CERTC and C++ checker reference
List of community C and C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT).
Checker name | Description | Default severity | Enabled by default? | Version |
---|---|---|---|---|
CERT.CONC.ATOMIC_COMP_FAIL_IN_LOOP | Wrap functions that can spuriously fail up in a loop | 4 | False | 2021.2 |
CERT.CONC.LIB_FUNC_USE | Avoid race conditions when using library functions | 4 | False | 2021.2 |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED | Do not destroy a mutex while it is locked | 4 | False | 2024.1 |
CERT.CONC.UNSAFE_COND_VAR | Preserve thread safety and liveness when using condition variables | 4 | False | 2024.1 |
CERT.CONC.UNSAFE_COND_VAR_C | Preserve thread safety and liveness when using condition variables | 4 | False | 2024.1 |
CERT.CONC.WAKE_IN_LOOP | Wrap functions that can spuriously wake up in a loop | 4 | False | 2024.1 |
CERT.CONC.WAKE_IN_LOOP_C | Wrap functions that can spuriously wake up in a loop | 4 | False | 2024.1 |
CERT.DCL.AMBIGUOUS_DECL | Do not write syntactically ambiguous declarations | 4 | False | 2024.1 |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE | Never qualify a reference type with const or volatile | 4 | False | 2024.1 |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC | Overload allocation and deallocation functions as a pair in the same scope | 4 | False | 2024.1 |
CERT.DCL.STD_NS_MODIFIED | Do not modify the standard namespaces | 4 | False | 2024.1 |
CERT.DCL.SWITCH.VAR_BEFORE_CASE | Do not declare variables inside a switch statement before the first case label | 4 | False | 2021.2 |
CERT.ERR.ABRUPT_TERM | Do not abruptly terminate the program | 4 | False | 2020.1 |
CERT.ERR.CONV.STR_TO_NUM | Detect errors when converting a string to a number | 4 | False | 2020.1 |
CERT.EXPR.DELETE_ARR.BASE_PTR | Do not delete an array through a pointer of the incorrect type | 4 | False | 2020.1 |
CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE | Do not delete a pointer to an incomplete type | 4 | False | 2020.1 |
CERT.EXPR.PASS_NON_STD_LAYOUT | Do not pass a nonstandard-layout type object across execution boundaries | 4 | False | 2024.1 |
CERT.EXPR.VOLATILE.ADDR | Do not access a volatile object through a nonvolatile pointer | 4 | False | 2020.1 |
CERT.EXPR.VOLATILE.ADDR.PARAM | Do not pass a volatile object to a function through a nonvolatile pointer | 4 | False | 2020.1 |
CERT.EXPR.VOLATILE.PTRPTR | Do not assign a reference to a non-volatile pointer to a volatile pointer-to-pointer | 4 | False | 2020.1 |
CERT.MEM.OVERRIDE.DELETE | Honor replacement dynamic storage management requirements for 'delete' | 4 | False | 2024.1 |
CERT.MEM.OVERRIDE.NEW | Honor replacement dynamic storage management requirements for 'new' | 4 | False | 2024.1 |
CERT.MSC.ASCTIME | Do not pass invalid data to the asctime() function | 4 | False | 2021.2 |
CERT.MSC.NORETURN_FUNC_RETURNS | Do not return from a function declared [[noreturn]] | 4 | False | 2020.1 |
CERT.MSC.SEED_RANDOM | Properly seed pseudorandom number generators | 4 | False | 2021.2 |
CERT.MSC.SIG_HANDLER.POF | A signal handler must be a plain old function | 4 | False | 2020.1 |
CERT.MSC.STD_RAND_CALL | Do not use std::rand() for generating pseudorandom numbers | 4 | False | 2020.1 |
CERT.OOP.COPY_MUTATES | Copy operations must not mutate the source object | 4 | False | 2024.1 |
CERT.OOP.CSTD_FUNC_USE | Prefer special member functions and overloaded operators to C Standard Library functions | 4 | False | 2020.1 |
CERT.OOP.CTOR.INIT_ORDER | Write constructor member initializers in the canonical order | 4 | False | 2024.1 |
CERT.OOP.PTR_MEMBER.NO_MEMBER | Do not use pointer-to-member operators to access nonexistent members | 4 | False | 2024.1 |
CERT.POS.THREAD.ASYNC_CANCEL | Do not use threads that can be canceled asynchronously | 3 | False | 2020.1 |
CERT.STR.ARG.CONST_TO_NONCONST | Do not pass a const char pointer to a non-const char pointer argument | 4 | False | 2022.3 |
CERT.STR.ASSIGN.CONST_TO_NONCONST | Do not assign a const char pointer to a non-const char pointer | 4 | False | 2022.3 |
CERT.STRUCT.FLEXIBLE_ARRAY_MEMBER | Use the correct syntax when declaring a flexible array member | 4 | False | 2021.2 |