules
Updated Rules

Category ID

Rule IDs

AUTOSAR C++14 Coding Guidelines

AUTOSAR-A0_1_2-a, AUTOSAR-A0_4_4-a, AUTOSAR-A10_1_1-a, AUTOSAR-A10_2_1-a, AUTOSAR-A10_2_1-b, AUTOSAR-A12_0_1-a, AUTOSAR-A13_5_2-a, AUTOSAR-A14_7_2-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-b, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-e, AUTOSAR-A2_3_1-a, AUTOSAR-A2_7_2-a, AUTOSAR-A4_7_1-c, AUTOSAR-A5_0_1-b, AUTOSAR-A5_2_5-a, AUTOSAR-A5_3_2-a, AUTOSAR-A7_1_7-c, AUTOSAR-A7_2_3-a, AUTOSAR-A7_3_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_4_3-b, AUTOSAR-A8_4_9-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_3-e, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_1-i, AUTOSAR-M0_3_2-a, AUTOSAR-M16_0_5-a, AUTOSAR-M16_0_8-a, AUTOSAR-M16_1_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_14_1-a, AUTOSAR-M7_1_2-c, AUTOSAR-M8_0_1-a

Coding Conventions for C++

CODSTA-CPP-04, CODSTA-CPP-206, CODSTA-CPP-211, CODSTA-CPP-212, CODSTA-CPP-43, CODSTA-CPP-58, CODSTA-CPP-85

Coding Conventions for Modern C++

CODSTA-MCPP-01, CODSTA-MCPP-03, CODSTA-MCPP-47_b, CODSTA-MCPP-56

Coding Conventions

CODSTA-122_a, CODSTA-122_b, CODSTA-138, CODSTA-144, CODSTA-226_a, CODSTA-227, CODSTA-29, CODSTA-311, CODSTA-38

Common Weakness Enumeration

CWE-119-a, CWE-119-d, CWE-119-e, CWE-125-a, CWE-125-c, CWE-20-f, CWE-362-d, CWE-476-a, CWE-787-a, CWE-787-d

DISA ASD STIG

APSC_DV-000060-a, APSC_DV-001995-a, APSC_DV-002520-a, APSC_DV-002530-a, APSC_DV-002550-a, APSC_DV-002560-a, APSC_DV-002590-b, APSC_DV-002590-c, APSC_DV-002590-d, APSC_DV-003235-a, APSC_DV-003235-c

Flow Analysis

BD-API-BADPARAM, BD-API-STRSIZE, BD-API-VALPARAM, BD-CO-ITINVCOMP, BD-CO-STRMOD, BD-PB-ARRAY, BD-PB-CC, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFRD, BD-PB-OVERFWR, BD-PB-SUBSEQFRWD, BD-PB-UCMETH, BD-PB-VARARGS, BD-RES-INVFREE, BD-SECURITY-TDENV, BD-TRS-FORKFILE

Formatting

FORMAT-33, FORMAT-43

Global Static Analysis

GLOBAL-PREDICATENOSE

High Integrity C++

HICPP-10_3_1-a, HICPP-12_1_1-a, HICPP-12_1_1-b, HICPP-13_1_1-a, HICPP-16_1_4-a, HICPP-17_3_3-a, HICPP-1_2_1-h, HICPP-1_2_1-i, HICPP-3_1_1-e, HICPP-5_1_2-f, HICPP-5_1_2-j, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-6_3_2-a, HICPP-7_1_1-b, HICPP-8_3_1-a, HICPP-8_4_1-a

Initialization

INIT-12

Joint Strike Fighter

JSF-003, JSF-003_b, JSF-009, JSF-060_b, JSF-088, JSF-088_b, JSF-094, JSF-094_b, JSF-114, JSF-115, JSF-115_a, JSF-117.1, JSF-127, JSF-135_e, JSF-143_a, JSF-157, JSF-177_b, JSF-180_d, JSF-204.1_f, JSF-214

Memory and Resource Management

MRM-19, MRM-39, MRM-40

Metrics

METRIC.CC, METRIC.ECC, METRICS-18, METRICS-28, METRICS-29, METRICS-33, METRICS-34, METRICS-35, METRICS-42

MISRA C 1998

MISRA-005, MISRA-096

MISRA C 2004

MISRA2004-12_2_f, MISRA2004-12_4_a, MISRA2004-16_10, MISRA2004-16_8, MISRA2004-16_8_b, MISRA2004-19_14, MISRA2004-19_16, MISRA2004-19_9, MISRA2004-2_4

MISRA C 2012 (Legacy)

MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_c, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_g, MISRA2012-DIR-4_1_h, MISRA2012-DIR-4_4, MISRA2012-RULE-13_2_f, MISRA2012-RULE-13_4, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-17_4, MISRA2012-RULE-17_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-17_7_b, MISRA2012-RULE-18_1_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_d, MISRA2012-RULE-1_3_e, MISRA2012-RULE-1_3_k, MISRA2012-RULE-20_13, MISRA2012-RULE-20_6, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_18, MISRA2012-RULE-22_2_b, MISRA2012-RULE-2_1_h, MISRA2012-RULE-2_8_b, MISRA2012-RULE-2_8_c, MISRA2012-RULE-9_1

MISRA C 2023 (MISRA C 2012)

MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-g, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_4-a, MISRAC2012-RULE_13_2-f, MISRAC2012-RULE_13_4-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_17_4-a, MISRAC2012-RULE_17_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_17_7-b, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-d, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_1_3-k, MISRAC2012-RULE_20_13-a, MISRAC2012-RULE_20_6-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_18-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_2_1-h, MISRAC2012-RULE_2_8-b, MISRAC2012-RULE_2_8-c, MISRAC2012-RULE_9_1-a

MISRA C++ 2008

MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_3_e, MISRA2008-0_1_7, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_e, MISRA2008-0_3_1_g, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-16_0_5, MISRA2008-16_0_8, MISRA2008-16_1_1, MISRA2008-2_7_2, MISRA2008-2_7_3, MISRA2008-5_0_16_a, MISRA2008-5_0_1_f, MISRA2008-5_14_1, MISRA2008-7_1_2_b, MISRA2008-8_0_1, MISRA2008-8_4_3

MISRA C++ 2023

MISRACPP2023-0_0_2-a, MISRACPP2023-0_1_2-a, MISRACPP2023-0_2_1-a, MISRACPP2023-0_2_1-b, MISRACPP2023-0_2_3-a, MISRACPP2023-0_2_4-a, MISRACPP2023-0_3_2-a, MISRACPP2023-10_0_1-a, MISRACPP2023-10_1_1-c, MISRACPP2023-10_2_2-a, MISRACPP2023-11_6_2-a, MISRACPP2023-15_1_3-a, MISRACPP2023-15_1_3-b, MISRACPP2023-15_1_5-a, MISRACPP2023-19_0_1-a, MISRACPP2023-19_1_1-a, MISRACPP2023-19_3_5-a, MISRACPP2023-28_3_1-a, MISRACPP2023-28_6_3-a, MISRACPP2023-4_1_3-c, MISRACPP2023-4_6_1-f, MISRACPP2023-5_7_2-a, MISRACPP2023-6_2_3-d, MISRACPP2023-6_4_1-e, MISRACPP2023-6_4_2-a, MISRACPP2023-6_4_2-b, MISRACPP2023-6_8_3-a, MISRACPP2023-6_8_4-a, MISRACPP2023-7_0_1-a, MISRACPP2023-7_0_2-a, MISRACPP2023-8_14_1-a, MISRACPP2023-8_18_2-a, MISRACPP2023-8_7_1-a, MISRACPP2023-8_7_1-c, MISRACPP2023-8_7_1-d, MISRACPP2023-8_7_1-e, MISRACPP2023-9_6_5-a

Object Oriented

OOP-07, OOP-07_a, OOP-07_b, OOP-07_c, OOP-32, OOP-53

Optimization

OPT-02, OPT-43, OPT-46

OWASP API Security Top 10 (2019)

OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-f, OWASP2019-API3-g, OWASP2019-API8-c

OWASP API Security Top 10 (2023)

OWASP2023-API10-f

OWASP Top 10 (2017)

OWASP2017-A1-d

OWASP Top 10 (2021)

OWASP2021-A3-d

Portability

PORT-28

Security

SECURITY-39

SEI CERT C++

CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL56-a, CERT_CPP-EXP53-a, CERT_CPP-EXP58-a, CERT_CPP-MSC52-a, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR52-a

SEI CERT C

CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON31-c, CERT_C-DCL04-a, CERT_C-DCL06-a, CERT_C-ENV01-c, CERT_C-ERR30-b, CERT_C-ERR33-a, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP12-b, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO37-a, CERT_C-FLP32-a, CERT_C-MEM00-b, CERT_C-MEM34-a, CERT_C-MSC07-i, CERT_C-MSC09-a, CERT_C-MSC12-i, CERT_C-MSC12-j, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC37-a, CERT_C-MSC39-a, CERT_C-POS30-a, CERT_C-POS30-b, CERT_C-POS38-a, CERT_C-POS54-a, CERT_C-PRE02-a, CERT_C-PRE32-a, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a

Template

TEMPL-16

Removed Rules

Rule ID

Notes

AUTOSAR-A3_9_1-c

Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-223_b can be used as a replacement.

AUTOSAR-A7_1_2-b

Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-MCPP-11_b_cpp11 can be used as a replacement.

AUTOSAR-M0_1_3-a

Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-02 can be used as a replacement.

AUTOSAR-M0_1_3-e

Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-43 can be used as a replacement.

CERT_C-DCL37-a

Removed from SEI CERT C configuration. For other configurations, MISRA2004-20_1_a can be used as a replacement.

CERT_C-ERR30-b

Removed from SEI CERT C configuration. For other configurations, MRM-39 can be used as a replacement.

CERT_C-ERR32-a

Removed from SEI CERT C configuration. For other configurations, BD-PB-ERRNO can be used as a replacement.

CERT_C-FIO01-b

Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement.

CERT_C-FIO21-a

Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement.

MISRA2008-0_1_3_a

Removed from MISRA C++ 2008 configuration. For other configurations, OPT-02 can be used as a replacement.

MISRA2008-0_1_3_e

Removed from MISRA C++ 2008 configuration. For other configurations, OPT-43 can be used as a replacement.

MISRACPP2023-19_2_1-a

Removed from MISRA C++ 2023 configuration. For other configurations, PFO-02 can be used as a replacement.

MISRACPP2023-6_4_1-a

Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_a can be used as a replacement.

MISRACPP2023-6_4_1-b

Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_b can be used as a replacement.

MISRACPP2023-6_4_1-c

Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-83 can be used as a replacement.

MISRACPP2023-6_4_1-d

Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-84 can be used as a replacement.

MISRACPP2023-6_4_1-e

Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-85 can be used as a replacement.

...