Hyundai-Kia Motor Corp (HKMC) Secure C++ Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers
| Rule | Checker name and description |
|---|---|
| P-CON-001 |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| P-CON-005 |
CERT.CONC.WAKE_IN_LOOP Wrap functions that can spuriously wake up in a loop |
| P-CON-006 |
CERT.CONC.UNSAFE_COND_VAR Preserve thread safety and liveness when using condition variables |
| P-CTR-001 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| P-CTR-002 |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| P-CTR-004 |
CXX.ITER.END.BEGIN Iterator representing end of the range precedes start of range ITER.INAPPROPRIATE Use of iterator with inappropriate container object |
| P-DCL-001 |
MISRA.FUNC.VARARG Function with variable number of arguments |
| P-DCL-002 |
MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity |
| P-DCL-003 |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE Never qualify a reference type with const or volatile |
| P-DCL-004 |
CERT.DCL.AMBIGUOUS_DECL Do not write syntactically ambiguous declarations |
| P-DCL-005 |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC Overload allocation and deallocation functions as a pair in the same scope |
| P-DCL-006 |
PORTING.STORAGE.STRUCT Byte position of elements in a structure could depend on alignment and packing attributes. |
| P-DCL-007 |
CXX.STATIC.OBJ.RECURSION Do not reenter function during initialization of static objects |
| P-DCL-008 |
MISRA.DTOR.THROW Throw in destructor |
| P-DCL-009 |
CERT.DCL.STD_NS_MODIFIED Do not modify the standard namespaces |
| P-DCL-010 |
MISRA.NAMESPACE.UNMD Unnamed namespace in header file |
| P-DCL-011 |
AUTOSAR.ADD.ONEDEFRULE.FUNC Function is violating one definition rule AUTOSAR.ADD.ONEDEFRULE.VAR Variable is violating one definition rule MISRA.BASE.IDS.UNIQUE Member name is used twice in inheritance hierarchy MISRA.BASE.MANYDEFS Both overriding and overridden virtual functions have definitions MISRA.CT.UNIQUE.ID Identifier clashes with tag name MISRA.TYPE.NAMECLASH.CPP.2008 Identifier in one name space has same spelling as identifier in other name space MISRA.TYPEDEF.NOT_UNIQUE Typedef name is used for another entity MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope MISRA.VAR.UNIQUE.STATIC Identifier with static storage specifier clashes with other identifier |
| P-ERR-001 |
CERT.ERR.ABRUPT_TERM Do not abruptly terminate the program MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| P-ERR-002 |
MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| P-ERR-003 |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| P-ERR-004 |
MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members |
| P-ERR-005 |
MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block |
| P-ERR-008 |
CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor FREE.INCONSISTENT Inconsistent Freeing of Memory MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak |
| P-ERR-010 |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value |
| P-ERR-011 |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number |
| P-EXP-001 |
MISRA.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| P-EXP-002 |
CERT.EXPR.DELETE_ARR.BASE_PTR Do not delete an array through a pointer of the incorrect type |
| P-EXP-003 |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| P-EXP-004 |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| P-EXP-005 |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| P-EXP-006 |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| P-FIO-002 |
RH.LEAK Resource leak |
| P-MEM-001 |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| P-MEM-002 |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.FMM Freeing Mismatched Memory - in destructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| P-MEM-003 |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| P-MEM-007 |
MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak |
| P-MSC-001 |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| P-MSC-002 |
CERT.MSC.SEED_RANDOM Properly seed pseudorandom number generators |
| P-MSC-003 |
FUNCRET.GEN Non-void function does not return value |
| P-MSC-004 |
CERT.MSC.NORETURN_FUNC_RETURNS Do not return from a function declared [[noreturn]] |
| P-MSC-005 |
LOCRET.RET Function returns address of local variable |
| P-OOP-001 |
MISRA.CTOR.DYNAMIC Object's dynamic type is used from the body of its constructor MISRA.DTOR.DYNAMIC Object's dynamic type is used from the body of its destructor |
| P-OOP-003 |
CL.MLK.VIRTUAL Memory Leak - possible in destructor CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor |
| P-OOP-004 |
CERT.OOP.CTOR.INIT_ORDER Write constructor member initializers in the canonical order |
| P-OOP-005 |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| P-OOP-006 |
CERT.OOP.PTR_MEMBER.NO_MEMBER Do not use pointer-to-member operators to access nonexistent members |
| P-OOP-007 |
CERT.OOP.CSTD_FUNC_USE Prefer special member functions and overloaded operators to C Standard Library functions |
| P-OOP-008 |
CERT.OOP.COPY_MUTATES Copy operations must not mutate the source object |
| P-OOP-009 |
CXX.STATIC.OBJ.FINAL Initialized public static field not mark as final |
| P-OOP-010 |
CXX.MEMBER.IMPORTANT.PRIVATE Important member data shall be private |
| P-OOP-011 |
CXX.MEMBER.CRITICAL.PUBLIC.METHOD Critical private member data shall not be directly writable by a public method |
| P-STR-001 |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String |
| P-STR-002 |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| P-STR-003 |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| P-STR-004 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
