In this release, we've focused on extending support for environments and enhancing C/C++test's security testing capabilities.
Support for Environments
New Compilers
We've added support for the following compilers:
| Compiler Name | Compiler Acronym |
|---|---|
| GNU GCC 8.x | gcc_8 |
| GNU GCC 8.x (x86_64) | gcc_8-64 |
| IAR Compiler for RL78 v. 3.10.x | iccrl78_3_10 |
Deprecated Compilers
The following compilers are no longer supported:
| Compiler Name | Compiler Acronym |
|---|---|
| Analog Devices C/C++ Compiler 7.0 for ADSP SHARC | ad21k_7_0 |
| Analog Devices C/C++ Compiler 7.0 for ADSP TigerSHARC | adts_7_0 |
| CodeSourcery Sourcery G++ Lite 2007q3-51 | csgccarm_4_2 |
See Compilers for details about currently supported compilers.
Enhanced Test Case Editor
We've extended the Test Case Editor to automatically parameterize your test case with values specified in a corresponding data source. Now you can:
- create a parameterized test case–this will generate both a test case and a new data source that will be used to parameterize this test case; see Creating Test Cases
- use an existing data source to parameterize a test case; see Parameterizing the Test Case
Extended Compliance Packs
We've extended the Security Compliance Pack to help you enforce compliance with the CERT C and CERT C++ security standards:
CERT C
- We've added the "SEI CERT C Rules" test configuration that helps you enforce the SEI CERT C Coding Standard rules.
- We've extended the "SEI CERT C Coding Guidelines" test configuration" to help you enforce both the SEI CERT C Coding Standard rules and guidelines.
CERT C++
- We've added the "SEI CERT C++ Rules" test configuration that helps you enforce the SEI CERT C++ Coding Standard rules.
Compliance Packs require dedicated license features to be activated. Contact Parasoft Support for more details on Compliance Packs licensing.
Flow Analysis Improvements
- We've improved the presentation of Flow Analysis results to help you better understand the findings.
- We've extended Flow Analysis with the options that allow you to specify functions that can check if the resource is open, as well as functions that can be safely called on a closed resource (see Flow Analysis - Resources Tab Options).
- We've improved support for std::nullptr_t type in Flow Analysis.
New and Updated Test Configurations
We've added the following built-in test configurations:
- SEI CERT C++ Rules
- SEI CERT C Rules
- Run VxWorks DKM Application with Full Monitoring (File System, WRWB 4.x)
- Run VxWorks DKM Unit Tests (File System, WRWB 4.x)
- Run VxWorks RTP Application with Full Monitoring (File System, WRWB 4.x)
- Run VxWorks RTP Unit Tests (File System, WRWB 4.x)
See Built-in Test Configurations for the list of test configurations shipped with C/C++test.
Deprecated Test Configurations
The following test configurations are now deprecated:
- CERT C Coding Standard
- CRules
- DISA-STIG Coding Standard
- Ellemtel
- ISO 26262 Recommended Rules
- MISRA C 2012 Legacy
- OWASP Top 10 Security Vulnerabilities
- Parasoft's Recommended FDA C++ Phase 1
- Parasoft's Recommended FDA C++ Phase 2
- Parasoft's Recommended FDA C++ Phase 3
- Parasoft's Recommended Rules
- SAMATE Annex A Source Code Weaknesses
The deprecated test configurations are not available by default, but can be applied as team-shared or user-defined test configurations (see Importing Test Configurations). They are now shipped with C/C++test in the following location: [INSTALL_DIR]/configs/deprecated.
New and Updated Code Analysis Rules
In this release, we've added new static analysis rules to extend coverage of compliance standards; see New Rules and Updated Rules for the lists of new and updated rules.
Other Changes
- We've removed support for Microsoft Team Foundation Server 2008
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
CPP-18534 | WindRiver Workbench 4.0 IDE support |
CPP-33421 | Add support for "asm goto" gcc extension (Linux Kernel Module) |
CPP-39308 | MDK-ARM ARM 6 compiler support |
CPP-40407 | Violations from SA rules are displayed in incorrect line when they are reported on code from macro |
CPP-40551 | Extend MISRA2004-11_5 to report on casts of const/volatile objects to reference type |
CPP-40553 | New rule: CODSTA-MCPP-22 Use explicit ref-qualifiers on auto declarations in range-based for loops |
CPP-40623 | Clang: fix undefined and mismatching builtins |
CPP-40695 | VS2017 plugin registration shall not be user-specific. |
CPP-40771 | New rule CODSTA-201: Do not process structured text data natively |
CPP-40772 | New rule CODSTA-199: Do not use assertions in production code |
CPP-40773 | New rule OOP-54: Do not increase the accessibility of overridden or hidden methods |
CPP-40774 | New rule: PORT-29 Enable serialization compatibility during class evolution |
CPP-40775 | New rule CODSTA-82_b: Do not use an empty infinite loop |
CPP-41516 | CODSTA-16 does not trigger violations on sizes of enum or const type |
CPP-41517 | RW: Missing information about va_list being builtin/predeclared type. |
CPP-41520 | Reference to Enum type causes compilation problem of auto generated testcase |
CPP-41525 | Rule MISRA2004-10_4 (CODSTA-198) should not report violations on cast of non complex expressions |
CPP-41530 | CODSTA-30 false positive on parameter passed as reference |
CPP-41541 | Fast coverage instrumentation causes compilation errors when asm statement is used |
CPP-41553 | Eclipse 4.8 IDE support |
CPP-41586 | Rule PB-27 does not report violation when a wide string is assigned to the pointer to wchar_t type (gcc on linux) |
CPP-41605 | error: this statement is not allowed inside of a statement expression |
CPP-41611 | New rule: JSF-37 |
CPP-41614 | Deprecate Parasoft's Recommended Rules test configuration |
CPP-41646 | GNU GCC 8.x compiler support |
CPP-41671 | IAR RL78 v3.10 compiler support |
CPP-41709 | MISRA2012-RULE.21_2_b and MISRA2012-RULE.21_2_c problem with va_list. |
CPP-41741 | Property 'Entity' for node 'Variables' returns variables used in initializer |
CPP-41744 | MISRA2012-RULE-20_12 false positive |
CPP-41748 | Test Case Editor: parameterize test case automatically |
CPP-41750 | MDK ARM/uVision 5 IDE support |
CPP-41831 | RULE_OUTPUT_CHANGE Incorrect output messages in NAMING-HN rules |
CPP-41840 | Rule ID broken in suppression records in C/C++test reports |
CPP-41842 | RULE_OUTPUT_CHANGE The output message in PB-44 rule should be improved |
CPP-41866 | Create parameterized test case in Test Case Editor |
CPP-41868 | Warnings when instrumenting with cpptestcc |
CPP-41871 | Do not report CLLOCRIF, CLLOCRIT, CLLOCRIM values if there are no logical lines |
CPP-41944 | HICPP-16_1_5-a rules is missing in dtp server integration package (not available on DTP server) |
CPP-41977 | Duplicated violations after importing from DTP |
CPP-42042 | internal error: assertion failed at: "lookup.c", line 2738 |
CPP-42070 | Add support for installing VS2017 plugin for multiple users |
CPP-42075 | Rule MRM-40 should not report violations when copying is disabled |
| FA-6689 | BD-PB-NP false negative when dynamic_cast is used |
| FA-6649 | BD-PB-CC false positive on bit-AND |
| FA-6611 | BD-RES-LEAKS false positives when resource is casted |
| FA-6453 | Simulation incorrectly assumes pointer dereference operation on "&(ptr->field)" operation. |
| FA-5769 | BD-PB-CHECKRET violation message contains line numbers |
New Rules
The following rules have been added:
Rule ID | Header |
|---|---|
| AUTOSAR-A15_5_2-b | The library functions 'abort()', 'quick_exit()' and '_Exit()' from 'cstdlib' library shall not be used |
| AUTOSAR-A15_5_3-b | Never allow an exception to be thrown from a destructor, deallocation, and swap |
| AUTOSAR-A15_5_3-c | Do not throw from within destructor |
AUTOSAR-A15_5_3-d | There should be at least one exception handler to catch all otherwise unhandled exceptions |
AUTOSAR-A15_5_3-e | An empty throw (throw;) shall only be used in the compound-statement of a catch handler |
| AUTOSAR-A15_5_3-f | Exceptions shall be raised only after start-up and before termination of the program |
AUTOSAR-A15_5_3-g | Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point |
| AUTOSAR-A15_5_3-h | Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) |
AUTOSAR-A15_5_3-i | Function called in global or namespace scope shall not throw unhandled exceptions |
| AUTOSAR-A15_5_3-j | Always catch exceptions |
| AUTOSAR-A15_5_3-k | Properly define exit handlers |
| AUTOSAR-A5_1_4-b | Never capture local objects from an outer lambda by reference |
| AUTOSAR-A5_1_4-c | The lambda that captures local objects by reference should not be assigned to the variable with a greater lifetime |
| BD-CO-EMPCON | Do not pass empty container iterators to std algorithms as destinations |
| BD-CO-STRMOD | Use valid references, pointers, and iterators to reference elements of a basic_string |
| BD-PB-NEWHAN | Properly define new handlers |
| BD-PB-POLARR | Do not treat arrays polymorphically |
| BD-PB-PTRCMP | Do not compare two unrelated pointers |
| BD-PB-PTRVALUE | Do not store an already-owned pointer value in an unrelated smart pointer |
| BD-PB-SUBSEQMOVE | Do not rely on the value of a moved-from object |
| BD-PB-TERMHAN | Properly define terminate handlers |
| BD-PB-UNEXPHAN | Properly define unexpected handlers |
| BD-PB-VALRANGE | Guarantee that container indices are within the valid range |
CERT_C-ARR02-a | Explicitly specify array bounds in array declarations with initializers |
| CERT_C-DCL10-a | There should be no difference between the number of tags from format string and the number of corresponding argument in 'printf' function invocation |
CERT_C-DCL11-a | There should be no mismatch between the '%s' or '%c' tag from format string and its corresponding argument in 'printf' function invocation |
CERT_C-DCL11-b | There should be no mismatch between the '%f' tag from format string and its corresponding argument in 'printf' function invocation |
CERT_C-DCL11-c | There should be no mismatch between the '%i' or '%d' tag from format string and its corresponding argument in 'printf' function invocation |
| CERT_C-DCL11-d | There should be no mismatch between the '%u' tag from format string and its corresponding argument in 'printf' function invocation |
| CERT_C-DCL11-e | There should be no mismatch between the '%p' tag from format string and its corresponding argument in 'printf' function invocation |
CERT_C-DCL11-f | There should be no difference between the number of tags from format string and the number of corresponding argument in 'printf' function invocation |
| CERT_C-ERR01-a | The error indicator errno shall not be used |
| CERT_C-ERR02-a | The Standard Library input/output functions shall not be used |
| CERT_C-ERR06-a | Do not use assertions |
CERT_C-ERR07-b | The Standard Library input/output functions shall not be used |
CERT_C-EXP15-a | Suspicious use of semicolon |
| CERT_C-FIO22-a | Ensure resources are freed |
| CERT_C-FIO24-a | Avoid race conditions while accessing files |
CERT_C-FIO32-a | Protect against file name injection |
| CERT_C-INT08-a | Avoid integer overflows |
| CERT_C-INT15-a | The basic types of char, int, short, long, float and double should not be used, but specific-length equivalents should be typedef'd |
| CERT_C-MEM00-d | Do not use resources that have been freed |
| CERT_C-MEM00-e | Ensure resources are freed |
| CERT_C-MEM02-a | Assignment operator should have operands of compatible types |
CERT_C-MEM02-b | Do not assign function return value to a variable of incompatible type |
| CERT_C-MEM04-a | The validity of values passed to library functions shall be checked |
| CERT_C-MEM05-a | Do not use recursion |
| CERT_C-MEM05-b | Ensure the size of the variable length array is in valid range |
CERT_C-MEM07-a | The validity of values passed to library functions shall be checked |
| CERT_C-MSC40-a | An inline definition of a function with external linkage shall not contain definitions and uses of static objects |
CERT_C-MSC41-a | Do not hard code string literals |
CERT_C-STR05-a | A string literal shall not be modified |
CERT_CPP-CON50-a | Do not destroy another thread's mutex |
| CERT_CPP-CON51-a | Do not call lock() directly on a mutex |
| CERT_CPP-CON52-a | Use locks to prevent race conditions when modifying bit fields |
| CERT_CPP-CON53-a | Do not acquire locks in different order |
| CERT_CPP-CON54-a | Wrap functions that can spuriously wake up in a loop |
| CERT_CPP-CON55-a | Do not use the 'notify_one()' function when multiple threads are waiting on the same condition variable |
| CERT_CPP-CON56-a | Avoid double locking |
CERT_CPP-CTR50-a | Guarantee that container indices are within the valid range |
CERT_CPP-CTR51-a | Do not modify container while iterating over it |
CERT_CPP-CTR52-a | Do not pass empty container iterators to std algorithms as destinations |
CERT_CPP-CTR53-a | Do not use an iterator range that isn't really a range |
CERT_CPP-CTR53-b | Do not compare iterators from different containers |
CERT_CPP-CTR54-a | Do not compare iterators from different containers |
CERT_CPP-CTR54-b | Do not compare two unrelated pointers |
CERT_CPP-CTR55-a | Do not add or subtract a constant with a value greater than one from an iterator |
CERT_CPP-CTR56-a | Don't treat arrays polymorphically |
CERT_CPP-CTR56-b | A pointer to an array of derived class objects should not be converted to a base class pointer |
CERT_CPP-CTR56-c | Do not treat arrays polymorphically |
CERT_CPP-CTR57-a | For associative containers never use comparison function returning true for equal values |
CERT_CPP-CTR58-a | Make predicates const pure functions |
CERT_CPP-DCL50-a | Functions shall not be defined with a variable number of arguments |
CERT_CPP-DCL51-a | Do not #define or #undef identifiers with names which start with underscore |
CERT_CPP-DCL51-b | Do not redefine reserved words |
CERT_CPP-DCL51-c | Do not #define nor #undef identifier 'defined' |
CERT_CPP-DCL51-d | The names of standard library macros, objects and functions shall not be reused |
CERT_CPP-DCL51-e | The names of standard library macros, objects and functions shall not be reused (C90) |
CERT_CPP-DCL51-f | The names of standard library macros, objects and functions shall not be reused (C99) |
CERT_CPP-DCL52-a | Never qualify a reference type with 'const' or 'volatile' |
CERT_CPP-DCL53-a | Always declare functions at file scope |
CERT_CPP-DCL53-b | Identifier declared in a local or function prototype scope shall not hide an identifier declared in a global or namespace scope |
CERT_CPP-DCL54-a | Always provide new and delete together |
CERT_CPP-DCL55-a | A pointer to a structure should not be passed to a function that can copy data to the user space |
CERT_CPP-DCL56-a | Avoid initialization order problems across translation units by replacing non-local static objects with local static objects |
CERT_CPP-DCL57-a | Never allow an exception to be thrown from a destructor, deallocation, and swap |
CERT_CPP-DCL57-b | Always catch exceptions |
CERT_CPP-DCL58-a | Do not modify the standard namespaces 'std' and 'posix' |
CERT_CPP-DCL59-a | There shall be no unnamed namespaces in header files |
CERT_CPP-DCL60-a | A class, union or enum name (including qualification, if any) shall be a unique identifier |
CERT_CPP-ERR50-a | The execution of a function registered with 'std::atexit()' or 'std::at_quick_exit()' should not exit via an exception |
CERT_CPP-ERR50-b | Never allow an exception to be thrown from a destructor, deallocation, and swap |
CERT_CPP-ERR50-c | Do not throw from within destructor |
CERT_CPP-ERR50-d | There should be at least one exception handler to catch all otherwise unhandled exceptions |
CERT_CPP-ERR50-e | An empty throw (throw; ) shall only be used in the compound-statement of a catch handler |
CERT_CPP-ERR50-f | Exceptions shall be raised only after start-up and before termination of the program |
CERT_CPP-ERR50-g | Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point |
CERT_CPP-ERR50-h | Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) |
CERT_CPP-ERR50-i | Function called in global or namespace scope shall not throw unhandled exceptions |
CERT_CPP-ERR50-j | Always catch exceptions |
CERT_CPP-ERR50-k | Properly define exit handlers |
CERT_CPP-ERR50-l | The library functions 'abort()', 'quick_exit()' and '_Exit()' from 'cstdlib' library shall not be used |
CERT_CPP-ERR51-a | Always catch exceptions |
CERT_CPP-ERR51-b | Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point |
CERT_CPP-ERR52-a | The setjmp macro and the longjmp function shall not be used |
CERT_CPP-ERR52-b | The standard header filesetjmp.hshall not be used |
CERT_CPP-ERR53-a | Handlers of a function-try-block implementation of a class constructor or destructor shall not reference nonstatic members from this class or its bases |
CERT_CPP-ERR54-a | Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class |
CERT_CPP-ERR55-a | Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) |
CERT_CPP-ERR56-a | Ensure resources are freed |
CERT_CPP-ERR57-a | Ensure resources are freed |
CERT_CPP-ERR58-a | Exceptions shall be raised only after start-up and before termination of the program |
CERT_CPP-ERR59-a | Do not throw an exception across execution boundaries |
CERT_CPP-ERR60-a | Exception objects must be nothrow copy constructible |
CERT_CPP-ERR60-b | An explicitly declared copy constructor for a class that inherits from 'std::exception' should have a non-throwing exception specification |
CERT_CPP-ERR61-a | A class type exception shall always be caught by reference |
CERT_CPP-ERR61-b | Throw by value, catch by reference |
CERT_CPP-ERR62-a | The library functions atof, atoi and atol from library stdlib.h shall not be used |
CERT_CPP-EXP50-a | The value of an expression shall be the same under any order of evaluation that the standard permits |
CERT_CPP-EXP50-b | Don't write code that depends on the order of evaluation of function arguments |
CERT_CPP-EXP50-c | Don't write code that depends on the order of evaluation of function designator and function arguments |
CERT_CPP-EXP50-d | Don't write code that depends on the order of evaluation of expression that involves a function call |
CERT_CPP-EXP50-e | Between sequence points an object shall have its stored value modified at most once by the evaluation of an expression |
CERT_CPP-EXP50-f | Don't write code that depends on the order of evaluation of function calls |
CERT_CPP-EXP51-a | Do not treat arrays polymorphically |
CERT_CPP-EXP52-a | The operand of the sizeof operator shall not contain any expression which has side effects |
CERT_CPP-EXP52-b | Object designated by a volatile lvalue should not be accessed in the operand of the sizeof operator |
CERT_CPP-EXP52-c | The function call that causes the side effect shall not be the operand of the sizeof operator |
CERT_CPP-EXP53-a | Avoid use before initialization |
CERT_CPP-EXP54-a | Do not use resources that have been freed |
CERT_CPP-EXP54-b | The address of an object with automatic storage shall not be returned from a function |
CERT_CPP-EXP54-c | The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist |
CERT_CPP-EXP55-a | A cast shall not remove any 'const' or 'volatile' qualification from the type of a pointer or reference |
CERT_CPP-EXP56-a | Do not call a function with a mismatched language linkage |
CERT_CPP-EXP57-a | Do not delete objects with incomplete class at the point of deletion |
CERT_CPP-EXP57-b | Conversions shall not be performed between a pointer to an incomplete type and any other type |
CERT_CPP-EXP58-a | Use macros for variable arguments correctly |
CERT_CPP-EXP60-a | Do not pass a nonstandard-layout type object across execution boundaries |
CERT_CPP-EXP61-a | Never return lambdas that capture local objects by reference |
CERT_CPP-EXP61-b | Never capture local objects from an outer lambda by reference |
CERT_CPP-EXP61-c | The lambda that captures local objects by reference should not be assigned to the variable with a greater lifetime |
CERT_CPP-EXP63-a | Do not rely on the value of a moved-from object |
CERT_CPP-FIO50-a | Do not alternately input and output from a stream without an intervening flush or positioning call |
CERT_CPP-FIO51-a | Ensure resources are freed |
CERT_CPP-INT50-a | An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration |
CERT_CPP-MEM50-a | Do not use resources that have been freed |
CERT_CPP-MEM51-a | Use the same form in corresponding calls to new/malloc and delete/free |
CERT_CPP-MEM51-b | Always provide empty brackets ([]) for delete when deallocating arrays |
CERT_CPP-MEM51-c | Both copy constructor and copy assignment operator should be declared for classes with a nontrivial destructor |
CERT_CPP-MEM52-a | Check the return value of new |
CERT_CPP-MEM52-b | Do not allocate resources in function argument list because the order of evaluation of a function's parameters is undefined |
CERT_CPP-MEM53-a | Do not invoke malloc/realloc for objects having constructors |
CERT_CPP-MEM55-a | The user defined 'new' operator should throw the 'std::bad_alloc' exception when the allocation fails |
CERT_CPP-MEM56-a | Do not store an already-owned pointer value in an unrelated smart pointer |
CERT_CPP-MSC50-a | Do not use the rand() function for generating pseudorandom numbers |
CERT_CPP-MSC51-a | Properly seed pseudorandom number generators |
CERT_CPP-MSC52-a | All exit paths from a function with non-void return type shall have an explicit return statement with an expression |
CERT_CPP-MSC53-a | Never return from functions that should not return |
CERT_CPP-MSC54-a | Properly define signal handlers |
CERT_CPP-OOP50-a | Avoid calling virtual functions from constructors |
CERT_CPP-OOP50-b | Avoid calling virtual functions from destructors |
CERT_CPP-OOP50-c | Do not invoke class's virtual functions from any of its constructors |
CERT_CPP-OOP50-d | Do not invoke class's virtual functions from its destructor |
CERT_CPP-OOP51-a | Avoid slicing function arguments / return value |
CERT_CPP-OOP52-a | Define a virtual destructor in classes used as base classes which have virtual functions |
CERT_CPP-OOP53-a | List members in an initialization list in the order in which they are declared |
CERT_CPP-OOP54-a | Check for assignment to self in operator= |
CERT_CPP-OOP55-a | A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type |
CERT_CPP-OOP56-a | Properly define terminate handlers |
CERT_CPP-OOP56-b | Properly define unexpected handlers |
CERT_CPP-OOP56-c | Properly define new handlers |
CERT_CPP-OOP57-a | Do not initialize objects with a non-trivial class type using C standard library functions |
CERT_CPP-OOP57-b | Do not compare objects of nonstandard-layout class type with C standard library functions |
CERT_CPP-OOP58-a | Copy operations must not mutate the source object |
CERT_CPP-STR50-a | Use vector and string instead of arrays |
CERT_CPP-STR51-a | Avoid null pointer dereferencing |
CERT_CPP-STR52-a | Use valid references, pointers, and iterators to reference elements of a basic_string |
CERT_CPP-STR53-a | Guarantee that container indices are within the valid range |
CODSTA-197 | Do not specify the bound of a character array initialized with a string literal |
CODSTA-199 | Do not use assertions |
CODSTA-200 | Explicitly specify array bounds in array declarations with initializers |
CODSTA-201 | Do not process structured text data natively |
CODSTA-202 | An inline definition of a function with external linkage shall not contain definitions and uses of static objects |
CODSTA-203 | Do not hard code string literals |
CODSTA-82_b | Do not use empty infinite loops |
CODSTA-CPP-93 | Do not initialize objects with a non-trivial class type using C standard library functions |
CODSTA-CPP-94 | Do not compare objects of nonstandard-layout class type with C standard library functions |
CODSTA-CPP-95 | Do not modify the standard namespaces 'std' and 'posix' |
CODSTA-CPP-96 | Do not call a function with a mismatched language linkage |
CODSTA-CPP-97 | Never qualify a reference type with 'const' or 'volatile' |
CODSTA-CPP-98 | Copy operations must not mutate the source object |
CODSTA-MCPP-17_b | Never capture local objects from an outer lambda by reference |
CODSTA-MCPP-17_c | The lambda that captures local objects by reference should not be assigned to the variable with a greater lifetime |
CODSTA-MCPP-22 | Use explicit ref-qualifiers on auto declarations in range-based 'for' loops |
EXCEPT-19 | Exception objects must be nothrow copy constructible |
EXCEPT-20 | An explicitly declared copy constructor for a class that inherits from 'std::exception' should have a non-throwing exception specification |
JSF-037 | A file should directly include only headers containing declarations and definitions needed to a compilation |
MISRA2008-15_5_3_b | Never allow an exception to be thrown from a destructor, deallocation, and swap |
MISRA2008-15_5_3_c | Do not throw from within destructor |
MISRA2008-15_5_3_d | There should be at least one exception handler to catch all otherwise unhandled exceptions |
MISRA2008-15_5_3_e | An empty throw (throw; ) shall only be used in the compound-statement of a catch handler |
MISRA2008-15_5_3_f | Exceptions shall be raised only after start-up and before termination of the program |
MISRA2008-15_5_3_g | Each exception explicitly thrown in the code shall have a handler of a compatible type in all call paths that could lead to that point |
MISRA2008-15_5_3_h | Where a function's declaration includes an exception-specification, the function shall only be capable of throwing exceptions of the indicated type(s) |
MISRA2008-15_5_3_i | Function called in global or namespace scope shall not throw unhandled exceptions |
MISRA2008-15_5_3_j | Always catch exceptions |
MISRA2008-15_5_3_k | Properly define exit handlers |
| MRM-53 | The user defined 'new' operator should throw the 'std::bad_alloc' exception when the allocation fails |
OOP-54 | Do not increase the accessibility of overridden or hidden methods |
OPT-41 | A file should directly include only the headers that contain declarations and definitions required to compile that file |
PB-74 | Do not add or subtract a constant with a value greater than one from an iterator |
PB-75 | The library functions 'abort()', 'quick_exit()' and '_Exit()' from 'cstdlib' library shall not be used |
PORT-29 | A pointer to a structure should not be passed to a function that writes data to a file |
PORT-30 | Do not throw an exception across execution boundaries |
PORT-31 | Do not pass a nonstandard-layout type object across execution boundaries |
SECURITY-50 | Do not use the 'notify_one()' function when multiple threads are waiting on the same condition variable |
Updated Rules
We've updated following static analysis rules to improve analysis results:
Rule Category | Rule IDs |
|---|---|
AUTOSAR C++14 Coding Guidelines | AUTOSAR-A12_0_1-a, AUTOSAR-A15_1_4-a, AUTOSAR-A15_5_2-a, AUTOSAR-A15_5_3-a, AUTOSAR-A15_5_3-b, AUTOSAR-A2_14_2-a, AUTOSAR-A5_2_2-a, AUTOSAR-A5_2_3-a, AUTOSAR-A7_1_1-a, AUTOSAR-M0_3_1-f, AUTOSAR-M4_5_3-a, AUTOSAR-M5_0_21-a, AUTOSAR-M5_2_8-a |
Flow Analysis | BD-CO-ITINVCOMP, BD-CO-ITMOD, BD-PB-NP, BD-PB-STREAMINOUT, BD-PB-VARARGS, BD-PB-VCTOR, BD-PB-VDTOR, BD-RES-FREE, BD-RES-LEAKS, BD-TRS-DLOCK, BD-TRS-DSTRLOCK |
SEI CERT C | CERT_C-CON30-a, CERT_C-CON31-a, CERT_C-CON31-b, CERT_C-CON35-a, CERT_C-DCL00-a, CERT_C-ERR33-c, CERT_C-EXP05-a, CERT_C-EXP32-a, CERT_C-EXP34-a, CERT_C-EXP40-a, CERT_C-FIO22-a, CERT_C-FIO39-a, CERT_C-FIO42-a, CERT_C-FIO46-a, CERT_C-INT13-a, CERT_C-INT16-a, CERT_C-INT36-a, CERT_C-MEM00-d, CERT_C-MEM00-e, CERT_C-MEM01-a, CERT_C-MEM12-a, CERT_C-MEM30-a, CERT_C-MEM31-a, CERT_C-MSC19-b, CERT_C-MSC39-a, CERT_C-POS48-a, CERT_C-POS54-c, CERT_C-STR05-a, CERT_C-STR09-a, CERT_C-STR10-a, CERT_C-STR30-a, CERT_C-WIN30-a |
SEI CERT C++ | CERT_CPP-CON50-a, CERT_CPP-CON56-a, CERT_CPP-CTR51-a, CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL51-e, CERT_CPP-DCL51-f, CERT_CPP-DCL57-a, CERT_CPP-ERR50-a, CERT_CPP-ERR50-b, CERT_CPP-ERR56-a, CERT_CPP-ERR57-a, CERT_CPP-EXP54-a, CERT_CPP-EXP55-a, CERT_CPP-EXP58-a, CERT_CPP-FIO50-a, CERT_CPP-FIO51-a, CERT_CPP-MEM50-a, CERT_CPP-OOP50-c, CERT_CPP-OOP50-d, CERT_CPP-STR51-a |
Coding Conventions | CODSTA-16, CODSTA-30, CODSTA-63, CODSTA-65, CODSTA-69 |
Coding Conventions for C++ | CODSTA-CPP-11, CODSTA-CPP-53, CODSTA-CPP-66 |
Exceptions | EXCEPT-01 |
High Integrity C++ | HICPP-12_4_1-b, HICPP-12_4_1-c, HICPP-18_3_1-a, HICPP-5_2_1-c, HICPP-5_4_1-a, HICPP-5_4_1-c, HICPP-5_6_1-a, HICPP-7_1_2-a, HICPP-8_4_1-b |
Joint Strike Fighter | JSF-151.1, JSF-185 |
MISRA C 2004 | MISRA2004-11_5, MISRA2004-20_2_a, MISRA2004-20_2_b |
MISRA C++ 2008 | MISRA2008-0_3_1_b, MISRA2008-15_5_3, MISRA2008-15_5_3_b, MISRA2008-2_13_5, MISRA2008-4_5_3, MISRA2008-5_0_21, MISRA2008-5_2_4, MISRA2008-5_2_5, MISRA2008-5_2_8, MISRA2008-7_1_1 |
MISRA C 2012 (Legacy) | MISRA2012-DIR-4_13_a, MISRA2012-DIR-4_13_b, MISRA2012-DIR-4_13_e, MISRA2012-DIR-4_1_b, MISRA2012-RULE-11_8, MISRA2012-RULE-1_3_c, MISRA2012-RULE-21_2_b, MISRA2012-RULE-21_2_c, MISRA2012-RULE-22_1, MISRA2012-RULE-22_2_a, MISRA2012-RULE-22_6, MISRA2012-RULE-7_4 |
MISRA C 2012 | MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_13-a, MISRAC2012-DIR_4_13-b, MISRAC2012-DIR_4_13-e, MISRAC2012-RULE_11_8-a, MISRAC2012-RULE_1_3-c, MISRAC2012-RULE_21_2-b, MISRAC2012-RULE_21_2-c, MISRAC2012-RULE_22_1-a, MISRAC2012-RULE_22_2-a, MISRAC2012-RULE_22_6-a, MISRAC2012-RULE_7_4-a |
Memory and Resource Management | MRM-40 |
Possible Bugs | PB-27, PB-38, PB-44 |
The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:
- BD-PB-ARRAY
- BD-PB-CHECKRET
- BD-PB-OVERFARRAY
- BD-PB-PTRARR
- BD-PB-ZERO
- BD-TRS-MLOCK
- NAMING-HN-*
You can restore the previous messages and suppressions for the BD category rules by configuring; see Why are suppressions of some rules no longer available on DTP after C/C++test was upgraded to a newer version?.
