Mapping of CERT rules to C-STAT checks
This table lists all CERT guidelines that are not part of the C-STAT package, but that can be mapped to one or more C-STAT checks. This helps you to identify which checks to enable or disable to verify a certain CERT guideline that is not part of C-STAT. Note that code with one of the listed guidelines will not necessarily fail each associated check, but it might fail some.
CERT ID | CERT guideline | Associated C-STAT checks |
|---|---|---|
ARR01-C | Do not apply the | MEM-malloc-sizeof-ptr |
ARR32-CPP | Do not use iterators invalidated by container modification. | ITR-invalidated (C++ only) |
ARR33-C | Guarantee that copies are made into storage of sufficient size. | ARR-inv-index ARR-inv-index-pos ARR-inv-index-ptr ARR-inv-index-ptr-pos MISRAC++2008-5-0-16_c MISRAC++2008-5-0-16_d MISRAC++2008-5-0-16_e MISRAC++2008-5-0-16_f MISRAC2012-Rule-18.1_a MISRAC2012-Rule-18.1_b MISRAC2012-Rule-18.1_c MISRAC2012-Rule-18.1_d |
CTR35-CPP | Do not allow loops to iterate beyond the end of an array or container. | ITR-end-cmp-aft (C++ only) |
DCL01-C | Do not reuse variable names in sub-scopes. | RED-local-hides-global RED-local-hides-local RED-local-hides-member (C++ only) RED-local-hides-param |
DCL01-CPP | Do not reuse variable names in sub-scopes. | RED-local-hides-global RED-local-hides-local RED-local-hides-member (C++ only) RED-local-hides-param |
DCL16-C | Use | MISRAC++2008-2-13-4_b |
DCL16-CPP | Use | MISRAC++2008-2-13-4_b |
DCL20-C | Always specify | FUNC-unprototyped-all FUNC-unprototyped-used MISRAC2004-16.5 MISRAC2012-Rule-8.2_a |
ERR09-CPP | Throw anonymous temporaries (and catch by reference). | CATCH-object-slicing (C++ only) THROW-ptr MISRAC++2008-15-0-2 MISRAC++2008-15-3-5 (C++ only) |
ERR33-CPP | Destructors must not throw exceptions. | COP-dtor-throw (C++ only) MISRAC++2008-15-5-1 (C++ only) |
ERR34-CPP | Do not use | MISRAC2004-20.7 MISRAC++2008-17-0-5 MISRAC2012-Rule-21.4 |
ERR38-CPP | Deallocation functions must not throw exceptions. | CPU-delete-throw (C++ only) |
EXP01-C | Do not take the size of a pointer to determine the size of the pointed–to type. | MEM-malloc-sizeof-ptr |
EXP05-CPP | Do not use C-style casts. | CAST-old-style (C++ only) MISRAC++2008-5-2-4 (C++ only) |
EXP06-C | Operands to the | SIZEOF-side-effect MISRAC2004-12.3 MISRAC++2008-5-3-4 MISRAC2012-Rule-13.6 |
EXP06-CPP | Operands to the | SIZEOF-side-effect MISRAC2004-12.3 MISRAC++2008-5-3-4 MISRAC2012-Rule-13.6 |
EXP10-C | Do not depend on the order of evaluation of subexpressions or the order in which size effects take place. | SPC-order SPC-volatile-reads SPC-volatile-writes MISRAC2004-12.2_a MISRAC2004-12.2_b MISRAC2004-12.2_c MISRAC++2008-5-0-1_a MISRAC++2008-5-0-1_b MISRAC++2008-5-0-1_c MISRAC2012-Rule-1.3_i MISRAC2012-Rule-13.2_a MISRAC2012-Rule-13.2_b MISRAC2012-Rule-13.2_c |
EXP12-C | Do not ignore values returned by functions. | LIB-return-const |
EXP15-C | Do not place a semicolon on the same line as an | EXP-null-stmt EXP-stray-semicolon MISRAC2004-14.3 MISRAC++2008-6-2-3 |
EXP16-C | Do not compare function pointers to constant values. | FPT-misuse MISRAC2012-Rule-1.3_m |
EXP17-C | Do not perform bitwise operations in conditional expressions. | RED-cond-always RED-cond-never MISRAC++2008-0-1-2_a MISRAC++2008-0-1-2_b MISRAC2012-Rule-14.3_a MISRAC2012-Rule-14.3_b |
EXP18-C | Do not perform assignments in selection statements. | EXP-cond-assign MISRAC2012-Rule-13.4_a |
EXP19-CPP | Do not perform assignments in conditional expressions. | EXP-cond-assign MISRAC2012-Rule-13.4_a |
FLP00-C | Understand the limitations of floating-point numbers. | ATH-cmp-float |
FLP06-C | Understand that floating-point arithmetic in C is inexact. | MISRAC2004-13.3 MISRAC++2008-6-2-2 |
FLP35-CPP | Take granularity into account when comparing floating-point values. | ATH-cmp-float MISRAC2004-13.3 MISRAC++2008-6-2-2 |
INT04-C | Enforce limits on integer values originating from untrusted sources. | SEC-BUFFER-tainted-alloc-size SEC-BUFFER-tainted-copy-length SEC-BUFFER-tainted-index |
INT06-C | Use | MISRAC2004-20.10 MISRAC++2008-18-0-2 MISRAC2012-Rule-21.7 |
INT07-C | Use only explicitly signed or unsigned char type for numeric values. | MISRAC2004-6.1 MISRAC++2008-4-5-3 |
INT13-C | Use bitwise operators only on unsigned operands. | MISRAC2004-12.7 MISRAC++2008-5-0-21 |
MEM42-CPP | Ensure that copy assignment operators do not damage an object that is copied to itself. | COP-assign-op-self (C++ only) |
MSC07-C | Detect and remove dead code. | RED-case-reach RED-dead MISRAC++2008-0-1-1 MISRAC++2008-0-1-2_c MISRAC++2008-0-1-9 MISRAC2012-Rule-2.1_a MISRAC2012-Rule-2.1_b |
MSC12-C | Detect and remove code that has no effect. | RED-no-effect MISRAC2004-14.2 MISRAC2012-Rule-2.2_a |
MSC13-C | Detect and remove unused values. | RED-unused-assign RED-unused-var-all MISRAC++2008-0-1-3 MISRAC2012-Rule-2.2_b |
MSC17-C | Finish every set of statements associated with a case label, with a break statement. | SWITCH-fall-through MISRAC2004-15.2 MISRAC++2008-6-4-5 MISRAC2012-Rule-16.3 |
MSC21-C | Use robust loop termination conditions. | MISRAC++2008-6-5-2 |
MSC215-CPP | Use inequality to terminate a loop whose counter changes by more than one. | MISRAC++2008-6-5-2 |
OOP30-CPP | Do not invoke virtual functions from constructors or destructors. | CPU-ctor-call-virt (C++ only) CPU-dtor-call-virt (C++ only) MISRAC++2008-12-1-1_a (C++ only) MISRAC++2008-12-1-1_b (C++ only) |
OOP32-CPP | Ensure that single-argument constructors are marked | CPU-ctor-implicit (C++ only) MISRAC++2008-12-1-3 (C++ only) |
OOP34-CPP | Ensure the proper destructor is called for polymorphic objects. | CPU-nonvirt-dtor (C++ only) |
OOP35-CPP | Do not return references to private data. | CPU-return-ref-to-class-data (C++ only) |
OOP37-CPP | Constructor initializers should be ordered correctly. | COP-init-order (C++ only) |