This release includes the following enhancements:

Release date: May 31, 2024

  • DTP or License Server 2024.1 is required for licensing C/C++test 2024.1. You must upgrade to DTP or License Server 2024.1 before upgrading to C/C++test 2024.1 in order to license the product successfully.
  • Connections to DTP and License Server must be over HTTPS. HTTP is no longer supported.

Enhanced Security Compliance Pack

  • The Security Pack has been extended with new CWE Top 25 2023 and CWE Top 25 + on the Cusp 2023 test configurations to help you achieve compliance with the security standards.
  • The DISA ASD STIG rule set and the DISA-ASD-STIG test configuration have been updated to reflect the changes in the DISA-ASD-STIG 2022-09 standard.

Enhanced Static Analysis

  • The flow analysis engine has been enhanced to better support modern C++ constructs, including if statements with initializers and structured bindings. These enhancements enable more precise code execution simulations and improve the accuracy of reported findings.
  • The accuracy of selected MISRA C++ 2023 rules has been improved.
  • Support for rule parametrization has been extended for selected rules.
  • New code analysis rules have been added to extend coverage of compliance standards. See New Rules and Updated Rules for the lists of new and updated rules.

Support for Compilers

The following compilers are now supported:

Compiler NameCompiler Identifier
GCC for Tricore 4.9.xtricoregcc_4_9
HighTec Clang C/C++ Compiler 8.1 (aarch32/arm)*hightec-clang_8_1-aarch32
IAR Compiler for ARM v. 9.40xiccarm_9_40
IAR Compiler for ARM v. 9.50xiccarm_9_50
QNX GCC 8.x (ARM64) **qccarm_8-64
QNX GCC 8.x (x86_64) **qcc_8-64

* - Static analysis only.

** - Support level has been updated from Standard to Extended.

The support level for the QNX GCC 5.x and QNX GCC 5.x (ARM64) compilers has been changed from Extended to Standard.

See Supported Compilers.

Support for IDEs

Support for Eclipse versions 4.24 (2022-06) - 4.31 (2024-03) has been added.

New and Updated Test Configurations

The Security Compliance Pack has been extended by adding support for the following test configurations:

  • CWE Top 25 2023
  • CWE Top 25 + On the Cusp 2023
  • OWASP API Security Top 10-2023

The following test configuration has been updated with new rules:

  • DISA-ASD-STIG

Additional Updates

  • Bazel build system integration has been enhanced. Collecting code coverage for Bazel is now supported. For details, see Integrating with Bazel.
  • Authentication can now be enabled for connecting to a standalone License Server if it is configured to require authentication; see Setting the Parasoft License and license.network.auth.enabled.
  • You can now specify custom parameters to be added to the report.xml header using the report.xml.param{n}.key and report.xml.param{n}.value settings.
  • Coverage instrumentation may be disabled or enabled for specific functions by using the parasoft-instrumentation coverage comments. See Disabling Coverage Instrumentation Selectively.
  • The shipped JRE has been upgraded to version 17.0.10+7.
  • The default report file names have changed for the following supported formats:
    Report FormatBeforeNow

    SARIF for Azure DevOps

    		report.sarifreport_azure.sarif

    SAST v14 for GitLab

    		report.sastreport_v14.sast

    cppUnit

    		report_report.xmlreport_cppunit.xml

    XSL Custom

    		report.htmlreport_custom.html

    For details, see Report File Names.

Deprecated and Removed Support

Deprecated Support for IDEs

Support for the following IDE is now deprecated and will be removed in a future release:

  • Visual Studio 2015

Compilers to Be Deprecated

Support for the following compilers will be deprecated in future releases:

  • ARM Compiler 5.0
  • ARM Compiler 5.0 for uVision
  • GNU GCC 4.9.x (mips64el)
  • Green Hills Software Compiler for PPC v. 2013.1.x
  • IAR Compiler for MSP430 v. 6.1x
  • Microchip MPLAB C30 Compiler for dsPIC v3.2x
  • National Instruments LabWindows/CVI 2015 Clang C/C++ Compiler v3.3 for Win32
  • Renesas RX C/C++ Compiler 2.5x

Deprecated Compilers

Support for the following compilers is deprecated and will be removed in future releases:

  • GNU GCC 5.x
  • GNU GCC 5.x (x86_64)
  • GNU GCC 6.x
  • GNU GCC 6.x (x86_64)
  • Green Hills Software Compiler for ARM64 v. 2014.1.x
  • Green Hills Software Compiler for PPC v. 4.2.x
  • Green Hills Software Compiler for PPC v. 5.0.x
  • Green Hills Software Compiler for V850 v. 2014.1.x
  • IAR Compiler for ARM v. 7.4x
  • IAR Compiler for ARM v. 7.8x
  • IAR Compiler for M16C & R8C v. 3.5x
  • Microsoft Visual C++ 14.0
  • Microsoft Visual C++ 14.0 (x64)
  • SH Series C/C++ Compiler V.9.04.xx
  • Vx-toolset for TriCore C/C++ Compiler 6.2
  • Wind River GCC 4.8.x

Removed Support for Compilers

The following compilers are no longer supported:

  • Clang C/C++ Compiler v 6.0
  • FR Family Softune C/C++ Compiler V6
  • TI MSP430 C/C++ Compiler GNU GCC 6.x
  • TI TMS320C2000 C/C++ Compiler v16.9

Resolved Bugs and FRs

Bug/FR ID

Description

CPP-36809

[coverage] Ignore decision / branching points when the decision outcome is known at compile time

CPP-50180

[static] MISRA2004-10_1_a (MISRA2008-5_0_4_a) reports false positives for enumeration constants

CPP-51512

[coverage] Document "parasoft-instrumentation coverage off/on" comments

CPP-52296

[compiler] Support for IAR ARM 9.40 (windows, extended, full)

CPP-52872

[static] Improve mapping for AUTOSAR M5-8-1

CPP-52955

[static] Extend mapping for MISRA2008 5-8-1 (AUTOSAR M5-8-1) rule

CPP-54945

[engine] instrumentation does not compile - error: invalid redeclaration of member function template

CPP-55003

[static] Improve mapping for MISRA2008-7_5_4 / AUTOSAR-A7_5_2-a

CPP-55518

[compiler] Support for HighTec C compiler for ARM (based on LLVM 13.x) - Static Analysis

CPP-55598

[static] Add mapping for CWE 390 Error Without Action

CPP-55599

[static] Add mapping for CWE 398 Poor Code Quality

CPP-55734

[static] Analysis hanging on CDD-DUPI on RapidJSON project

CPP-55746

[static] Improve mapping for the HIC++ 7.1.6 requirement

CPP-55821

[compiler] Support for HighTec TriCore 4.9 (windows, extended, full)

CPP-56183

[static] CODSTA-14 reports false positives on casts from non-pointer/non-reference types

CPP-56220

[static] CODSTA-CPP-92 (MISRA2008-10_2_1-a, AUTOSAR-M10_2_1) does not report violations for classes defined in different files or for classes with the same base name used in the inheritance hierarchy

CPP-56270

[static] CODSTA-CPP-62 (MISRA2008-4_10_1, AUTOSAR-A4_10_1-a, AUTOSAR-M4_10_1-a) does not report violation when 'NULL' macro expands to value different than literal '0'

CPP-56272

[engine] error: "final" is not a function or static data member

CPP-56284

[static] CODSTA-MCPP-11_a_cpp11 (AUTOSAR-A7_1_2-a) reports false positives on compiler generated variables

CPP-56286

[static] Improve mapping for MISRACPP2023 Rule 6.7.2

CPP-56434

[static] Split CODSTA-63 rule to (optionally) exclude reporting positive const integer values used in bitwise operators

CPP-56435

[engine] Double definition with _attribute_((overloadable)) in Android NDK

CPP-56463

[static] Introduce additional exception in MISRA C++:2023 7.0.1 and 7.0.3 to allow discarding values returned from functions (CODSTA-CPP-211, CODSTA-316)

CPP-56467

[build] cpptesttrace error with space in file path

CPP-56491

[static] Improve mapping for MISRACPP2023 Rule 16.6.1

CPP-56502

[static] CODSTA-60 (CERT_C-EXP20-a) does not report violations when a line with 'TRUE' contains the use of a macro

CPP-56507

[static] Update documentation for OPT-03 (AUTOSAR-A0_1_4-a) for parameters used in 'if constexpr' in templates

CPP-56508

[static] INTERNAL-GLOBAL-ONEUSEVAR_1 reports python error on templates

CPP-56513

[engine] Parse error: atomic constraint depends on itself

CPP-56566

[static] Improve mapping for MISRACPP2023 Rule 8.2.5

CPP-56572

[engine] parse error: parameter pack "types_t" was referenced but not expanded

CPP-56582

[ide] Optimize static analysis in C/C++test Pro for large workspaces

CPP-56583

[engine] error: more than one instance of function "<unnamed>::TraceInternals::GetProcAddress" matches the argument list

CPP-56584

[engine] Command-line error: invalid macro definition when using /D with #

CPP-56592

[compiler] Extended support for QNX GCC 8 (x86-64, arm64)

CPP-56601

[engine] error: a ref-qualifier is not allowed here

CPP-56656

[static] MISRACPP2023-9_5_1-a (CODSTA-315) false positives on perceived loop counter vs. loop bound type mismatch

CPP-56658

[static] Improve mapping for CWE-190 Integer Overflow

CPP-56660

[static] Add mapping for CWE-366 Race Condition Within Thread

CPP-56663

[static] OPT-05 (AUTOSAR-M0_1_3-c) reports false positive when private members are used in a function of inner class

CPP-56665

[engine] error: no instance of overloaded function rapidjson::GenericValue

CPP-56676

[engine] Add support for new built-in types to edgtk mangler

CPP-56717

[static] CODSTA-CPP-82 (MISRACPP2023-6_7_2-a) reports false positive on global constexpr variables

CPP-56722

[static] MISRA2004-14_1_a (MISRACPP2023-0_0_1-a) reports false positive on the code after 'if constexpr' statement with 'else'

CPP-56728

[rulewizard] Empty statement incorrectly detected after 'if constrexpr-else' construct

CPP-56735

[engine] cpptestcc crash when instrumenting for coverage

CPP-56745

[static] Do not report header file without corresponding source file in total number of files to test

CPP-56749

[engine] hexagon_clang's target_gnu_version is wrong and breaks designated initializers

CPP-56783

[static] MISRACPP2023-9_5_1-a: improve violation message

CPP-56784

[static] INIT-19 (MISRACPP2023-15_1_4-a) reports false positive for defaulted copy and move constructors

CPP-56785

[static] MISRACPP2023-6_7_2-a reports false positive for global constexpr variable

CPP-56786

[static] FORMAT-48 (MISRACPP2023-6_0_1-b) reports false positive for parameters used in noexcept

CPP-56788

[static] MISRACPP2023-16_6_1-a reports false positive violation for operator << which is not symmetrical

CPP-56789

[static] MISRACPP2023-5_10_1-a false positive on nested "posix" namespace

CPP-56801

[static] Modify default value of "Report on variable declarations > including unused non-initialized primitives and pointers." param for built-in clones of BD-PB-VOVR

CPP-56804

[engine] Update edg.microsoft_version to 1939 for vc_14_3 compiler

CPP-56911

[engine] C/C++test doesn't recognize stubs in functions that use std::tuple

CPP-56918

[build] cpptest_bdf.bzl has two coding errors

CPP-56924

[engine] Flexible array member init parsing error with IAR Compiler 9.10

CPP-56925

[engine] error: the template argument list of the partial specialization includes a nontype argument whose type depends on a template parameter

CPP-57059

[engine] class template is not compatible with template template parameter

CPP-57360

[engine] Support generalized template template parameters in Clang 10 and above

CPP-57372

[engine] Program received signal 11 at: Stack trace: 0# 0x00007FC1B9C81090 in /lib/x86_64-linux-gnu/libc.so.6

FA-9453

Incorrectly modelled realloc function from the C standard library Juliet/CWE-401

FA-9689

BD-PB-VOVR throws java.lang.OutOfMemoryError

FA-9692

BD-PB-ARRAY(MISRAC2012-DIR_4_1-a) - false positive

FA-9713

BD-PB-OVERFFMT False Positive for '*' string precision

FA-9736

Incorrect value stored for the union member

FA-9787

BD-PB-OVERFNZT false positives

FA-9795

BD-PB-NOTINIT false positive

FA-9841

BD-PB-ARRAY false positive

FA-9842

BD-PB-CC false positive

FA-9847

Incorrect results of incremental analysis possible when using compiler with sizeof byte != 8

FA-9852

BD-PB-ARRAY inconsistent behavior

FA-9856

BD-PB-NOTINIT false positive on array initialized in called function via reference

FA-9866

Possible MISRA false positives (BD-API-STRSIZE, BD-PB-OVERFRD)

FA-9883

BD-PB-ARRAY triggers for nested structures

Updates to Rules

New Rules

Rule ID

Header

APSC_DV-000060-a

Use secure temporary file name functions

APSC_DV-000060-b

Call 'umask' before calling 'mkstemp'

APSC_DV-000510-a

Call 'umask' before calling 'mkstemp'

APSC_DV-000510-b

Call 'chdir' if you call 'chroot'

APSC_DV-001350-a

Do not use weak encryption functions

APSC_DV-001360-a

Do not use weak encryption functions

APSC_DV-001370-a

Standard random number generators should not be used to generate randomness for security reasons

APSC_DV-001370-b

Do not use weak encryption functions

APSC_DV-002020-a

Standard random number generators should not be used to generate randomness for security reasons

APSC_DV-002020-b

Do not use weak encryption functions

APSC_DV-002030-a

Standard random number generators should not be used to generate randomness for security reasons

APSC_DV-002030-b

Do not use weak encryption functions

APSC_DV-002040-a

Standard random number generators should not be used to generate randomness for security reasons

APSC_DV-002040-b

Do not use weak encryption functions

APSC_DV-002050-a

Standard random number generators should not be used to generate randomness for security reasons

APSC_DV-002050-b

The random number generator functions 'rand()' and 'srand()' should not be used

APSC_DV-002050-c

Properly seed pseudorandom number generators

APSC_DV-002380-a

A pointer to a structure should not be passed to a function that can copy data to the user space

APSC_DV-002485-a

Do not hard code string literals

APSC_DV-002485-b

Usage of system properties (environment variables) should be restricted

APSC_DV-002580-a

Avoid passing sensitive data to functions that write to log files

APSC_DV-002580-b

Do not print potentially sensitive information, resulting from an application error into exception messages

APSC_DV-003100-a

Do not use weak encryption functions

APSC_DV-003120-a

Avoid passing sensitive data to functions that write to log files

APSC_DV-003120-b

Do not print potentially sensitive information, resulting from an application error into exception messages

APSC_DV-003120-c

A pointer to a structure should not be passed to a function that can copy data to the user space

APSC_DV-003140-a

Do not use weak encryption functions

APSC_DV-003235-c

If a function returns error information, then that error information shall be tested

APSC_DV-003235-d

Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class

APSC_DV-003280-a

Do not hard code string literals

APSC_DV-003320-a

Avoid using the 'vfork()' function

APSC_DV-003320-b

Avoid using thread-unsafe functions

APSC_DV-003320-c

Validate potentially tainted data before it is used to determine the size of memory allocation

APSC_DV-003320-d

Validate potentially tainted data before it is used in the controlling expression of a loop

AUTOSAR-A12_8_5-b

User-provided move assignment operators shall handle self-assignment

AUTOSAR-A15_5_2-d

The 'terminate' function should not be used

AUTOSAR-A3_1_1-b

Functions and non-const objects with internal linkage should not be declared in header files

AUTOSAR-M5_0_21-b

Bitwise operators shall not use positive integer literals as operands

AUTOSAR-M5_8_1-b

The right-hand operand of a constant expression shift operator shall lie between zero and one less than the width in bits of the essential type of the left-hand operand

BD-SECURITY-TDINTOVERF

Avoid potential integer overflow/underflow on tainted data

CERT_C-INT13-b

Operands of shift operators shall have an unsigned type

CERT_C-INT16-b

Bitwise operators shall not use positive integer literals as operands

CODSTA-244

The signal handling facilities of signal.h, except for a call to the 'signal()' function with a value of SIG_IGN, shall not be used

CODSTA-63_a

Bitwise operators shall not use positive integer literals as operands

CODSTA-CPP-20_b

Symmetrical operators should only be implemented as non-member functions

CODSTA-CPP-213

Pass only 'noexcept' functions to exception-unfriendly functions

CODSTA-MCPP-62

A variable initialized by a constant expression of a standard integer type should not be defined with the 'auto' specifier

CWE-125-e

Avoid tainted data in array indexes

CWE-190-j

Avoid data loss when converting between integer types

CWE-190-k

Avoid potential integer overflow/underflow on tainted data

CWE-366-a

There shall be no data races between threads

CWE-390-a

Empty 'catch' blocks should not be used

CWE-390-b

Avoid using 'if' statements with empty bodies

CWE-787-h

Avoid tainted data in array indexes

HICPP-5_6_1-b

Bitwise operators shall not use positive integer literals as operands

JSF-039_b

Functions and non-const objects with internal linkage should not be declared in header files

MISRA2008-3_1_1_b

It shall be possible to include any header file in multiple translation units without violating the One Definition Rule

MISRA2008-5_0_21_b

Bitwise operators shall not use positive integer literals as operands

MISRA2008-5_8_1_b

The right-hand operand of a constant expression shift operator shall lie between zero and one less than the width in bits of the underlying type of the left-hand operand

MISRACPP2023-15_8_1-b

User-provided move assignment operators shall handle self-assignment

MISRACPP2023-18_4_1-c

Pass only 'noexcept' functions to exception-unfriendly functions

MISRACPP2023-18_5_2-d

The 'terminate' function should not be used

MISRACPP2023-7_11_2-b

An object of array type should not be passed as a variadic argument to a function

OOP-34_b

User-provided move assignment operators shall handle self-assignment

OPT-49

Null statements should not be used

OPT-50

Empty compound statements should not be used

OPT-51

Avoid using 'if' statements with empty bodies

OWASP2023-API10-a

Avoid tainted data in array indexes

OWASP2023-API10-b

Avoid potential integer overflow/underflow on tainted data

OWASP2023-API10-c

Avoid passing unvalidated binary data to log methods

OWASP2023-API10-d

Protect against command injection

OWASP2023-API10-e

Avoid printing tainted data on the output console

OWASP2023-API10-f

Protect against environment injection

OWASP2023-API10-g

Exclude unsanitized user input from format strings

OWASP2023-API10-h

Protect against SQL injection

OWASP2023-API10-i

Protect against file name injection

OWASP2023-API10-j

Untrusted data is used as a loop boundary

OWASP2023-API2-a

Do not use weak encryption functions

OWASP2023-API3-a

Sensitive data should be cleared before being deallocated

OWASP2023-API3-b

Avoid passing sensitive data to functions that write to log files

OWASP2023-API3-c

Do not print potentially sensitive information, resulting from an application error into exception messages

OWASP2023-API4-a

Validate potentially tainted data before it is used to determine the size of memory allocation

OWASP2023-API4-b

Validate potentially tainted data before it is used in the controlling expression of a loop

OWASP2023-API4-c

Do not create variables on the stack above the defined limits

OWASP2023-API4-d

Ensure resources are freed

OWASP2023-API8-a

Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class

OWASP2023-API8-b

Empty 'catch' blocks should not be used

OWASP2023-API8-c

Properly use errno value

OWASP2023-API9-a

All usage of assembler shall be documented

OWASP2023-API9-b

Objects or functions with external linkage shall be declared in a header file

OWASP2023-API9-c

All uses of the #pragma directive shall be documented and explained

OWASP2023-API9-d

Document functions in comments that precede function definitions

PB-41_c

An object of array type should not be passed as a variadic argument to a function

PB-75_d

The 'terminate' function should not be used

PFO-01_b

Functions and non-const objects with internal linkage should not be declared in header files

PORT-01_b

The lowercase form of 'L' shall not be used as the first character in a literal suffix

TEMPL-07_b

A template constructor shall not participate in overload resolution for a single argument of the enclosing class type

Updated Rules

Category ID

Rule IDs

AUTOSAR C++14 Coding Guidelines

AUTOSAR-A0_1_1-a, AUTOSAR-A0_4_4-a, AUTOSAR-A12_4_1-a, AUTOSAR-A12_8_5-a, AUTOSAR-A14_5_1-a, AUTOSAR-A15_0_2-a, AUTOSAR-A15_1_4-a, AUTOSAR-A15_3_3-a, AUTOSAR-A15_5_2-b, AUTOSAR-A15_5_2-c, AUTOSAR-A15_5_3-d, AUTOSAR-A15_5_3-e, AUTOSAR-A18_0_2-a, AUTOSAR-A27_0_1-g, AUTOSAR-A27_0_1-h, AUTOSAR-A27_0_2-a, AUTOSAR-A3_1_1-a, AUTOSAR-A3_1_4-a, AUTOSAR-A3_3_1-b, AUTOSAR-A4_10_1-a, AUTOSAR-A5_10_1-a, AUTOSAR-A5_2_4-a, AUTOSAR-A5_2_5-a, AUTOSAR-A6_6_1-a, AUTOSAR-A7_1_2-a, AUTOSAR-A7_1_2-b, AUTOSAR-A7_5_2-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_1-c, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-c, AUTOSAR-M0_1_4-a, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_1-h, AUTOSAR-M0_3_1-i, AUTOSAR-M10_2_1-a, AUTOSAR-M15_1_3-a, AUTOSAR-M16_0_7-a, AUTOSAR-M18_0_3-a, AUTOSAR-M18_0_3-b, AUTOSAR-M18_0_3-c, AUTOSAR-M18_7_1-a, AUTOSAR-M4_10_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_0_21-a, AUTOSAR-M5_18_1-a, AUTOSAR-M5_2_12-a, AUTOSAR-M5_8_1-a, AUTOSAR-M6_6_2-a, AUTOSAR-M7_3_1-a

Coding Conventions for C++

CODSTA-CPP-09, CODSTA-CPP-211, CODSTA-CPP-212, CODSTA-CPP-36, CODSTA-CPP-62, CODSTA-CPP-66, CODSTA-CPP-82, CODSTA-CPP-92, CODSTA-CPP-95_b

Coding Conventions for Modern C++

CODSTA-MCPP-11_a_cpp11, CODSTA-MCPP-11_b_cpp11, CODSTA-MCPP-26

Coding Conventions

CODSTA-110, CODSTA-125, CODSTA-14, CODSTA-301, CODSTA-302, CODSTA-305, CODSTA-313, CODSTA-315, CODSTA-316, CODSTA-60, CODSTA-63, CODSTA-77

Common Weakness Enumeration

CWE-119-a, CWE-119-c, CWE-119-d, CWE-125-a, CWE-125-c, CWE-20-b, CWE-20-d, CWE-20-e, CWE-20-f, CWE-20-g, CWE-20-h, CWE-20-i, CWE-22-a, CWE-401-a, CWE-668-a, CWE-704-c, CWE-77-a, CWE-770-a, CWE-772-a, CWE-78-a, CWE-787-a, CWE-787-c, CWE-89-a

DISA ASD STIG

APSC_DV-000480-a, APSC_DV-001290-a, APSC_DV-001300-a, APSC_DV-002000-a, APSC_DV-002400-a, APSC_DV-002510-a, APSC_DV-002520-a, APSC_DV-002520-b, APSC_DV-002520-c, APSC_DV-002520-f, APSC_DV-002520-h, APSC_DV-002520-i, APSC_DV-002520-j, APSC_DV-002530-a, APSC_DV-002530-b, APSC_DV-002530-c, APSC_DV-002530-f, APSC_DV-002530-h, APSC_DV-002530-i, APSC_DV-002530-j, APSC_DV-002540-a, APSC_DV-002550-a, APSC_DV-002550-b, APSC_DV-002550-c, APSC_DV-002550-f, APSC_DV-002550-h, APSC_DV-002550-i, APSC_DV-002550-j, APSC_DV-002560-a, APSC_DV-002560-b, APSC_DV-002560-c, APSC_DV-002560-f, APSC_DV-002560-h, APSC_DV-002560-i, APSC_DV-002560-j, APSC_DV-002590-a, APSC_DV-002590-b, APSC_DV-002590-c, APSC_DV-002590-g, APSC_DV-003235-a, APSC_DV-003235-b

Exceptions

EXCEPT-06, EXCEPT-07, EXCEPT-25

Flow Analysis

BD-API-BADPARAM, BD-API-VALPARAM, BD-CO-ITINVCOMP, BD-PB-ARRAY, BD-PB-BADSHIFT, BD-PB-CC, BD-PB-MCCSTR, BD-PB-NOTINIT, BD-PB-OVERFFMT, BD-PB-OVERFNZT, BD-PB-OVERFRD, BD-PB-UCMETH, BD-PB-VOVR, BD-RES-LEAKS, BD-SECURITY-TDALLOC, BD-SECURITY-TDCMD, BD-SECURITY-TDCONSOLE, BD-SECURITY-TDENV, BD-SECURITY-TDFNAMES, BD-SECURITY-TDINPUT, BD-SECURITY-TDLOOP, BD-SECURITY-TDSQL, BD-TRS-THRDR

Formatting

FORMAT-48

Global Static Analysis

GLOBAL-ONEUSEVAR

High Integrity C++

HICPP-15_3_2-b, HICPP-1_2_1-a, HICPP-1_2_1-h, HICPP-1_2_1-i, HICPP-4_1_1-a, HICPP-4_2_2-f, HICPP-5_1_2-i, HICPP-5_2_1-a, HICPP-5_4_1-b, HICPP-5_6_1-a, HICPP-5_7_2-a, HICPP-6_3_1-b, HICPP-8_4_1-a

Initialization

INIT-101, INIT-19

Joint Strike Fighter

JSF-021_b, JSF-023, JSF-024, JSF-024_b, JSF-024_d, JSF-039_a, JSF-081, JSF-097_d, JSF-098, JSF-164, JSF-168_b, JSF-183_b, JSF-185, JSF-186_a, JSF-189, JSF-207

MISRA C 2004

MISRA2004-10_1_g, MISRA2004-12_10, MISRA2004-14_1_a, MISRA2004-14_4, MISRA2004-19_11_b, MISRA2004-20_10, MISRA2004-20_11, MISRA2004-20_11_b, MISRA2004-20_11_d, MISRA2004-20_8_b, MISRA2004-8_12

MISRA C 2012 (Legacy)

MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_a, MISRA2012-DIR-4_14_b, MISRA2012-DIR-4_14_e, MISRA2012-DIR-4_14_f, MISRA2012-DIR-4_14_g, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_14_k, MISRA2012-DIR-4_14_l, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_d, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_g, MISRA2012-DIR-5_1_c, MISRA2012-RULE-11_2, MISRA2012-RULE-11_8, MISRA2012-RULE-12_2, MISRA2012-RULE-12_2_b, MISRA2012-RULE-12_3, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-15_1, MISRA2012-RULE-15_2, MISRA2012-RULE-18_1_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_d, MISRA2012-RULE-20_9_b, MISRA2012-RULE-21_14, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_21, MISRA2012-RULE-21_5_b, MISRA2012-RULE-21_6, MISRA2012-RULE-21_7, MISRA2012-RULE-21_8, MISRA2012-RULE-21_8_b, MISRA2012-RULE-21_8_c, MISRA2012-RULE-22_1, MISRA2012-RULE-2_1_a, MISRA2012-RULE-2_1_h, MISRA2012-RULE-2_2_b, MISRA2012-RULE-8_11, MISRA2012-RULE-8_12, MISRA2012-RULE-9_1

MISRA C 2023 (MISRA C 2012)

MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-d, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-g, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-a, MISRAC2012-DIR_4_14-b, MISRAC2012-DIR_4_14-e, MISRAC2012-DIR_4_14-f, MISRAC2012-DIR_4_14-g, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_14-k, MISRAC2012-DIR_4_14-l, MISRAC2012-DIR_5_1-c, MISRAC2012-RULE_11_2-a, MISRAC2012-RULE_11_8-a, MISRAC2012-RULE_12_2-a, MISRAC2012-RULE_12_2-b, MISRAC2012-RULE_12_3-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_15_1-a, MISRAC2012-RULE_15_2-a, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-d, MISRAC2012-RULE_20_9-b, MISRAC2012-RULE_21_14-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_21-a, MISRAC2012-RULE_21_5-b, MISRAC2012-RULE_21_6-a, MISRAC2012-RULE_21_7-a, MISRAC2012-RULE_21_8-a, MISRAC2012-RULE_21_8-b, MISRAC2012-RULE_21_8-c, MISRAC2012-RULE_22_1-a, MISRAC2012-RULE_2_1-a, MISRAC2012-RULE_2_1-h, MISRAC2012-RULE_2_2-b, MISRAC2012-RULE_8_11-a, MISRAC2012-RULE_8_12-a, MISRAC2012-RULE_9_1-a

MISRA C++ 2008

MISRA2008-0_1_1_a, MISRA2008-0_1_2_aa, MISRA2008-0_1_3_c, MISRA2008-0_1_4, MISRA2008-0_1_6, MISRA2008-0_3_1_a, MISRA2008-0_3_1_d, MISRA2008-0_3_1_e, MISRA2008-0_3_1_g, MISRA2008-10_2_1, MISRA2008-15_1_3, MISRA2008-15_3_2, MISRA2008-15_5_3_d, MISRA2008-15_5_3_e, MISRA2008-16_0_7_b, MISRA2008-18_0_2, MISRA2008-18_0_3, MISRA2008-18_0_3_b, MISRA2008-18_0_3_d, MISRA2008-18_7_1_b, MISRA2008-3_1_1, MISRA2008-3_1_3, MISRA2008-4_10_1, MISRA2008-5_0_16_a, MISRA2008-5_0_21, MISRA2008-5_18_1, MISRA2008-5_2_12, MISRA2008-5_2_4, MISRA2008-5_8_1, MISRA2008-6_6_2, MISRA2008-7_3_1, MISRA2008-7_5_4

MISRA C++ 2023

MISRACPP2023-0_0_1-a, MISRACPP2023-0_0_2-a, MISRACPP2023-0_1_1-a, MISRACPP2023-0_2_4-a, MISRACPP2023-0_3_2-a, MISRACPP2023-10_2_3-a, MISRACPP2023-11_6_1-a, MISRACPP2023-11_6_2-a, MISRACPP2023-11_6_3-a, MISRACPP2023-12_2_2-b, MISRACPP2023-13_3_4-a, MISRACPP2023-15_1_4-a, MISRACPP2023-15_8_1-a, MISRACPP2023-16_6_1-a, MISRACPP2023-18_1_2-a, MISRACPP2023-18_3_1-a, MISRACPP2023-18_5_2-a, MISRACPP2023-18_5_2-b, MISRACPP2023-18_5_2-c, MISRACPP2023-19_1_3-a, MISRACPP2023-21_10_3-a, MISRACPP2023-21_2_1-a, MISRACPP2023-21_2_3-a, MISRACPP2023-30_0_1-b, MISRACPP2023-4_1_3-a, MISRACPP2023-5_10_1-a, MISRACPP2023-5_13_5-a, MISRACPP2023-6_0_1-b, MISRACPP2023-6_0_2-a, MISRACPP2023-6_0_3-a, MISRACPP2023-6_2_4-a, MISRACPP2023-6_7_2-a, MISRACPP2023-7_0_1-a, MISRACPP2023-7_0_2-a, MISRACPP2023-7_0_3-a, MISRACPP2023-7_11_2-a, MISRACPP2023-8_19_1-a, MISRACPP2023-8_2_2-a, MISRACPP2023-8_2_3-a, MISRACPP2023-8_2_5-a, MISRACPP2023-8_7_1-a, MISRACPP2023-8_7_1-c, MISRACPP2023-8_7_1-e, MISRACPP2023-9_5_1-a, MISRACPP2023-9_6_1-a, MISRACPP2023-9_6_3-a

Object Oriented

OOP-31, OOP-34

Optimization

OPT-05, OPT-22

OWASP API Security Top 10 (2019)

OWASP2019-API3-b, OWASP2019-API3-d, OWASP2019-API3-e, OWASP2019-API3-f, OWASP2019-API4-a, OWASP2019-API4-b, OWASP2019-API7-c, OWASP2019-API8-a, OWASP2019-API8-b, OWASP2019-API8-c, OWASP2019-API8-d, OWASP2019-API8-e, OWASP2019-API8-f

OWASP Top 10 (2017)

OWASP2017-A1-b, OWASP2017-A1-c, OWASP2017-A1-d, OWASP2017-A1-e, OWASP2017-A1-f, OWASP2017-A5-a, OWASP2017-A6-b

OWASP Top 10 (2021)

OWASP2021-A1-a, OWASP2021-A3-b, OWASP2021-A3-c, OWASP2021-A3-d, OWASP2021-A3-e, OWASP2021-A3-f, OWASP2021-A5-b

Physical File Organization

PFO-01

Possible Bugs

PB-41, PB-41_b, PB-58, PB-75, PB-75_b, PB-75_c

Security

SECURITY-48, SECURITY-48_b

SEI CERT C++

CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL53-a, CERT_CPP-ERR50-d, CERT_CPP-ERR50-e, CERT_CPP-ERR50-l, CERT_CPP-ERR50-n, CERT_CPP-ERR56-b, CERT_CPP-ERR57-a, CERT_CPP-ERR62-a, CERT_CPP-EXP53-a, CERT_CPP-EXP57-b, CERT_CPP-FIO51-a, CERT_CPP-OOP54-a, CERT_CPP-STR50-b

SEI CERT C

CERT_C-ARR30-a, CERT_C-ARR38-a, CERT_C-ARR38-c, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON30-a, CERT_C-CON37-a, CERT_C-DCL16-a, CERT_C-DCL22-a, CERT_C-ENV33-a, CERT_C-ERR02-a, CERT_C-ERR04-a, CERT_C-ERR04-b, CERT_C-ERR04-c, CERT_C-ERR05-a, CERT_C-ERR05-b, CERT_C-ERR05-c, CERT_C-ERR07-a, CERT_C-ERR34-a, CERT_C-EXP08-b, CERT_C-EXP20-a, CERT_C-EXP33-a, CERT_C-FIO22-a, CERT_C-FIO32-a, CERT_C-FIO37-a, CERT_C-FIO42-a, CERT_C-FLP32-a, CERT_C-INT04-a, CERT_C-INT13-a, CERT_C-INT16-a, CERT_C-INT34-a, CERT_C-MEM00-e, CERT_C-MEM12-a, CERT_C-MEM31-a, CERT_C-MSC07-a, CERT_C-MSC07-i, CERT_C-MSC12-a, CERT_C-MSC12-i, CERT_C-MSC12-j, CERT_C-MSC19-a, CERT_C-MSC24-a, CERT_C-POS30-a, CERT_C-SIG00-a, CERT_C-SIG01-a, CERT_C-SIG02-a, CERT_C-STR02-a, CERT_C-STR02-b, CERT_C-STR02-c, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR32-a, CERT_C-WIN30-a

Removed Rules

Rule ID

Notes

AUTOSAR-A18_0_2-b

Removed from AUTOSAR C++ 14 configuration. For other configurations, MISRA2004-20_10 can be used as a replacement.

AUTOSAR-A2_5_1-b

Removed from AUTOSAR C++ 14 configuration. For other configurations, MISRA2004-4_2 can be used as a replacement.

AUTOSAR-A9_5_1-b

Removed from AUTOSAR C++ 14 configuration. For other configurations, MISRA2004-18_4 can be used as a replacement.

AUTOSAR-M0_3_1-j

Removed from AUTOSAR C++ 14 configuration. For other configurations, BD-PB-CC or BD-PB-NP can be used as a replacement.

BD-PB-DEREF

BD-PB-CC can be used as a replacement.

BD-PB-INTOVERF

BD-PB-INTDL, BD-PB-INTUB, BD-PB-INTVC or BD-PB-INTWRAP can be used as a replacement.

BD-PB-POVR

BD-PB-VOVR can be used as a replacement.

CODSTA-63_b

CODSTA-307 and CODSTA-308 can be used as a replacement.

CWE-476-b

Removed from CWE Top 25 configuration. For other configurations, BD-PB-CC or BD-PB-NP can be used as a replacement.

HICPP-4_1_1-b

Removed from High Integrity C++ configuration. For other configurations, PB-41_b can be used as a replacement.

MISRA2008-0_3_1_f

Removed from MISRA C++ 2008 configuration. For other configurations, BD-PB-CC or BD-PB-NP can be used as a replacement.

MISRA2012-DIR-4_1_f

Removed from MISRA C 2012 (Legacy) configuration. For other configurations, BD-PB-CC or BD-PB-NP can be used as a replacement.

MISRAC2012-DIR_4_1-f

Removed from MISRA C 2023 (MISRA C 2012) configuration. For other configurations, BD-PB-CC or BD-PB-NP can be used as a replacement.

MISRACPP2023-7_0_3-b

Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-6_2 can be used as a replacement.

For information about this release, see https://docs.parasoft.com/display/CPPTEST20241/Updates+in+2024.1.