Versions Compared

Old Version 2

changes.mady.by.user Izabela Jarosz

Saved on

compared with

New Version Current

changes.mady.by.user Izabela Jarosz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Scroll Ignore

This release includes the following enhancements:

Device Code Authentication

You can now use a URI and device code to authenticate on the OpenID Connect server from the command line. If the authentication is successful, the information is saved to a token file and reused each time C/C++test is run. A new oidc.cli.mode setting in the .properties file specifies the method that will be used to authenticate on the OpenID Connect server (device code or certificate). Device code authentication is enabled by default. For details, see Configuring OpenID Connect in the Command Line.

Support for Compilers

We've extended support for Vx-toolset for TriCore C/C++ Compiler 6.3. The compiler configuration for Vx-toolset for TriCore C/C++ Compiler 6.3. can now be used on Linux to perform static analysis.

Table of Contents
maxLevel1

Release date: June 22, 2022

Enhanced Automotive Compliance Pack

We've extended the Automotive Pack to help you achieve compliance with the automotive standards.

Updates for MISRA C:2012 Technical Corrigendum 2

We've updated the MISRA C 2012 rule set, test configuration and compliance reporting to reflect changes brought in by MISRA’s Technical Corrigendum 2. 

Enhanced Security Compliance Pack

 We've extended the Security Pack to help you achieve compliance with the security standards.

New Rule Set for DISA ASD STIG Compliance

We've added a new DISA ASD STIG rule set for compliance with DISA STIG security standard. Existing DISA-ASD-STIG test configuration has been updated to use the new rule set.  

Enhanced Static Analysis

We’ve enhanced the flow analysis engine to better support modern C++ constructs, including smart pointers such as unique_ptr, shared_ptr, auto_ptr, and weak_ptr. These enhancements in smart pointers semantics understanding enable precise tracking of resource use and improve the quality and accuracy of reported findings. 

Enhanced Requirements View

We’ve added support for a drag and drop option to the Requirements View. It is now possible to establish requirement to unit test case association by dragging a test case from the Test Case Explorer View and dropping it on a requirement in the Requirements View. See Working with the Requirements View.


Support for Platforms

Windows 11 is now supported by C/C++test. 

Support for Compilers

We've added support for the following compilers:

Compiler NameCompiler Identifier
GNU GCC 10.x (x86_64)gcc_10-64
GNU GCC 11.x (x86_64)gcc_11-64
Microsoft Visual C++ 14.3vc_14_3
Microsoft Visual C++ 14.3 (x64)vc_14_3-64
Qualcomm Hexagon Clang 8.4hexagon-clang_8_4
Synopsys Metaware ARC 2020.06ccac_2020_06
Tasking TriCore 4.2vxtc_4_2
Tasking TriCore 6.3vxtc_6_3

New and Updated Code Analysis Rules

We've added new static analysis rules to extend coverage of coding standards. See New Rules and Updated Rules for the lists of new and updated rules.

New and Updated Test Configurations

We’ve updated the following test configurations: 

  • AUTOSAR C++14 Coding Guidelines 
  • CWE Top 25 + On the Cusp 2019 
  • CWE Top 25 2019 
  • DISA-ASD-STIG 
  • Flow Analysis Aggressive 
  • Flow Analysis Fast 
  • Flow Analysis Standard 
  • High Integrity C++ 
  • MISRA C 2004 
  • MISRA C 2012 
  • MISRA C++ 2008 
  • SEI CERT C Guidelines 
  • SEI CERT C Rules 
  • SEI CERT C++ Rules 

Changes to the Command Line Interface

  • We've added a new command line flag "-property", which allows you to specify additional configuration settings directly in the command line. See cli Options.
  • The "-localsettings" command line flag has been renamed to "-settings". See cli Options.

Licensing

This release requires updating license keys.

Upgrading to 2022.1 might cause machine ID change on Windows and Linux. Verify your machine ID before requesting a new license from Parasoft. For information about verifying your machine ID, see Setting the Local License in the GUI.

For details, please contact your Parasoft representative.

Other Changes

Deprecated and Removed Support

Removed Support for IDEs

Support for the following IDEs is now removed:

  • Eclipse 4.4
  • Eclipse 4.5


Removed Support for Compilers

Support for the following compilers is now removed:

  • Microsoft Visual C++ 9.0
  • Microsoft Visual C++ 9.0 (x64)
  • Microsoft Visual C++ 10.0
  • Microsoft Visual C++ 10.0 (x64)

Removed Features

Other Changes

  • The deprecated Suppressions view has been removed. If you upgrade C/C++test when the Suppressions view is open in you IDE, you may need to manually close the view after upgrade.
  • Team Server functionality is deprecated. Publishing reports to and importing reports from the Team Server is no longer supported.

Deprecated Features

  • The following functions of the Team Server are now deprecated: 
    • Storing test configurations, rules, and rule maps on Team Server 
    • Editing Team Server test configurations in graphical editor in IDE
    • Global goals management
    • Author reassignment on Team Server

Resolved Bugs and FRs

Bug/FR IDDescription
CPP-36108 [coverage] Add code coverage for classes and lambdas defined inside template functions
CPP-48321 [engine][EDG] error: pack expansion does not make use of any argument packs
CPP-48585 [engine][EDG] Instrumentation error "std::enable_if<false, void>" has no member "type" for ASIO library
CPP-49194 [static] FORMAT-11 reports false positive on reference declaration
CPP-49198 [static] GLOBAL-ONEUSEVAR (AUTOSAR-M0_1_4-a) reports violations on const variables in header files
CPP-49658 [ide] No validation message when importing an incorrect path in "C/C++ advanced settings"
CPP-49695 [static] CODSTA-119 (MISRA2012-RULE-16_4_b) reports false positive on break after block with comment
CPP-49701 [static] AUTOSAR-A11_3_1-a false positive
CPP-49704 [engine][EDG] Incorrect initializer_range for in-class field initializers (when initializing with constant values?)
CPP-49715 [engine][EDG] error: class "std::__2::enable_if<false, bool>" has no member "type"
CPP-49766 [static] AUTOSAR-A7_1_7-a: false positive
CPP-49767 [static] MISRA2004-16_7 reports false positive when an element of array that is a pointer is passed as non-const pointer
CPP-49768 [engine][EDG] error: a reference of type "std::pair<DataAccess::Common::Geometry::TCoordScaleNDS::TBaseType, DataAccess::Common::Geometry::TCoordScaleNDS::TBaseType> &" (not const-qualified) cannot be initialized with a value 
CPP-49773 [rulewizard] The 'Body' property for 'Class' node does not work correctly for static members defined outside template classes
CPP-49777 [compiler] Improve handling of --relaxed_ansi option for tiarm compilers
CPP-49779 [compiler] Add support for __builtin_addressof for tiarm_18_2
CPP-49808 [engine] cpptestcc compile error: label â€anonymous__CPTR_0’ used but not defined
CPP-49847 [rulewizard] static_cast is detected as normal cast in copy elision of a bit-wise copy initialization
CPP-49854 [static] MISRA2004-12_8 should not report when the number of bits is ensured by bitwise & operator 
CPP-49857 [static] MISRA2004-16_10 (AUTOSAR-M0_3_2-a) reports false positive on overloaded assignment operators
CPP-49867 [static] OPT-41 should check filenames as case insensitive in Windows systems
CPP-49868 [engine][EDG] internal error: assertion failed at: "scope_stk.

  • Upgrading to 2022.1 might cause machine ID change on Windows and Linux. Verify your machine ID before requesting a new license from Parasoft. For information about verifying your machine ID, see Setting the Local License in the GUI.

    • c", line 10905 in get_enclosing_template_params_and_args
    CPP-49889 [engine] Error on test case data generation when routine has VLA parameter
    CPP-49908 [docs] Fix documentation for OIDC settings
    CPP-49909 [rulewizard] Functional casts are detected as C-style casts on initializations of non-aggregates inside aggregates
    CPP-49949 [static] IndexError: list index out of range in SECURITY-14
    CPP-49950 [static] C++Test output doesn't show error on second run
    CPP-49966 [static] COMMENT-14 fails on error in own internal procedure
    CPP-49984 [rulewizard] Incorrectly detected class in template specialization function instantiated by const class type
    CPP-49991 [static] MISRA2004-12_4_a (MISRAC2012-RULE_13_5-a) does not report violation on access to a volatile object 
    CPP-49993 [ide] Some assertion macros missing from Test Case Editor
    CPP-49994 [static] AUTOSAR-M0_1_3-a(OPT-02) does not correctly parse structured binding in C++17
    CPP-50002 [EDG] error: operand types are incompatible 
    CPP-50061 [compiler] renrx and gcc: improve config for compiler options changing plain 'char' type signedness
    CPP-50062 [static] False positive for AUTOSAR-M5_0_4-a
    CPP-50087 [ide] Creating new test configuration enables some unselected metrics
    CPP-50089 [compiler] LSI fails for TIC compilers if project path contain spaces
    CPP-50100 [static] AUTOSAR-A12_1_1-a false positive
    CPP-50103 [static] AUTOSAR-M3_4_1-a: false positive
    CPP-50106 [rulewizard] Template function's unnamed parameter not connected with correct line in code
    CPP-50107 [static] MISRA2004-14_1_b reports false positive when the return statement is used after extern array declaration in function
    CPP-50108 [static] Improve mapping for AUTOSAR-A2-13-1
    CPP-50110 [static] FORMAT-25 reports false positives because does not support sizeof... operator
    CPP-50111 [ide] C/C++test Professional cannot find IAppFile when pointing to symlink file
    CPP-50113 [static] HICPP-5_8_1-a (AUTOSAR-A5_16_1-a) reports false positive on conditional operator used as separate expression
    CPP-50123 [static] CODSTA-CPP-101 (AUTOSAR-A13_2_3-a) reports false positive on template conversion operators
    CPP-50125 [static] EXCEPT-22 reports false positive when template function with @throw specification is called
    CPP-50128 [static] EXCEPT-14 (AUTOSAR-A15_5_3-h) reports false positive when an exception is catch inside function in try-catch block
    CPP-50134 [static] AUTOSAR-A15_4_5-a false positive 
    CPP-50139 [static] MISRA2004-14_1_f (AUTOSAR-M0_1_1-e) reports false positive when 'return' statement is used inside 'catch' block
    CPP-50148 [static] Improve mapping for AUTOSAR-M12-1-1
    CPP-50149 [static] CODSTA-CPP-78 (AUTOSAR-M9_3_3-a) reports false positive when captured 'this' is modified in lambda expression in non-const function
    CPP-50168 [engine][EDG] cpptestcc instrumentation compilation error: incomplete type is not allowed
    CPP-50171 [static] Improve mapping for CERT_C-PRE31
    CPP-50181 [coverage] For longer method names "Coverage Summary" columns are heavily unaligned making report unreadable
    CPP-50209 [compiler] VC++ 2017 (and newer): add support for /external option
    CPP-50220 [vscode] Improve showing suppressions (quick-fixes) for multiple violations in the same line
    CPP-50234 [static] FORMAT-06 (AUTOSAR-A7_1_7-a) reports false positive when multiline C-style comment is used inside statement
    CPP-50235 [static] EXCEPT-08 (AUTOSAR-M15_3_1-a/AUTOSAR-A15_5_3-f) reports false positives on calls to constexpr functions
    CPP-50236 [static] MISRA2004-9_2_c (AUTOSAR-M8_5_2-c) reports false positive when the struct with static const variables is initialized
    CPP-50246 [static] CODSTA-MCPP-04 (AUTOSAR-A4_10_1-b) reports false positive when a 'new' with the '0' constant is assigned to a pointer
    CPP-50255 [engine][EDG] cpptestcc internal error: assertion failed: gen_paren_or_brace_dynamic_init: bad kind (cp_gen_be.c, line 22147 in gen_paren_or_brace_dynamic_init)
    CPP-50260 [static] TEMPL-12 (AUTOSAR-M14_6_1-a) reports false positives on implicit calls of function from non-dependent base class
    CPP-50263 [static] MISRA2004-8_4 internal error (zh_CN only)
    CPP-50272 [coverage] Improve coverage integration for CMake with incremental builds (GNU/clang compilers; Ninja/Make generator)
    CPP-50281 [static] Inconsistent behaviour of MISRAC2012-RULE_17_7-a
    CPP-50296 [static] HICPP-18_2_4-a reports false positive on pattern that is not Double-Checked Locking
    CPP-50312 [engine] GNU make is leaking file descriptors if cpptesttrace is used
    CPP-50360 [static] COMMENT-14_b (AUTOSAR-A2_7_3-b) should ignore [in], [out] and [in,out] in comment for @param tags 
    CPP-50361 [static] MISRA2004-14_1_a (HICPP-1_2_1-a) reports false positive on 'if' with condition containing enum constant dependent from template type
    CPP-50387 [static] OPT-32 (AUTOSAR-M0_1_8-a) reports false positive violations on functions containing implicit calls of constructors with side effects
    CPP-50397 [static][change output message] CODSTA-178 (MISRAC2012-RULE_5_1-a) - remove line number from output message
    CPP-50398 [rulewizard] RuleWizard a(b) block doesn't match the builtin function __builtin_choose_expr()
    CPP-50419 [static] MISRA2004-5_2_b (MISRA2008-2_10_2_b) reports false positive for unrelated enum class identifiers
    CPP-50467 [static] CODSTA-122_a (CERT_C-ERR33-a) reports false positive when function call is used in condition of ternary operator
    CPP-50565 STL-23 (HICPP-17_5_1-a) reports false positive when the result of the 'remove_if' function is used as argument in the call to the 'erase'
    CPP-50586 [EDG] assertion failed at: "overload.c" during class template arguments deduction
    CPP-50695 Cannot run static analysis successfully with "-f" compiler option
    FA-7833 BD-RES-LEAKS reports false positives on resources managed by smart pointers
    FA-8047 BD-PB-NP false negative
    FA-8531 Improve documentation of BD-PB-VOVR rule
    FA-8562 BD-PB-NOTINIT false positive on nested anonymous structures
    FA-8625 BD-PB-OVERFNZT reports bogus violation cause memcpy makes first arg non-zero terminated again
    FA-8696 Improve documentation of BD-TRS-DIFCS rule
    FA-8697 BD-RES-LEAKS false negative
    FA-8701 Flow Analysis uses incorrect assumption on the size of the unknown buffer pointed to by void*
    FA-8736 BD-PB-CC false positive caused by read
    FA-8739 BD.PB.ARRAY false positive
    FA-8774 BD-API-VALPARAM false positive as squared value of variable cannot be < 0
    FA-8792 BD-PB-VALRANGE false positive
    FA-8824 BD.SECURITY.TDALLOC potential false negative
    FA-8839 BD-PB-NP false negative because FA does not understand shared_ptr semantics.
    FA-8853 BD-PB-CC false positive as Flow Analysis does not fully take into account that fgets changes contents of the buffer
    FA-8884 BD-TRS-MLOCK violations are missing in the incremental run
    FA-8901 MISRAC2012-DIR_4_11-a (BD-API-VALPARAM) false positive
    FA-8910 BD-PB-VOVR false positive when variable is used only to calculate a constant value


    Anchor
    new_rules
    new_rules
    New Rules

    Rule ID

    Header

    APSC_DV-000160-aDo not use weak encryption functions
    APSC_DV-000170-aDo not use weak encryption functions
    APSC_DV-000480-aProtect against SQL injection
    APSC_DV-000500-aObserve correct revocation order while relinquishing privileges
    APSC_DV-000650-aDo not print potentially sensitive information, resulting from an application error into exception messages
    APSC_DV-001290-aProtect against SQL injection
    APSC_DV-001290-bUntrusted data is used as a loop boundary
    APSC_DV-001290-cAvoid passing user input into methods as parameters
    APSC_DV-001290-dAvoid using unsecured shell functions that may be affected by shell metacharacters
    APSC_DV-001300-aProtect against SQL injection
    APSC_DV-001740-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-001750-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-001850-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-001860-aDo not use weak encryption functions
    APSC_DV-001995-aAvoid race conditions when using fork and file descriptors
    APSC_DV-001995-bAvoid race conditions while checking for the existence of a symbolic link
    APSC_DV-001995-cAvoid race conditions while accessing files
    APSC_DV-001995-dUse locks to prevent race conditions when modifying bit fields
    APSC_DV-001995-eDo not use global variable with different locks set
    APSC_DV-001995-fAvoid using thread-unsafe functions
    APSC_DV-001995-gUsage of functions prone to race is not allowed
    APSC_DV-001995-hAvoid using the 'vfork()' function
    APSC_DV-001995-iProperly define signal handlers
    APSC_DV-002000-aEnsure resources are freed
    APSC_DV-002010-aDo not use weak encryption functions
    APSC_DV-002290-aDo not use the rand() function for generating pseudorandom numbers
    APSC_DV-002290-bProperly seed pseudorandom number generators
    APSC_DV-002290-cThe 'random_shuffle' identifier should not be used
    APSC_DV-002290-dAvoid functions which use random numbers from standard C library
    APSC_DV-002350-aDo not use weak encryption functions
    APSC_DV-002390-aDisable resolving XML external entities (XXE) in libxerces-c
    APSC_DV-002390-bDo not process structured text data natively
    APSC_DV-002390-cDo not use scanf and fscanf functions without specifying variable size in format string
    APSC_DV-002390-dDo not use mbstowcs() function
    APSC_DV-002400-aExclude unsanitized user input from format strings
    APSC_DV-002400-bThe execution of a function registered with 'std::atexit()' or 'std::at_quick_exit()' should not exit via an exception
    APSC_DV-002400-cAvoid using the 'vfork()' function
    APSC_DV-002400-dAvoid using thread-unsafe functions
    APSC_DV-002440-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-002460-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-002470-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-002480-aDo not print potentially sensitive information, resulting from an application error into exception messages
    APSC_DV-002510-aProtect against command injection
    APSC_DV-002520-aProtect against environment injection
    APSC_DV-002520-bProtect against file name injection
    APSC_DV-002520-cProtect against SQL injection
    APSC_DV-002520-dNever use unfiltered data from an untrusted user as the format parameter
    APSC_DV-002520-eAvoid tainted data in array indexes
    APSC_DV-002520-fProtect against integer overflow/underflow from tainted data
    APSC_DV-002520-gAvoid passing unvalidated binary data to log methods
    APSC_DV-002520-hProtect against command injection
    APSC_DV-002520-iAvoid printing tainted data on the output console
    APSC_DV-002520-jExclude unsanitized user input from format strings
    APSC_DV-002520-kUntrusted data is used as a loop boundary
    APSC_DV-002530-aProtect against environment injection
    APSC_DV-002530-bProtect against file name injection
    APSC_DV-002530-cProtect against SQL injection
    APSC_DV-002530-dNever use unfiltered data from an untrusted user as the format parameter
    APSC_DV-002530-eAvoid tainted data in array indexes
    APSC_DV-002530-fProtect against integer overflow/underflow from tainted data
    APSC_DV-002530-gAvoid passing unvalidated binary data to log methods
    APSC_DV-002530-hProtect against command injection
    APSC_DV-002530-iAvoid printing tainted data on the output console
    APSC_DV-002530-jExclude unsanitized user input from format strings
    APSC_DV-002530-kUntrusted data is used as a loop boundary
    APSC_DV-002540-aProtect against SQL injection
    APSC_DV-002550-aProtect against environment injection
    APSC_DV-002550-bProtect against file name injection
    APSC_DV-002550-cProtect against SQL injection
    APSC_DV-002550-dNever use unfiltered data from an untrusted user as the format parameter
    APSC_DV-002550-eAvoid tainted data in array indexes
    APSC_DV-002550-fProtect against integer overflow/underflow from tainted data
    APSC_DV-002550-gAvoid passing unvalidated binary data to log methods
    APSC_DV-002550-hProtect against command injection
    APSC_DV-002550-iAvoid printing tainted data on the output console
    APSC_DV-002550-jExclude unsanitized user input from format strings
    APSC_DV-002550-kUntrusted data is used as a loop boundary
    APSC_DV-002560-aProtect against environment injection
    APSC_DV-002560-bProtect against file name injection
    APSC_DV-002560-cProtect against SQL injection
    APSC_DV-002560-dNever use unfiltered data from an untrusted user as the format parameter
    APSC_DV-002560-eAvoid tainted data in array indexes
    APSC_DV-002560-fProtect against integer overflow/underflow from tainted data
    APSC_DV-002560-gAvoid passing unvalidated binary data to log methods
    APSC_DV-002560-hProtect against command injection
    APSC_DV-002560-iAvoid printing tainted data on the output console
    APSC_DV-002560-jExclude unsanitized user input from format strings
    APSC_DV-002560-kUntrusted data is used as a loop boundary
    APSC_DV-002570-aAvoid passing sensitive data to functions that write to log files
    APSC_DV-002570-bDo not print potentially sensitive information, resulting from an application error into exception messages
    APSC_DV-002590-aAvoid buffer overflow due to defining incorrect format limits
    APSC_DV-002590-bAvoid overflow due to reading a not zero terminated string
    APSC_DV-002590-cAvoid overflow when reading from a buffer
    APSC_DV-002590-dAvoid overflow when writing to a buffer
    APSC_DV-002590-eAvoid integer overflows
    APSC_DV-002590-fPrevent buffer overflows from tainted data
    APSC_DV-002590-gProtect against integer overflow/underflow from tainted data
    APSC_DV-002590-hAvoid buffer overflow from tainted data due to defining incorrect format limits
    APSC_DV-002590-iAvoid buffer read overflow from tainted data
    APSC_DV-002590-jAvoid buffer write overflow from tainted data
    APSC_DV-002590-kEnsure the output buffer is large enough when using path manipulation functions
    APSC_DV-003110-aDo not hard code string literals
    APSC_DV-003235-aAvoid passing unvalidated binary data to log methods
    APSC_DV-003235-bAvoid passing sensitive data to functions that write to log files
    AUTOSAR-M12_1_1-bDo not use dynamic type of an object under destruction
    BD-PB-MEMOPTAvoid calls to memory-setting functions that can be optimized out by the compiler
    BD-PB-PATHBUFEnsure the output buffer is large enough when using path manipulation functions
    BD-SECURITY-SENSFREESensitive data should be cleared before being deallocated
    BD-SECURITY-TDLOOPValidate potentially tainted data before it is used in the controlling expression of a loop
    CERT_C-MEM03-aSensitive data should be cleared before being deallocated
    CERT_C-MSC06-aAvoid calls to memory-setting functions that can be optimized out by the compiler
    CODSTA-108_bThe facilities that are specified as being provided bytgmath.hshould not be used
    CODSTA-224The conditional operator should not be used as a sub-expression
    CODSTA-CPP-60_bOnly those escape sequences that are defined in ISO/IEC 14882:2014 shall be used
    CODSTA-MCPP-55Use std::call_once rather than the Double-Checked Locking pattern
    CWE-119-kEnsure the output buffer is large enough when using path manipulation functions
    CWE-787-gEnsure the output buffer is large enough when using path manipulation functions
    MISRA2004-16_8_bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
    MISRA2008-12_1_1_bDo not use dynamic type of an object under destruction
    MISRA2012-RULE-17_4_bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
    MISRA2012-RULE-21_11_bThe facilities that are specified as being provided bytgmath.hshould not be used
    MISRAC2012-RULE_17_4-bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
    MISRAC2012-RULE_21_11-bThe facilities that are specified as being provided bytgmath.hshould not be used
    OOP-11_bFriend declarations shall not be used except declarations of comparison operators

    Anchor
    updated_rules
    updated_rules
    Updated Rules

    Category ID

    Rule IDs

    AUTOSAR C++14 Coding Guidelines AUTOSAR-A0_1_1-a, AUTOSAR-A0_4_4-a, AUTOSAR-A11_3_1-a, AUTOSAR-A12_1_1-a, AUTOSAR-A12_8_3-a, AUTOSAR-A13_2_3-a, AUTOSAR-A15_0_2-a, AUTOSAR-A15_1_4-a, AUTOSAR-A15_4_5-a, AUTOSAR-A15_5_3-f, AUTOSAR-A15_5_3-h, AUTOSAR-A16_2_2-a, AUTOSAR-A18_1_1-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-a, AUTOSAR-A26_5_2-a, AUTOSAR-A27_0_1-g, AUTOSAR-A27_0_1-h, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-b, AUTOSAR-A2_13_1-a, AUTOSAR-A2_7_3-a, AUTOSAR-A3_3_1-a, AUTOSAR-A4_10_1-b, AUTOSAR-A5_16_1-a, AUTOSAR-A5_2_5-a, AUTOSAR-A5_2_5-c, AUTOSAR-A5_3_2-a, AUTOSAR-A5_6_1-a, AUTOSAR-A7_1_7-a, AUTOSAR-A7_6_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_1-b, AUTOSAR-M0_1_1-e, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_4-a, AUTOSAR-M0_1_8-a, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-e, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_2-a, AUTOSAR-M12_1_1-a, AUTOSAR-M14_6_1-a, AUTOSAR-M15_3_1-a, AUTOSAR-M3_4_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_0_16-b, AUTOSAR-M5_14_1-a, AUTOSAR-M5_8_1-a, AUTOSAR-M7_1_2-b, AUTOSAR-M7_3_1-a, AUTOSAR-M8_5_2-c, AUTOSAR-M9_3_3-a
    Flow Analysis BD-API-VALPARAM, BD-CO-ITMOD, BD-CO-ITOUT, BD-MISC-DC, BD-PB-ARRAY, BD-PB-CC, BD-PB-INVRET, BD-PB-NORETURN, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFWR, BD-PB-OVERFZT, BD-PB-OVERLAP, BD-PB-PTRARR, BD-PB-SUBSEQ, BD-PB-SUBSEQFRWD, BD-PB-SUBSEQMOVE, BD-PB-VALRANGE, BD-PB-VCTOR, BD-PB-VDTOR, BD-PB-VOVR, BD-PB-ZERO, BD-RES-LEAKS, BD-SECURITY-RAND, BD-SECURITY-TDALLOC, BD-SECURITY-TDCMD, BD-SECURITY-TDCONSOLE, BD-SECURITY-TDENV, BD-SECURITY-TDFNAMES, BD-SECURITY-TDINPUT, BD-SECURITY-TDSQL, BD-TRS-BITLOCK, BD-TRS-DIFCS, BD-TRS-MLOCK
    SEI CERT C CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON30-a, CERT_C-CON32-a, CERT_C-CON43-a, CERT_C-DCL01-b, CERT_C-DCL13-a, CERT_C-DCL15-a, CERT_C-DCL19-a, CERT_C-DCL22-a, CERT_C-ENV01-c, CERT_C-ENV34-a, CERT_C-ERR33-a, CERT_C-ERR33-c, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO22-a, CERT_C-FIO32-a, CERT_C-FIO37-a, CERT_C-FIO42-a, CERT_C-FLP03-a, CERT_C-FLP32-a, CERT_C-INT10-a, CERT_C-INT31-a, CERT_C-INT31-b, CERT_C-INT31-i, CERT_C-INT31-j, CERT_C-INT31-k, CERT_C-INT33-a, CERT_C-INT36-b, CERT_C-MEM00-e, CERT_C-MEM12-a, CERT_C-MEM31-a, CERT_C-MSC07-b, CERT_C-MSC07-f, CERT_C-MSC12-b, CERT_C-MSC12-f, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC32-d, CERT_C-MSC37-a, CERT_C-POS30-a, CERT_C-POS49-a, CERT_C-POS54-a, CERT_C-POS54-c, CERT_C-STR02-a, CERT_C-STR02-b, CERT_C-STR02-c, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a, CERT_C-WIN00-a, CERT_C-WIN30-a
    SEI CERT C++ CERT_CPP-CON52-a, CERT_CPP-CTR50-a, CERT_CPP-CTR51-a, CERT_CPP-ERR50-f, CERT_CPP-ERR50-h, CERT_CPP-ERR55-a, CERT_CPP-ERR57-a, CERT_CPP-ERR58-a, CERT_CPP-EXP53-a, CERT_CPP-EXP63-a, CERT_CPP-FIO51-a, CERT_CPP-MSC51-a, CERT_CPP-MSC52-a, CERT_CPP-MSC53-a, CERT_CPP-OOP50-c, CERT_CPP-OOP50-d, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR53-a
    Coding Conventions CODSTA-04, CODSTA-119, CODSTA-122_a, CODSTA-127_b, CODSTA-161_a, CODSTA-161_b, CODSTA-162, CODSTA-163_b, CODSTA-164_a, CODSTA-164_b, CODSTA-221
    Coding Conventions for C++ CODSTA-CPP-101, CODSTA-CPP-36, CODSTA-CPP-60, CODSTA-CPP-78, CODSTA-CPP-82
    Coding Conventions for Modern C++ CODSTA-MCPP-04
    Comments COMMENT-14
    Common Weakness Enumeration CWE-119-a, CWE-119-e, CWE-125-a, CWE-20-d, CWE-20-e, CWE-20-f, CWE-20-g, CWE-20-h, CWE-20-i, CWE-22-a, CWE-362-c, CWE-362-e, CWE-426-a, CWE-476-a, CWE-704-e, CWE-770-a, CWE-772-a, CWE-78-a, CWE-787-a, CWE-787-d, CWE-89-a
    Exceptions EXCEPT-08, EXCEPT-14, EXCEPT-22
    Formatting FORMAT-06, FORMAT-11, FORMAT-23, FORMAT-24, FORMAT-25
    Global Static Analysis GLOBAL-ONEUSEVAR
    High Integrity C++ HICPP-12_4_1-b, HICPP-12_4_1-c, HICPP-13_2_2-a, HICPP-17_3_3-a, HICPP-17_5_1-a, HICPP-18_2_2-a, HICPP-1_2_1-b, HICPP-1_2_1-f, HICPP-1_2_1-i, HICPP-2_5_3-a, HICPP-3_1_1-b, HICPP-4_2_2-a, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-5_5_1-a, HICPP-6_3_2-a, HICPP-6_4_1-a, HICPP-8_4_1-a, HICPP-9_1_1-a
    Joint Strike Fighter JSF-037, JSF-042, JSF-098, JSF-105, JSF-115, JSF-118, JSF-135_b, JSF-136_b, JSF-137, JSF-143_a, JSF-157, JSF-186_b, JSF-186_f, JSF-207
    MISRA C 1998 MISRA-022, MISRA-023, MISRA-038, MISRA-071_a
    MISRA C 2004 MISRA2004-12_4_a, MISRA2004-12_8, MISRA2004-13_2, MISRA2004-14_1_b, MISRA2004-14_1_f, MISRA2004-16_10, MISRA2004-16_7, MISRA2004-5_2_b, MISRA2004-8_10, MISRA2004-8_1_a, MISRA2004-9_2_c
    MISRA C++ 2008 MISRA2008-0_1_1_b, MISRA2008-0_1_1_f, MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_4, MISRA2008-0_1_6, MISRA2008-0_1_8, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_c, MISRA2008-0_3_1_e, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-12_1_1, MISRA2008-12_1_2, MISRA2008-14_6_1, MISRA2008-15_3_1, MISRA2008-15_5_2, MISRA2008-15_5_3_f, MISRA2008-15_5_3_h, MISRA2008-2_10_2_b, MISRA2008-2_13_1, MISRA2008-3_3_1, MISRA2008-3_4_1_a , MISRA2008-5_0_16_a, MISRA2008-5_0_16_b, MISRA2008-5_14_1, MISRA2008-5_8_1, MISRA2008-7_1_2_a, MISRA2008-7_3_1, MISRA2008-8_5_2_c, MISRA2008-9_3_3
    MISRA C 2012 (Legacy) MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_a, MISRA2012-DIR-4_14_e, MISRA2012-DIR-4_14_f, MISRA2012-DIR-4_14_g, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_14_k, MISRA2012-DIR-4_14_l, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_c, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_h, MISRA2012-RULE-10_1_a, MISRA2012-RULE-10_1_b, MISRA2012-RULE-10_2, MISRA2012-RULE-10_3_b, MISRA2012-RULE-10_4_a, MISRA2012-RULE-10_4_b, MISRA2012-RULE-12_1_c, MISRA2012-RULE-12_2, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-14_4, MISRA2012-RULE-16_1_f, MISRA2012-RULE-16_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-18_1_a, MISRA2012-RULE-18_1_c, MISRA2012-RULE-19_1_c, MISRA2012-RULE-1_3_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_e, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_20, MISRA2012-RULE-22_1, MISRA2012-RULE-2_1_b, MISRA2012-RULE-2_1_f, MISRA2012-RULE-2_2_b, MISRA2012-RULE-5_3_b, MISRA2012-RULE-8_13_a, MISRA2012-RULE-9_1
    MISRA C 2012 MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-c, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-a, MISRAC2012-DIR_4_14-e, MISRAC2012-DIR_4_14-f, MISRAC2012-DIR_4_14-g, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_14-k, MISRAC2012-DIR_4_14-l, MISRAC2012-RULE_10_1-a, MISRAC2012-RULE_10_1-b, MISRAC2012-RULE_10_2-a, MISRAC2012-RULE_10_3-b, MISRAC2012-RULE_10_4-a, MISRAC2012-RULE_10_4-b, MISRAC2012-RULE_12_1-c, MISRAC2012-RULE_12_2-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_14_4-a, MISRAC2012-RULE_16_1-f, MISRAC2012-RULE_16_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_18_1-c, MISRAC2012-RULE_19_1-c, MISRAC2012-RULE_1_3-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_20-a, MISRAC2012-RULE_22_1-a, MISRAC2012-RULE_2_1-b, MISRAC2012-RULE_2_1-f, MISRAC2012-RULE_2_2-b, MISRAC2012-RULE_5_3-b, MISRAC2012-RULE_8_13-a, MISRAC2012-RULE_9_1-a
    Naming Conventions NAMING-06, NAMING-18
    Optimization OPT-01, OPT-02, OPT-32, OPT-41
    OWASP Top 10 2017 OWASP2017-A1-b, OWASP2017-A1-c, OWASP2017-A1-d, OWASP2017-A1-e, OWASP2017-A1-f, OWASP2017-A3-a, OWASP2017-A5-a
    OWASP Top 10 2019 OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-g, OWASP2019-API3-k, OWASP2019-API4-a, OWASP2019-API4-b, OWASP2019-API8-a, OWASP2019-API8-b, OWASP2019-API8-c, OWASP2019-API8-d, OWASP2019-API8-e, OWASP2019-API8-f, OWASP2019-API8-h, OWASP2019-API9-e
    OWASP Top 10 2021 OWASP2021-A1-a, OWASP2021-A2-a, OWASP2021-A3-b, OWASP2021-A3-c, OWASP2021-A3-d, OWASP2021-A3-e, OWASP2021-A3-f, OWASP2021-A8-a
    Possible Bugs PB-43
    Security SECURITY-04, SECURITY-14
    STL Best Practices STL-23, STL-37
    Templates TEMPL-12

    Removed Rules

    Rule ID

    Notes

    MISRAC2012-RULE_14_3-a

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_a.

    MISRAC2012-RULE_14_3-b

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_b.

    MISRAC2012-RULE_14_3-c

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_c.

    MISRAC2012-RULE_14_3-d

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_d.

    MISRAC2012-RULE_14_3-e

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_j.

    MISRAC2012-RULE_14_3-f

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_k.

    MISRAC2012-RULE_14_3-g

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_l.

    MISRAC2012-RULE_14_3-h

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_m.

    MISRAC2012-RULE_14_3-i

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_n.

    MISRAC2012-RULE_14_3-j

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_s.

    MISRAC2012-RULE_14_3-k

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_t.

    MISRAC2012-RULE_14_3-l

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_u.

    MISRAC2012-RULE_14_3-m

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_v.

    MISRAC2012-RULE_14_3-n

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_w.

    MISRAC2012-RULE_14_3-o

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_x.

    MISRAC2012-RULE_14_3-p

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_y.

    MISRAC2012-RULE_14_3-q

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_z.

    MISRAC2012-RULE_14_3-r

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_aa.

    MISRAC2012-RULE_14_3-s

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ab.

    MISRAC2012-RULE_14_3-t

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ac.

    MISRAC2012-RULE_14_3-u

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ad.

    MISRAC2012-RULE_14_3-v

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ae.

    MISRAC2012-RULE_14_3-w

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_af.

    MISRAC2012-RULE_14_3-x

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ag.

    MISRAC2012-RULE_14_3-y

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ah.

    MISRAC2012-RULE_14_3-z

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ai.

    MISRAC2012-RULE_14_3-aa

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_aj.

    MISRAC2012-RULE_14_3-ab

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as MISRA2004-13_7_ak.

    MISRAC2012-RULE_14_3-ad

    MISRAC2012-RULE_14_3-ac should be used instead. The original rule is available as BD-PB-SWITCH.

    MISRA2012-RULE-14_3_a

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_a.

    MISRA2012-RULE-14_3_b

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_b.

    MISRA2012-RULE-14_3_c

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_c.

    MISRA2012-RULE-14_3_d

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_d.

    MISRA2012-RULE-14_3_e

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_j.

    MISRA2012-RULE-14_3_f

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_k.

    MISRA2012-RULE-14_3_g

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_l.

    MISRA2012-RULE-14_3_h

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_m.

    MISRA2012-RULE-14_3_i

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_n.

    MISRA2012-RULE-14_3_j

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_s.

    MISRA2012-RULE-14_3_k

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_t.

    MISRA2012-RULE-14_3_l

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_u.

    MISRA2012-RULE-14_3_m

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_v.

    MISRA2012-RULE-14_3_n

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_w.

    MISRA2012-RULE-14_3_o

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_x.

    MISRA2012-RULE-14_3_p

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_y.

    MISRA2012-RULE-14_3_q

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_z.

    MISRA2012-RULE-14_3_r

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_aa.

    MISRA2012-RULE-14_3_s

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ab.

    MISRA2012-RULE-14_3_t

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ac.

    MISRA2012-RULE-14_3_u

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ad.

    MISRA2012-RULE-14_3_v

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ae.

    MISRA2012-RULE-14_3_w

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_af.

    MISRA2012-RULE-14_3_x

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ag.

    MISRA2012-RULE-14_3_y

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ah.

    MISRA2012-RULE-14_3_z

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ai.

    MISRA2012-RULE-14_3_za

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_aj.

    MISRA2012-RULE-14_3_zb

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as MISRA2004-13_7_ak.

    MISRA2012-RULE-14_3_zd

    MISRA2012-RULE-14_3_zc should be used instead. Original rule is available as BD-PB-SWITCH.

    PB-36Consider using BD-PB-VCTOR, BD-PB-VDTOR instead.

    We've improved the violation message in the following rules:

    • BD-SECURITY-TDALLOC
    • BD-SECURITY-TDCMD
    • BD-SECURITY-TDCONSOLE
    • BD-SECURITY-TDENV
    • BD-SECURITY-TDFNAMES
    • BD-SECURITY-TDINPUT
    • BD-SECURITY-TDLOOP
    • BD-SECURITY-TDSQL

    As a result, existing DTP-based suppressions and in-file suppressions may no longer apply

    IPv6 is now supported

    .

    Scroll Only

    For information about this release, see https://docs.parasoft.com/display/CPPTESTPROEC20221/Updates+in+2022.1.