MISRA C:2004 rules mapped to Klocwork certified checkers
| MISRA C Rule | Klocwork Checker Code and Description |
|---|---|
| 1.1 |
Enforced by the Klocwork compiler |
| 1.2 |
Partially statically verifiable – as yet not done |
| 1.3 |
Unsupported - not statically verifiable |
| 1.4 |
Unsupported - not statically verifiable |
| 1.5 |
Unsupported - not statically verifiable |
| 2.1 |
MISRA.ASM.ENCAPS Assembly language is not isolated. |
| 2.2 |
MISRA.TOKEN.CPCOM C++ style comments |
| 2.3 |
MISRA.TOKEN.BADCOM Inappropriate character sequence in a comment |
| 2.4 |
Unsupported - no plans to support |
| 3.1 |
Unsupported - not statically verifiable |
| 3.2 |
Unsupported - not statically verifiable |
| 3.3 |
Unsupported - not statically verifiable |
| 3.4 |
MISRA.PRAGMA Non-documented pragma directive |
| 3.5 |
Unsupported - not statically verifiable |
| 3.6 |
Unsupported - not statically verifiable |
| 4.1 |
MISRA.TOKEN.WRONGESC Incorrect escape sequence in a literal |
| 4.2 |
MISRA.CHAR.TRIGRAPH Trigraph usage |
| 5.1 |
MISRA.DEFINE.LONGNAME Macro name is too long MISRA.IDENT.LONG Identifier is longer than 31 characters |
| 5.2 |
MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope |
| 5.3 |
MISRA.TYPEDEF.NOT_UNIQUE Typedef name is used for another entity |
| 5.4 |
MISRA.CT.UNIQUE.ID Identifier clashes with tag name |
| 5.5 |
MISRA.VAR.UNIQUE.STATIC Identifier with static storage specifier clashes with other identifier |
| 5.6 |
MISRA.TYPE.NAMECLASH.C.2004 Identifier in one name space has same spelling as identifier in other name space |
| 5.7 |
MISRA.VAR.UNIQUE Identifier clashes with other identifier |
| 6.1 |
MISRA.CHAR.NOT_CHARACTER 'char' is used for non-character value |
| 6.2 |
MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value |
| 6.3 |
MISRA.BUILTIN_NUMERIC Builtin numeric type is used |
| 6.4 |
MISRA.BITFIELD.TYPE Type of bit-field is not signed/unsigned integer |
| 6.5 |
MISRA.BITFIELD.SIGNED Length of a named signed bit-field is less than 2 MISRA.BITFIELD.SIGNED.UNNAMED Length of an unnamed signed bit-field is less than 2 |
| 7.1 |
MISRA.TOKEN.OCTAL.ESCAPE Usage of octal escape sequences MISRA.TOKEN.OCTAL.INT Usage of octal integer constants |
| 8.1 |
MISRA.FUNC.NOPROT.CALL Function is called but has no prototype MISRA.FUNC.NOPROT.DEF Function has a definition but no prototype |
| 8.2 |
MISRA.DECL.NO_TYPE Declaration without a type |
| 8.3 |
MISRA.OBJ.TYPE.IDENT Type not identical with type of other declaration |
| 8.4 |
MISRA.OBJ.TYPE.COMPAT Type not compatible with type of other declaration |
| 8.5 |
MISRA.ONEDEFRULE.FUNC Global function definition in a header file MISRA.ONEDEFRULE.VAR Global variable definition in a header file |
| 8.6 |
MISRA.DECL.FUNC_LOCAL Function is declared locally |
| 8.7 |
MISRA.VAR.MIN.VIS Name visibility is too wide |
| 8.8 |
Unsupported - no plans to support |
| 8.9 |
Unsupported - no plans to support |
| 8.10 |
Unsupported - no plans to support |
| 8.11 |
MISRA.FUNC.STATIC.REDECL Function or object redeclaration does not include 'static' modifier |
| 8.12 |
MISRA.DECL.ARRAY_SIZE Declaration of array with unknown size |
| 9.1 |
UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| 9.2 |
MISRA.INIT.BRACES Incorrect initializer braces placement. |
| 9.3 |
MISRA.ENUM.INIT Non-first enumerator is explicitly initialized, but not all elements are explicitly initialized. |
| 10.1 |
MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type |
| 10.2 |
MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type |
| 10.3 |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness |
| 10.4 |
MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type |
| 10.5 |
MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type |
| 10.6 |
MISRA.LITERAL.UNSIGNED.SUFFIX Unsigned integer literal without 'U' suffix |
| 11.1 |
MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type |
| 11.2 |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type |
| 11.3 |
MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type |
| 11.4 |
MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type |
| 11.5 |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| 12.1 |
MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions |
| 12.2 |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| 12.3 |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| 12.4 |
MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects MISRA.LOGIC.SIDEEFF.COND Branch expression in a conditional expression contains side effects |
| 12.5 |
MISRA.LOGIC.PRIMARY Operand in a logical 'and' or 'or' expression is not a primary expression |
| 12.6 |
MISRA.LOGIC.OPERAND.NOT_BOOL Operand of logical operator is not effectively boolean MISRA.LOGIC.OPERATOR.NOT_BOOL Operand of non-logical operator is effectively boolean |
| 12.7 |
MISRA.BITS.NOT_UNSIGNED Operand of bitwise operation is not unsigned integer MISRA.BITS.NOT_UNSIGNED.PREP Operand of bitwise operation is not unsigned integer |
| 12.8 |
MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative |
| 12.9 |
MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned |
| 12.10 |
MISRA.COMMA Comma operator is used |
| 12.11 |
MISRA.COMP.WRAPAROUND Wrap-around in a condition MISRA.ELIF.WRAPAROUND Wrap-around in #elif directive MISRA.IF.WRAPAROUND Wrap-around in #if directive |
| 12.12 |
MISRA.FLOAT.BIT.REPR Use of bit manipulations of floating-point values which rely on storage layout |
| 12.13 |
MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression |
| 13.1 |
MISRA.ASSIGN.COND Assignment operator is used in a condition |
| 13.2 |
MISRA.ZERO_EQ.IMPLICIT Non-boolean expression is implicitly tested against zero |
| 13.3 |
MISRA.FLOAT_EQUAL Floating point expression is tested for equality |
| 13.4 |
MISRA.FOR.COND.FLT Floating point object is used in the condition section of a 'for' loop |
| 13.5 |
MISRA.FOR.COND For loop condition does not depend on loop counter MISRA.FOR.INCR.CHANGE For loop increment expression does not change loop counter |
| 13.6 |
MISRA.FOR.STMT.CHANGE For loop counter is modified within the loop statement |
| 13.7 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| 14.1 |
UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return |
| 14.2 |
MISRA.STMT.NO_EFFECT The statement has no side effects, and does not change control flow |
| 14.3 |
MISRA.NULL.STMT Null statement is not the only statement on line or comments are placed incorrectly |
| 14.4 |
MISRA.GOTO Goto statement is used |
| 14.5 |
MISRA.CONTINUE Continue statement is used |
| 14.6 |
MISRA.ITER.ONETERM Iteration statement has more than one break or goto for loop termination. |
| 14.7 |
MISRA.RETURN.NOT_LAST Return is not the last statement in a function |
| 14.8 |
MISRA.STMT.NO_COMPOUND The body of switch, while, do/while or for statement is not a compound statement |
| 14.9 |
MISRA.IF.NO_COMPOUND The body of if/else statement is not a compound statement |
| 14.10 |
MISRA.IF.NO_ELSE A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause |
| 15.0 |
Supported. If no violations of rules 15.1 through 15.5 exist, then the source code also conforms to rule 15.0. Therefore, no checker is required for rule 15.0. |
| 15.1 |
MISRA.SWITCH.LABEL A switch label belongs to nested compound statement inside switch body |
| 15.2 |
MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause |
| 15.3 |
MISRA.SWITCH.NODEFAULT No default clause at the end of a switch statement |
| 15.4 |
MISRA.SWITCH.BOOL Condition of switch statement is boolean expression |
| 15.5 |
MISRA.SWITCH.NO_CASE No case-clause in a switch statement |
| 16.1 |
MISRA.FUNC.VARARG Function with variable number of arguments |
| 16.2 |
MISRA.FUNC.RECUR Recursive function |
| 16.3 |
MISRA.FUNC.UNNAMED.PARAMS Function declaration has unnamed parameters |
| 16.4 |
MISRA.FUNC.PARAMS.IDENT Identifiers used in declaration and definition of function are not identical |
| 16.5 |
MISRA.FUNC.NO_PARAMS Function without parameters is missing void parameter type |
| 16.6 |
MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match |
| 16.7 |
MISRA.PPARAM.NEEDS.CONST Pointer parameter is not used to modify the addressed object but is not declared as a pointer to const |
| 16.8 |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| 16.9 |
MISRA.FUNC.ADDR Address of a function is used without & operator |
| 16.10 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 16.10 |
Partially supported by SV.RVT.RETVAL_NOTTESTED |
| 17.1 |
MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| 17.2 |
Unsupported - no plans to support |
| 17.3 |
Unsupported - no plans to support |
| 17.4 |
MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| 17.5 |
MISRA.PTR.TO_PTR_TO_PTR Pointer declaration has more than two levels of indirection |
| 17.6 |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| 18.1 |
MISRA.INCOMPLETE.STRUCT Incomplete struct type is used MISRA.INCOMPLETE.STRUCT.UNNAMED Incomplete unnamed struct type is used MISRA.INCOMPLETE.UNION Incomplete union type is used MISRA.INCOMPLETE.UNION.UNNAMED Incomplete unnamed union type is used |
| 18.2 |
MISRA.ASSIGN.OVERLAP Object is assigned to an overlapping object |
| 18.3 |
Unsupported - not statically verifiable |
| 18.4 |
MISRA.UNION Union is used |
| 19.1 |
MISRA.INCL.INSIDE Include directive preceded by a preprocessor output token |
| 19.2 |
MISRA.INCL.SYMS Non-standard characters in header file names |
| 19.3 |
MISRA.INCL.BAD Non-standard include directive |
| 19.4 |
MISRA.DEFINE.BADEXP Inappropriate macro expansion |
| 19.5 |
MISRA.DEFINE.NOTGLOBAL Define not at the global level MISRA.UNDEF.NOTGLOBAL Undef not at the global level |
| 19.6 |
MISRA.UNDEF Undef usage |
| 19.7 |
MISRA.DEFINE.FUNC Function-like macro definition |
| 19.8 |
MISRA.EXPANSION.NARGS Missing macro argument |
| 19.9 |
MISRA.EXPANSION.DIRECTIVE Directive-like tokens within a macro argument |
| 19.10 |
MISRA.DEFINE.NOPARS Macro parameter with no parentheses |
| 19.11 |
MISRA.ELIF.UNDEF Undefined macros in #elif directive MISRA.IF.UNDEF Undefined macros in #if directive |
| 19.12 |
MISRA.DEFINE.SHARP.MANY Several # or ## operators in a macro definition |
| 19.13 |
MISRA.DEFINE.SHARP # or ## operator in a macro definition |
| 19.14 |
MISRA.ELIF.DEFINED Incorrect 'defined' usage in #elif directive MISRA.IF.DEFINED Incorrect 'defined' usage in #if directive |
| 19.15 |
MISRA.INCGUARD Include guard is not provided |
| 19.16 |
Unsupported - no plans to support |
| 19.17 |
MISRA.ELIF.OTHERFILE #elif in an improper file MISRA.ELSE.OTHERFILE #else in an improper file MISRA.ENDIF.OTHERFILE #endif in an improper file |
| 20.1 |
MISRA.DEFINE.WRONGNAME Usage of a name from the standard library for naming a macro MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.INCL.UNSAFE Unsafe header inclusion |
| 20.2 |
MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| 20.3 |
Unsupported - not statically verifiable |
| 20.4 |
MISRA.STDLIB.MEMORY Use of dynamic heap memory allocation |
| 20.5 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.STDLIB.ERRNO Use of error indicator 'errno' |
| 20.6 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage |
| 20.7 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| 20.8 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.INCL.UNSAFE Unsafe header inclusion MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| 20.9 |
MISRA.INCL.UNSAFE Unsafe header inclusion MISRA.STDLIB.STDIO Use of input/output library stdio.h in production code |
| 20.10 |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h |
| 20.11 |
MISRA.STDLIB.ABORT Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h |
| 20.12 |
MISRA.INCL.UNSAFE Unsafe header inclusion MISRA.STDLIB.TIME Use of the time handling functions of library time.h |
| 21.1 |
Unsupported - not statically verifiable |
Support Summary
Number of rules not statically verifiable: 11 of 142
Number of statically verifiable rules supported: 124 of 131
MISRA C:2004 coverage = 95% (excludes rules that are not statically verifiable)
