This release includes the following enhancements:
Release date: November 21, 2024
Enhanced Static Analysis
- New code analysis rules have been added to extend coverage of compliance standards. See New Rules for the list of new rules.
- Static analysis rules have been updated to increase the accuracy of reported violations. See Updated Rules for the list of updated rules.
- Static analysis engine has been enhanced to better support modern C/C++ syntax.
Enhanced Unit Testing and Code Coverage
Unit testing and coverage engine has been enhanced to better support modern C/C++ syntax.
In-File Suppressions Enhancements
- Added the ability to easily customize the location of suppression files in both the CLI and IDE.
- Enhancements to suppression definitions:
- You can now use a file path containing wildcards for the file attribute.
- You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.
For details, see Defining Suppressions in Suppression Files.
Support for Compilers
The following compilers are now supported:
| Compiler Name | Compiler Identifier |
|---|---|
| Clang C/C++ Compiler v 17.0 for x86_64 | clang_17_0-x86_64 |
| Clang C/C++ Compiler v 17.0 for aarch64/arm64 | clang_17_0-aarch64 |
| Clang C/C++ Compiler v 18.0 for x86_64 | clang_18_0-x86_64 |
| Clang C/C++ Compiler v 18.0 for aarch64/arm64 | clang_18_0-aarch64 |
| GNU GCC 11.x for PowerPC | gcc_11-powerpc |
| Green Hills Software Compiler for Tricore v. 2021.1.x | ghstri_2021_1 |
| HighTec Clang C/C++ Compiler 8.1 for aarch32/arm* | hightec-clang_8_1-aarch32 |
* - Runtime analysis support has been added.
The support level for the following compilers has been changed from Extended to Standard:
- IAR Compiler for MSP430 v. 6.1x (icc430_6_1)
- QNX GCC 5.x (ARM64) (qccarm_5-64)
- QNX GCC 5.x (qcc_5)
- Wind River Clang 8.0.x (wrclang_8_0)
- Wind River Clang 9.0.x for aarch32 (wrclang_9_0-aarch32)
- Wind River Diab 5.9.x (diab_5_9)
See Compilers.
Support for IDEs
The following IDEs are now supported:
- Eclipse version 4.32 (2024-06)
- Eclipse version 4.33 (2024-09)
- Texas Instruments Code Composer Studio 12
Updated Test Configurations
The following test configurations have been updated with new rules:
- AUTOSAR C++14 Coding Guidelines
- CWE Top 25 + On the Cusp 2022
- CWE Top 25 + On the Cusp 2023
- CWE Top 25 2022
- CWE Top 25 2023
- Flow Analysis Aggressive
- Flow Analysis Fast
- Flow Analysis Standard
- Joint Strike Fighter
- MISRA C 1998
- MISRA C 2004
- MISRA C 2023 (MISRA C 2012)
- MISRA C 2012 Legacy
- MISRA C++ 2008
- MISRA C++ 2023
- OWASP API Security Top 10 2019
- Recommended Rules
- SEI CERT C Guidelines
- SEI CERT C Rules
- SEI CERT C++ Rules
- Security Rules
Additional Updates
- On Linux x86_64, the required minimum glibc version is now 2.17.
- An option to disable C/C++test instrumentation for functions with OpenMP instructions has been added. See How can I disable C/C++test code instrumentation for functions containing OpenMP instructions?
- An option to disable symbolic links expansion when generating coverage reports for Bazel projects has been added. See Integrating with Bazel.
Deprecated and Removed Support
Deprecated Support for IDEs
Support for the following IDEs is deprecated and will be removed in future releases:
- ARM DS-5 5.28
- Eclipse 4.6 ('Neon') - 4.21 (2021-09)
- QNX Software Development Platform 7
- Texas Instruments Code Composer Studio 10
- Wind River Workbench 4.0
Removed Support for IDEs
The following IDEs are no longer supported:
- Texas Instruments Code Composer Studio 7.4
- Texas Instruments Code Composer Studio 8.0
Compilers to Be Deprecated
Support for the following compilers will be deprecated in future releases:
- ARM Compiler 6.9
- Clang C/C++ Compiler v 8.0 (x86_64)
- Clang C/C++ Compiler v 10.0 (x86_64)
- Green Hills Software Compiler for ARM v. 2017.5.x
- Green Hills Software Compiler for ARM64 v. 2017.5.x
- Green Hills Software Compiler for PPC v. 2017.1.x
- Hexagon Clang Compiler v. 8.4.x
- IAR Compiler for ARM v. 8.11.x
- Microchip MPLAB C32 Compiler for PIC32 v2.0x
- QNX GCC 5.x
- QNX GCC 5.x (x86-64)
- QNX GCC 5.x (ARM)
- QNX GCC 5.x (ARM64)
- Renesas RX C/C++ Compiler 2.5x
- TI ARM C/C++ Compiler v18.1
- TI ARM C/C++ Compiler GNU GCC 7.x
Deprecated Compilers
Support for the following compilers is deprecated and will be removed in future releases:
- ARM Compiler 5.0
- ARM Compiler 5.0 for uVision
- GNU GCC 6.x
- GNU GCC 6.x (x86_64)
- Green Hills Software Compiler for PPC v. 2013.1.x
- IAR Compiler for MSP430 v. 6.1x
- Microchip MPLAB C30 Compiler for dsPIC v3.2x
- National Instruments LabWindows/CVI 2015 Clang C/C++ Compiler v3.3 for Win32
Removed Support for Compilers
The following compilers are no longer supported:
- GNU GCC 5.x
- GNU GCC 5.x (x86_64)
- Green Hills Software Compiler for ARM64 v. 2014.1.x
- Green Hills Software Compiler for PPC v. 4.2.x
- Green Hills Software Compiler for PPC v. 5.0.x
- Green Hills Software Compiler for V850 v. 2014.1.x
- IAR Compiler for ARM v. 7.4x
- IAR Compiler for ARM v. 7.8x
- IAR Compiler for M16C & R8C v. 3.5x
- Microsoft Visual C++ 14.0
- Microsoft Visual C++ 14.0 (x64)
- SH Series C/C++ Compiler V.9.04.xx
- Vx-toolset for TriCore C/C++ Compiler 6.2
- Wind River GCC 4.8.x
Deprecated Support for IAR Import
Importing Embedded Workbench .ewp project files is now deprecated and will be removed in future releases.
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
CPP-46243 | [static] Mapping for CERT FIO01-C and FIO21-C should be improved |
CPP-47511 | [static] Split MISRA2004-2_4 (AUTOSAR-A2_7_2-a) rule (exclude doxygen comments) |
CPP-53074 | [static] Optimize scope computation for large workspaces (with C/C++test Pro) |
CPP-55517 | [compiler] Support for Green Hills compiler 2021.1.5 for TriCore |
CPP-55616 | [static] The do-while(0) statements (used in macro) should not be counted in cyclomatic complexity |
CPP-56180 | [static] Remove AUTOSAR-A3_9_1-c rule mapping |
CPP-56567 | [static] MISRA2004-19_9 (MISRAC2012-RULE_20_6-a) does not report violation when '#' is followed by comment with non-ascii characters |
CPP-56606 | [ide] Improve support for linker option LinkLibraryDependencies in VS2019 and VS2022. |
CPP-56716 | [static] MISRACPP2023-28_3_1-a: False positive regarding "persistent side effects" in lambda functions |
CPP-56736 | [static] Improve mapping for MISRACPP2023-6_4_1 to focus on variable names only |
CPP-56779 | [static] MISRACPP2023-0_2_1-a does not support an exception from Rule 0.2.1 |
CPP-56793 | [static] Improve output message in CODSTA-CPP-66 (MISRACPP2023-8_2_2-a) rule |
CPP-56807 | [engine] Parsing fails on a Modern C++ function declaration with "const auto" |
CPP-56814 | [compiler] Support for HighTec C compiler for ARM 8.1 (runtime analysis) |
CPP-56989 | [static] Improve support for CERT_C-DCL37 |
CPP-57005 | [static] MISRACPP2023-0_1_2-a (CODSTA-CPP-58) false positives in unevaluated contexts (noexcept, typeid) |
CPP-57006 | [static] MISRACPP2023-6_4_2-b (OOP-53) false positive when introducing base method through a using declaration (templates) |
CPP-57009 | [static] AUTOSAR-M3_3_2-a: false positive for static keyword in explicit template specialization |
CPP-57033 | [static] TEMPL-16 reports false positive when a template forward declaration is used in another file |
CPP-57057 | [engine] Static inline field parsing error when not initialized explicitly |
CPP-57209 | [engine] error: no instance of function template "std::construct_at" |
CPP-57361 | [engine] cpptestcc fails on __c11_atomic_is_lock_free |
CPP-57389 | [engine] Coverage instrumentation error: Mixing void and non-void results of the functor in for_each is not supported |
CPP-57398 | [engine] Instrumentation compile error: ambiguous call of overloaded Matrix... |
CPP-57399 | [engine] Coverage instrumentation error: TFixedBlockAllocator is not a template |
CPP-57425 | [static] MISRA2004-12_2_f (MISRAC2012-RULE_13_2-f) reports false positive when volatile member of volatile object is used |
CPP-57427 | [static] PORT-28 reports false positive when integer constants with big values are used |
CPP-57428 | [static] MISRACPP2023-6_4_1-e (CODSTA-CPP-85) false positives on heavily templated code |
CPP-57484 | [engine] cpptestcc fails on __c11_atomic_load |
CPP-57517 | [engine] error: declaration is incompatible with "CInfraComArray<CMasterClass ... |
CPP-57524 | [static] False positive for MRM-39 |
CPP-57525 | [static] MRM-19 reports false positive when a pointer is cast before delete |
CPP-57533 | [compiler] Support for powerpc-eabi-gcc 11.2 compiler |
CPP-57538 | [static] Analysis error due to possible ppro crash if 'CR' line endings are used |
CPP-57541 | [static] Incorrectly detected typedef declaration (AUTOSAR-A7_1_6-a, CODSTA-MCPP-02, GLOBAL-UNIQUETYPEDEF, GLOBAL-UNIQUETYPEDEFC) |
CPP-57553 | [engine] Variadic template stubs are ignored |
CPP-57594 | [engine] error: expected an expression static constexpr bool isComplex = ((QTypeInfo<Ts>::isComplex) || ...); |
CPP-57609 | [engine] Add option for disabling C/C++test instrumentation for functions with OpenMP code |
CPP-57628 | [engine] afxpanecontainer.h line 35: error: expected a ")" |
CPP-57659 | [static] FORMAT-43 reports false positive when the closing brace of a block is in the same line as the last statement |
CPP-57673 | [static] Improve mapping for AUTOSAR A7-1-2 |
CPP-57678 | [engine] static assertion failed when running SCA, the original code compiles w/o issues |
CPP-57679 | [engine] Improve compiler configuration for vxtc_6_3 (--fp-model=1) |
CPP-57683 | [ide] Debugging unit tests does not work in VS 2022 latest update (17.10.3) |
CPP-57734 | [engine] Improve support for CLA mode of tic2000_18_1 compiler for Static Analysis |
CPP-57736 | [static] PPRO crash from yylex() in lib/libppro.so |
CPP-57738 | [ide] Invalid libstdc++ dependency for Rulewizard native libraries |
CPP-57739 | [static] INIT-12 (CERT_CPP-DCL56-a) reports false positive when template variable is used in initializer |
CPP-57744 | [engine] xharness crash due to stack overflow during reconstruction |
CPP-57748 | [static] MISRA-005 reports cwc exit code 1 when very long strings are checked |
CPP-57749 | [static] cwc exit code 3 - Narrowing in list initialization ignored in non-evaluated context |
CPP-57770 | [engine] error: incomplete type "A<void>" is not allowed |
CPP-57778 | [engine] Errors with QT brace-initialization |
CPP-57785 | [static] Property 'CapturedVariables' detects local variables that are not captured |
CPP-57796 | [engine] error: expression must have a constant value |
CPP-57802 | [static] Analysis finished with code 33 - signal 11 in libppro.so |
CPP-57834 | [static] Improve support for CERT_C-PRE02 |
CPP-57835 | [bazel] Add option to disable symlinks expansion (CPPTEST_COVERAGE_SRC_ROOT_RESOLVE_SYMLINKS) |
CPP-57885 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4) should treat conversion operators differing by cv-qualifiers as function overloads |
CPP-57886 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on const-lvalue-ref-qualified template function |
CPP-57892 | [static] MISRACPP2023-0_2_3-a false positive: does not consider decltype/template arg to be a use |
CPP-57893 | [static] Improve mapping for MISRACPP2023 Rule 15.1.3 |
CPP-57894 | [static] OPT-02 (MISRACPP2023-0_2_1-a) reports false positive for a variable used inside 'static_if' |
CPP-57899 | [engine] Instrumentation parse error: more than one operator "=" matches these operands |
CPP-57906 | [static] CODSTA-CPP-212 (MISRACPP2023-7_0_2-a) reports false positive when parameter of 'auto' type is used |
CPP-57918 | [static] MISRA2004-19_16 (MISRAC2012-RULE_20_13-a) reports false positive when line in a comment starts from '#' |
CPP-57919 | [compiler] Improve support for -c99 option for TI compilers |
CPP-57990 | [compiler] Inconsistent handling of profiling flags with GNU GCC |
CPP-57993 | [ide] Corrupted Chinese comments after adding/deleting test cases |
CPP-58001 | [engine] C++23 literal suffixes for floats cause parse errors |
CPP-58011 | [static] Improve CERT_C-ERR32 mapping (BD-PB-ERRNO to BD-PB-SIGHAN) |
CPP-58012 | [static] cannot analyze file (cwc exit code: 4) |
CPP-58013 | [static] CODSTA-CPP-43 (AUTOSAR-A8_4_9-a) reports false positives on references to array types |
CPP-58016 | [static] OOP-07 (AUTOSAR-A10_1_1-a) reports false positive, when interface class contains deleted functions |
CPP-58017 | [static] CODSTA-29 (CERT_C-DCL06-a) reports false positive on enumerations ins[ide] functions |
CPP-58053 | [engine] 'static constexpr' array init error |
CPP-58058 | [engine] no instance of function template "printValue" matches the argument list |
CPP-58060 | [ide] For VS projects with both /std:c17 and /std:c++17 options, it is not possible to run analysis or tests |
CPP-58070 | [engine] Instrumentation problem when -ignore-const-decisions is enabled |
CPP-58072 | [engine] Class does not initialize correctly during instrumentation |
CPP-58077 | [engine] Instrumentation problem due to extra brackets |
CPP-58091 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on ref-to-pointer and pointer-to-ref conversions for members which are not subobjects |
CPP-58096 | [static] CODSTA-38 works inconsistently for integer and floating constants |
CPP-58251 | [engine] I\O exception was caught - Unable to read XML file |
CPP-58585 | [engine] Instrumentation error: cannot deduce "auto" type |
FA-4156 | BD-PB-NP should report a violation when null is passed to printf-like function as the argument corresponding to "%s" specifier. |
FA-9845 | MISRACPP2023-11_6_2-a (BD-PB-NOTINIT) False positive - Avoid use before initialization for "*this"? |
FA-9901 | MISRACPP2023-28_6_3-a false positives on forwarding references and lvalues |
FA-9907 | BD-PB-VARARGS False Positive with MSVC |
FA-9912 | MISRAC2012-RULE_14_3-ac (BD-PB-CC) false positive |
FA-9937 | BD-PB-NOTINIT false positive |
FA-9951 | BD-PB-OVERFWR false negative with renesas compiler |
FA-9953 | The default value documented in the rules is not correct |
FA-9961 | BD-PB-ARRAY false positive |
FA-9988 | BD-CO-STRMOD false positive |
FA-9990 | MISRACPP2023-0_2_4-a - false positive, private virtual functions |
FA-9991 | BD-PB-NOTINIT false positive |
FA-9996 | BD-PB-NOTINIT false positive due to wrong assumption about the number of fields to initialize |
FA-10003 | BD-PB-OVERFNZT false positives with two-dimensional char array initialized with string literals. |
FA-10007 | BD-PB-NOTINIT false positive |
FA-10013 | BD-PB-NOTINIT false positive when array is initialized starting from non-first element |
FA-10028 | BD-PB-NOTINIT false positive for Nth loop iteration |
FA-10046 | Flow Analysis was not able to analyze a source file |
Updates to Rules
New Rules
Rule ID | Header |
|---|---|
AUTOSAR-A5_2_5-e | Avoid accessing collections out of bounds |
AUTOSAR-M0_1_3-f | A project shall not contain unused uninitialized local variables |
AUTOSAR-M0_1_3-g | A project should not contain unused uninitialized variables with internal linkage |
BD-PB-COOB | Avoid accessing collections out of bounds |
CERT_C-DCL37-b | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared |
CERT_C-DCL37-c | Avoid declaring file-scoped objects whose names begin with an underscore |
CERT_C-DCL37-d | The names of standard library macros should not be reused (C11 code) |
CERT_C-DCL37-e | The names of standard library identifiers with file scope should not be reused (C11 code) |
CERT_C-DCL37-f | The standard library identifiers with external linkage should not be reused (C11 code) |
CERT_C-DCL37-g | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined |
CERT_C-ERR32-b | Properly define signal handlers |
CERT_C-ERR33-e | Provide error handling for file opening errors right next to the call to fopen |
CERT_C-FIO01-c | Be careful using functions that use file names for identification |
CERT_C-FIO21-b | Use secure temporary file name functions |
CODSTA-303 | A variable declared in an inner scope shall not hide a variable declared in an outer scope |
CODSTA-92_c | The names of standard library macros should not be reused (C11 code) |
CODSTA-92_d | The names of standard library identifiers with file scope should not be reused (C11 code) |
CODSTA-92_e | The standard library identifiers with external linkage should not be reused (C11 code) |
CWE-119-l | Avoid accessing collections out of bounds |
CWE-125-f | Avoid accessing collections out of bounds |
CWE-787-i | Avoid accessing collections out of bounds |
JSF-127_b | Sections of code should not be "commented out" using Doxygen comments |
MISRA2004-2_4_b | Sections of code should not be "commented out" using Doxygen comments |
MISRA2008-0_1_3_f | A project shall not contain unused uninitialized local variables |
MISRA2008-0_1_3_g | A project should not contain unused uninitialized variables with internal linkage |
MISRA2008-2_7_2_b | Sections of code shall not be "commented out" using C-style comments |
MISRA2008-2_7_3_b | Sections of code should not be "commented out" using C++ comments |
MISRA2012-DIR-4_4_b | Sections of code should not be "commented out" using Doxygen comments |
MISRAC2012-DIR_4_4-b | Sections of code should not be "commented out" using Doxygen comments |
MISRACPP2023-19_2_1-b | Use unique multiple include guards |
MISRACPP2023-6_4_1-g | A variable declared in an inner scope shall not hide a variable declared in an outer scope |
NAMING-33_c | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined |
NAMING-33_d | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared |
NAMING-33_e | Avoid declaring file-scoped objects whose names begin with an underscore |
OPT-02_b | A project shall not contain unused uninitialized local variables |
OPT-43_b | A project should not contain unused uninitialized variables with internal linkage |
OWASP2019-API3-r | Avoid accessing collections out of bounds |
PFO-02_b | Use unique multiple include guards |
PREPROC-29 | Use angle brackets <> to include standard library headers |
SECURITY-55 | Be careful using functions that use file names for identification |
Updated Rules
Category ID | Rule IDs |
|---|---|
AUTOSAR C++14 Coding Guidelines | AUTOSAR-A0_1_2-a, AUTOSAR-A0_4_4-a, AUTOSAR-A10_1_1-a, AUTOSAR-A10_2_1-a, AUTOSAR-A10_2_1-b, AUTOSAR-A12_0_1-a, AUTOSAR-A13_5_2-a, AUTOSAR-A14_7_2-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-b, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-e, AUTOSAR-A2_3_1-a, AUTOSAR-A2_7_2-a, AUTOSAR-A4_7_1-c, AUTOSAR-A5_0_1-b, AUTOSAR-A5_2_5-a, AUTOSAR-A5_3_2-a, AUTOSAR-A7_1_7-c, AUTOSAR-A7_2_3-a, AUTOSAR-A7_3_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_4_3-b, AUTOSAR-A8_4_9-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_3-e, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_1-i, AUTOSAR-M0_3_2-a, AUTOSAR-M16_0_5-a, AUTOSAR-M16_0_8-a, AUTOSAR-M16_1_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_14_1-a, AUTOSAR-M7_1_2-c, AUTOSAR-M8_0_1-a |
Coding Conventions for C++ | CODSTA-CPP-04, CODSTA-CPP-206, CODSTA-CPP-211, CODSTA-CPP-212, CODSTA-CPP-43, CODSTA-CPP-58, CODSTA-CPP-85 |
Coding Conventions for Modern C++ | CODSTA-MCPP-01, CODSTA-MCPP-03, CODSTA-MCPP-47_b, CODSTA-MCPP-56 |
Coding Conventions | CODSTA-122_a, CODSTA-122_b, CODSTA-138, CODSTA-144, CODSTA-226_a, CODSTA-227, CODSTA-29, CODSTA-311, CODSTA-38 |
Common Weakness Enumeration | CWE-119-a, CWE-119-d, CWE-119-e, CWE-125-a, CWE-125-c, CWE-20-f, CWE-362-d, CWE-476-a, CWE-787-a, CWE-787-d |
DISA ASD STIG | APSC_DV-000060-a, APSC_DV-001995-a, APSC_DV-002520-a, APSC_DV-002530-a, APSC_DV-002550-a, APSC_DV-002560-a, APSC_DV-002590-b, APSC_DV-002590-c, APSC_DV-002590-d, APSC_DV-003235-a, APSC_DV-003235-c |
Flow Analysis | BD-API-BADPARAM, BD-API-STRSIZE, BD-API-VALPARAM, BD-CO-ITINVCOMP, BD-CO-STRMOD, BD-PB-ARRAY, BD-PB-CC, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFRD, BD-PB-OVERFWR, BD-PB-SUBSEQFRWD, BD-PB-UCMETH, BD-PB-VARARGS, BD-RES-INVFREE, BD-SECURITY-TDENV, BD-TRS-FORKFILE |
Formatting | FORMAT-33, FORMAT-43 |
Global Static Analysis | GLOBAL-PREDICATENOSE |
High Integrity C++ | HICPP-10_3_1-a, HICPP-12_1_1-a, HICPP-12_1_1-b, HICPP-13_1_1-a, HICPP-16_1_4-a, HICPP-17_3_3-a, HICPP-1_2_1-h, HICPP-1_2_1-i, HICPP-3_1_1-e, HICPP-5_1_2-f, HICPP-5_1_2-j, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-6_3_2-a, HICPP-7_1_1-b, HICPP-8_3_1-a, HICPP-8_4_1-a |
Initialization | INIT-12 |
Joint Strike Fighter | JSF-003, JSF-003_b, JSF-009, JSF-060_b, JSF-088, JSF-088_b, JSF-094, JSF-094_b, JSF-114, JSF-115, JSF-115_a, JSF-117.1, JSF-127, JSF-135_e, JSF-143_a, JSF-157, JSF-177_b, JSF-180_d, JSF-204.1_f, JSF-214 |
Memory and Resource Management | MRM-19, MRM-39, MRM-40 |
Metrics | METRIC.CC, METRIC.ECC, METRICS-18, METRICS-28, METRICS-29, METRICS-33, METRICS-34, METRICS-35, METRICS-42 |
MISRA C 1998 | MISRA-005, MISRA-096 |
MISRA C 2004 | MISRA2004-12_2_f, MISRA2004-12_4_a, MISRA2004-16_10, MISRA2004-16_8, MISRA2004-16_8_b, MISRA2004-19_14, MISRA2004-19_16, MISRA2004-19_9, MISRA2004-2_4 |
MISRA C 2012 (Legacy) | MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_c, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_g, MISRA2012-DIR-4_1_h, MISRA2012-DIR-4_4, MISRA2012-RULE-13_2_f, MISRA2012-RULE-13_4, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-17_4, MISRA2012-RULE-17_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-17_7_b, MISRA2012-RULE-18_1_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_d, MISRA2012-RULE-1_3_e, MISRA2012-RULE-1_3_k, MISRA2012-RULE-20_13, MISRA2012-RULE-20_6, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_18, MISRA2012-RULE-22_2_b, MISRA2012-RULE-2_1_h, MISRA2012-RULE-2_8_b, MISRA2012-RULE-2_8_c, MISRA2012-RULE-9_1 |
MISRA C 2023 (MISRA C 2012) | MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-g, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_4-a, MISRAC2012-RULE_13_2-f, MISRAC2012-RULE_13_4-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_17_4-a, MISRAC2012-RULE_17_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_17_7-b, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-d, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_1_3-k, MISRAC2012-RULE_20_13-a, MISRAC2012-RULE_20_6-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_18-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_2_1-h, MISRAC2012-RULE_2_8-b, MISRAC2012-RULE_2_8-c, MISRAC2012-RULE_9_1-a |
MISRA C++ 2008 | MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_3_e, MISRA2008-0_1_7, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_e, MISRA2008-0_3_1_g, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-16_0_5, MISRA2008-16_0_8, MISRA2008-16_1_1, MISRA2008-2_7_2, MISRA2008-2_7_3, MISRA2008-5_0_16_a, MISRA2008-5_0_1_f, MISRA2008-5_14_1, MISRA2008-7_1_2_b, MISRA2008-8_0_1, MISRA2008-8_4_3 |
MISRA C++ 2023 | MISRACPP2023-0_0_2-a, MISRACPP2023-0_1_2-a, MISRACPP2023-0_2_1-a, MISRACPP2023-0_2_1-b, MISRACPP2023-0_2_3-a, MISRACPP2023-0_2_4-a, MISRACPP2023-0_3_2-a, MISRACPP2023-10_0_1-a, MISRACPP2023-10_1_1-c, MISRACPP2023-10_2_2-a, MISRACPP2023-11_6_2-a, MISRACPP2023-15_1_3-a, MISRACPP2023-15_1_3-b, MISRACPP2023-15_1_5-a, MISRACPP2023-19_0_1-a, MISRACPP2023-19_1_1-a, MISRACPP2023-19_3_5-a, MISRACPP2023-28_3_1-a, MISRACPP2023-28_6_3-a, MISRACPP2023-4_1_3-c, MISRACPP2023-4_6_1-f, MISRACPP2023-5_7_2-a, MISRACPP2023-6_2_3-d, MISRACPP2023-6_4_1-e, MISRACPP2023-6_4_2-a, MISRACPP2023-6_4_2-b, MISRACPP2023-6_8_3-a, MISRACPP2023-6_8_4-a, MISRACPP2023-7_0_1-a, MISRACPP2023-7_0_2-a, MISRACPP2023-8_14_1-a, MISRACPP2023-8_18_2-a, MISRACPP2023-8_7_1-a, MISRACPP2023-8_7_1-c, MISRACPP2023-8_7_1-d, MISRACPP2023-8_7_1-e, MISRACPP2023-9_6_5-a |
Object Oriented | OOP-07, OOP-07_a, OOP-07_b, OOP-07_c, OOP-32, OOP-53 |
Optimization | OPT-02, OPT-43, OPT-46 |
OWASP API Security Top 10 (2019) | OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-f, OWASP2019-API3-g, OWASP2019-API8-c |
OWASP API Security Top 10 (2023) | OWASP2023-API10-f |
OWASP Top 10 (2017) | OWASP2017-A1-d |
OWASP Top 10 (2021) | OWASP2021-A3-d |
Portability | PORT-28 |
Security | SECURITY-39 |
SEI CERT C++ | CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL56-a, CERT_CPP-EXP53-a, CERT_CPP-EXP58-a, CERT_CPP-MSC52-a, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR52-a |
SEI CERT C | CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON31-c, CERT_C-DCL04-a, CERT_C-DCL06-a, CERT_C-ENV01-c, CERT_C-ERR30-b, CERT_C-ERR33-a, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP12-b, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO37-a, CERT_C-FLP32-a, CERT_C-MEM00-b, CERT_C-MEM34-a, CERT_C-MSC07-i, CERT_C-MSC09-a, CERT_C-MSC12-i, CERT_C-MSC12-j, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC37-a, CERT_C-MSC39-a, CERT_C-POS30-a, CERT_C-POS30-b, CERT_C-POS38-a, CERT_C-POS54-a, CERT_C-PRE02-a, CERT_C-PRE32-a, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a |
Template | TEMPL-16 |
Removed Rules
Rule ID | Notes |
|---|---|
AUTOSAR-A3_9_1-c | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-223_b can be used as a replacement. |
AUTOSAR-A7_1_2-b | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-MCPP-11_b_cpp11 can be used as a replacement. |
AUTOSAR-M0_1_3-a | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-02 can be used as a replacement. |
AUTOSAR-M0_1_3-e | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-43 can be used as a replacement. |
CERT_C-DCL37-a | Removed from SEI CERT C configuration. For other configurations, MISRA2004-20_1_a can be used as a replacement. |
CERT_C-ERR30-b | Removed from SEI CERT C configuration. For other configurations, MRM-39 can be used as a replacement. |
CERT_C-ERR32-a | Removed from SEI CERT C configuration. For other configurations, BD-PB-ERRNO can be used as a replacement. |
CERT_C-FIO01-b | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. |
CERT_C-FIO21-a | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. |
MISRA2008-0_1_3_a | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-02 can be used as a replacement. |
MISRA2008-0_1_3_e | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-43 can be used as a replacement. |
MISRACPP2023-19_2_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, PFO-02 can be used as a replacement. |
MISRACPP2023-6_4_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_a can be used as a replacement. |
MISRACPP2023-6_4_1-b | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_b can be used as a replacement. |
MISRACPP2023-6_4_1-c | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-83 can be used as a replacement. |
MISRACPP2023-6_4_1-d | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-84 can be used as a replacement. |
MISRACPP2023-6_4_1-e | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-85 can be used as a replacement. |
