Hyundai-Kia Motor Corp (HKMC) Secure C Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers

Rule Checker name and description
C-ARR-001

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY   Non-array object is used as an array

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

C-ARR-003

MISRA.PTR.ARITH   Pointer is used in arithmetic or array index expression

C-ARR-004

MISRA.PTR.ARITH.2012   Pointer is used in arithmetic expression

C-ARR-006

CERT.ARR.PTR.ARITH   Pointer is used in arithmetic expression

C-ARR-008

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY   Non-array object is used as an array

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK   Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL   Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO   Suspicious use of index after index check for zero

RABV.CHECK   Suspicious use of index before boundary check

RN.INDEX   Suspicious use of index before negative check

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

C-ARR-009

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY   Non-array object is used as an array

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

C-ARR-010

MISRA.FUNC.UNMATCHED.PARAMS   Number of formal and actual parameters passed to function do not match

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD   Incompatible type of a scan function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a scan function parameter

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW   Too few arguments in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY   Too many arguments in a scan function call

C-ARR-011

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

C-CON-004

CERT.CONC.LIB_FUNC_USE   Avoid race conditions when using library functions

C-CON-006

CONC.DL   Deadlock

C-CON-007

CERT.CONC.WAKE_IN_LOOP_C   Wrap functions that can spuriously wake up in a loop

C-CON-008

MISRA.STDLIB.SIGNAL   Use of the signal handling facilities of signal.h

C-CON-009

CERT.CONC.UNSAFE_COND_VAR_C   Preserve thread safety and liveness when using condition variables

C-CON-011

CERT.CONC.ATOMIC_TWICE_EXPR   Do not refer to an atomic variable twice in an expression

C-DCI-001

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

C-DCI-002

MISRA.FUNC.STATIC.REDECL   Function or object redeclaration does not include 'static' modifier

C-DCI-003

MISRA.DEFINE.WRONGNAME.UNDERSCORE   Usage of a reserved name for naming a macro

MISRA.STDLIB.WRONGNAME   Reused name of standard library macro, object or function

MISRA.STDLIB.WRONGNAME.UNDERSCORE   Usage of a reserved name for naming a language entity

C-DCI-004

CERT.STRUCT.FLEXIBLE_ARRAY_MEMBER   Use the correct syntax when declaring a flexible array member

C-DCI-005

PORTING.STORAGE.STRUCT   Byte position of elements in a structure could depend on alignment and packing attributes.

C-DCI-006

MISRA.FUNC.NOPROT.DEF.2012   Function has a definition but no prototype

MISRA.FUNC.PARAMS.IDENT   Identifiers used in declaration and definition of function are not identical

C-DCI-007

CERT.DCL.SWITCH.VAR_BEFORE_CASE   Do not declare variables inside a switch statement before the first case label

C-DCI-009

MISRA.SWITCH.NODEFAULT   No default clause at the end of a switch statement

C-DCI-010

MISRA.SWITCH.NO_BREAK   No break or throw statement at the end of switch-clause

C-DCI-011

MISRA.EXPR.PARENS.2012   The precedence of operators within expressions should be made explicit.

MISRA.EXPR.PARENS.INSUFFICIENT   Limited dependence required for operator precedence rules in expressions

C-DCI-012

RN.INDEX   Suspicious use of index before negative check

C-ENV-001

MISRA.STDLIB.CTYPE.RANGE.2012_AMD1   Any value passed to a function in ctype.h shall be representable as an unsigned char or be the value EOF

MISRA.STDLIB.ILLEGAL_REUSE.2012_AMD1   The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to the same function

MISRA.STDLIB.ILLEGAL_WRITE.2012_AMD1   The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type

C-ENV-003

CERT.EXIT.HANDLER_TERMINATE   All exit handlers must return normally

C-ENV-004

MISRA.STDLIB.SYSTEM.2012_AMD2   Use of 'system' from library stdlib.h

C-ERR-001

CXX.ERRNO.INCORRECTLY_CHECKED   Errno condition check not required after calling library function

CXX.ERRNO.NOT_CHECKED   Errno condition check is missing after calling library function

CXX.ERRNO.NOT_SET   Errno is not reset to zero before calling library function

C-ERR-002

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

C-ERR-003

MISRA.STDLIB.ATOI   Use of 'atof', 'atoi' or 'atol' from library stdlib.h

C-EXP-001

MISRA.FUNC.UNUSEDRET.2012   The return value of a non-void function shall be used.

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

C-EXP-002

MISRA.INCR_DECR.OTHER   Increment or decrement operator is mixed with other operators in expression

MISRA.INCR_DECR.SIDEEFF.2012   A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator

MISRA.LOGIC.SIDEEFF   Right operand in a logical 'and' or 'or' expression contains side effects

MISRA.SHIFT.RANGE.2012   Right operand of shift operation is out of range - greater or equal to the essential type size of left operand, or is negative

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

C-EXP-003

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

C-EXP-004

SV.TAINTED.CALL.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.DEREF   Dereference Of An Unvalidated Pointer

C-EXP-005

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

C-EXP-006

EFFECT   Statement has no effect

C-EXP-007

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

C-EXP-009

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

C-EXP-010

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012   Cast between a pointer to object type and a pointer to a different object type

MISRA.CAST.PTR.UNRELATED   Object of pointer type cast to unrelated type

MISRA.CAST.PTR_TO_INT   Cast between a pointer and an integral type

PORTING.CAST.PTR   Cast between types that are not both pointers or not pointers

PORTING.CAST.PTR.FLTPNT   Cast of a pointer to a floating point expression to a non floating point type pointer

PORTING.CAST.PTR.SIZE   Attempt to cast an expression to a type of a potentially incompatible size

C-EXP-011

MISRA.CAST.FUNC_PTR.2012   Conversion performed between a pointer to a function and another incompatible type

MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012   Conversion performed between a pointer to an incomplete type and a different type

MISRA.CAST.OBJ_PTR_TO_NON_INT.2012   A cast between a pointer to object and a non-integer arithmetic type

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012   Cast between a pointer to object type and a pointer to a different object type

C-EXP-012

CERT.STR.ARG.CONST_TO_NONCONST   Do not pass a const char pointer to a non-const char pointer argument

CERT.STR.ASSIGN.CONST_TO_NONCONST   Do not assign a const char pointer to a non-const char pointer

C-EXP-013

CERT.MEMCMP.PADDED_DATA   Do not compare padding data

C-EXP-014

MISRA.TYPE.RESTRICT.QUAL.2012   The restrict type qualifier shall not be used

C-EXP-015

MISRA.SIZEOF.SIDE_EFFECT   Operand of sizeof has side effects

C-EXP-016

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

MISRA.ASSIGN.COND   Assignment operator is used in a condition

C-EXP-017

MISRA.LOGIC.OPERATOR.NOT_BOOL   Operand of non-logical operator is effectively boolean

C-FIO-001

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

C-FIO-002

CWARN.CMPCHR.EOF   A 'char' expression compared with EOF constant

C-FIO-007

RH.LEAK   Resource leak

C-FIO-008

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH   Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD   Incompatible type of a scan function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a scan function parameter

SV.FMT_STR.SCAN_IMPROP_LENGTH   Improper use of length modifier in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW   Too few arguments in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY   Too many arguments in a scan function call

SV.FMT_STR.UNKWN_FORMAT   Unknown format specifier in a print function call

C-FIO-009

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

C-FLP-001

MISRA.FOR.COUNTER.FLT   For loop counter has a floating point type

C-FLP-002

MISRA.CAST.FLOAT.WIDER   Cast of floating point expression to a wider floating point type

MISRA.CAST.FLOAT_INT   Cast of floating point expression to integral type

MISRA.CAST.INT_FLOAT   Cast of integral expression to floating point type

MISRA.CONV.FLOAT   Implicit floating-point conversion

C-FLP-003

PORTING.CAST.FLTPNT   Cast of a floating point expression to a non floating point type

C-INT-001

MISRA.CAST.INT   Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.UNSIGNED_BITS   The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CONV.INT.SIGN   Implicit integral conversion changes signedness

MISRA.CVALUE.IMPL.CAST   The value of an expression implicitly converted to a different type

MISRA.UMINUS.UNSIGNED   Operand of unary minus is unsigned

PRECISION.LOSS   Loss of Precision

C-INT-002

NUM.OVERFLOW.DF   Possible numeric overflow or wraparound

C-INT-003

PRECISION.LOSS   Loss of Precision

PRECISION.LOSS.CALL   Loss of Precision during function call

C-INT-004

CWARN.NOEFFECT.OUTOFRANGE   Value outside of range

NUM.OVERFLOW.DF   Possible numeric overflow or wraparound

C-INT-005

DBZ.CONST   Division by a zero constant occurs

DBZ.CONST.CALL   The value '0' is passed to function that can use this value as divisor

DBZ.GENERAL   Division by zero might occur

DBZ.ITERATOR   Division by zero might occur in a loop iterator

DBZ.ITERATOR.CALL   Division by zero might occur in a function call

C-INT-006

MISRA.SHIFT.RANGE.2012   Right operand of shift operation is out of range - greater or equal to the essential type size of left operand, or is negative

C-INT-007

NUM.OVERFLOW   Possible Overflow

NUM.OVERFLOW.DF   Possible numeric overflow or wraparound

C-INT-008

MISRA.CAST.OBJ_PTR_TO_INT.2012   Conversion performed between a pointer to an object and an integer type

C-INT-009

CXX.SIZEOF.CSTRING   Use of sizeof on char* may be misleading

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

C-MEM-001

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

C-MEM-002

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

C-MEM-004

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

C-MEM-005

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

C-MEM-007

CXX.REALLOC   Use of realloc() should be avoided

C-MSC-003

CERT.MSC.STD_RAND_CALL   Do not use std::rand() for generating pseudorandom numbers

C-MSC-004

CERT.MSC.SEED_RANDOM   Properly seed pseudorandom number generators

C-MSC-005

CERT.MSC.ASCTIME   Do not pass invalid data to the asctime() function

C-MSC-006

FUNCRET.GEN   Non-void function does not return value

FUNCRET.IMPLICIT   Non-void function implicitly returning int does not return value

C-MSC-008

VA.LIST.INDETERMINATE   Attempt to call va_arg() on a va_list that has an indeterminate value

C-MSC-010

CXX.GETLOGIN   Do not use getlogin in multithreaded applications

C-MSC-013

RCA   Risky cryptographic algorithm used

C-MSC-014

SV.WEAK_CRYPTO.WEAK_HASH   Weak Hash Function

C-MSC-015

CERT.MSC.SEED_RANDOM   Properly seed pseudorandom number generators

C-POS-002

CXX.POSIX.VFORK   Do not use vfork()

C-POS-003

CERT.PUTENV.AUTO_VARIABLE   Do not call putenv() with a pointer to an automatic variable as the argument

CXX.PUTENV.LOCAL.PTR   Do not pass a pointer to a local variable in the putenv()

C-POS-005

BYTEORDER.HTON.SEND   Missed conversion from host to network byte order

BYTEORDER.HTON.WRITE   Missed conversion from host to network byte order

BYTEORDER.NTOH.READ   Missed conversion from network to host byte order

BYTEORDER.NTOH.RECV   Missed conversion from network to host byte order

C-POS-006

MISRA.INCL.SIGNAL.2012   The standard header file signal.h shall not be used

C-POS-008

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

C-POS-009

CONC.DBL_LOCK   Double Lock

CONC.DBL_UNLOCK   Double Unlock

CONC.DL   Deadlock

CONC.NO_UNLOCK   Missing unlock for variable

C-POS-011

MISRA.IF.NO_COMPOUND   The body of if/else statement is not a compound statement

C-POS-012

CWARN.NOEFFECT.SELF_ASSIGN   A variable is assigned to self

CWARN.NOEFFECT.UCMP.GE   Comparison of unsigned value against 0 is always true

CWARN.NOEFFECT.UCMP.GE.MACRO   Comparison of unsigned value against 0 within a macro is always true

CWARN.NOEFFECT.UCMP.LT   Comparison of unsigned value against 0 is always false

CWARN.NOEFFECT.UCMP.LT.MACRO   Comparison of unsigned value against 0 within a macro is always false

CWARN.NULLCHECK.FUNCNAME   Function address was directly compared against 0

EFFECT   Statement has no effect

INVARIANT_CONDITION.GEN   Invariant expression in a condition

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

LA_UNUSED   Label unused

MISRA.STMT.NO_EFFECT   The statement has no side effects, and does not change control flow

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

C-PRE-002

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

C-PRE-003

MISRA.EXPANSION.DIRECTIVE   Directive-like tokens within a macro argument

C-STR-001

CERT.STR.ARG.CONST_TO_NONCONST   Do not pass a const char pointer to a non-const char pointer argument

CERT.STR.ASSIGN.CONST_TO_NONCONST   Do not assign a const char pointer to a non-const char pointer

C-STR-002

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

C-STR-003

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

C-STR-004

AUTOSAR.STDLIB.CCTYPE.UCHAR   Arguments to character-handling functions defined in <cctype> shall be representable as an unsigned char

MISRA.ETYPE.ASSIGN.2012   Assignment to an object of a narrower essential type or a different essential type category

C-STR-005

CXX.DIFF.WIDTH.STR_AND_FUNC   Implicit cast between narrow and wide character string while calling function

C-STR-006

CXX.MALLOC.WCHAR_LENGTH   Use (wsclen()+1*sizeof(wchar_t)) when allocating memory with malloc for wchar_t buffers

"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited. ​