Hyundai-Kia Motor Corp (HKMC) Secure C++ Coding Standard for Automotive Development mapped to Klocwork and Klocwork community checkers

Rule Checker name and description
P-CON-001

CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED   Do not destroy a mutex while it is locked

P-CON-004

CONC.DL   Deadlock

P-CON-005

CERT.CONC.WAKE_IN_LOOP   Wrap functions that can spuriously wake up in a loop

P-CON-006

CERT.CONC.UNSAFE_COND_VAR   Preserve thread safety and liveness when using condition variables

P-CTR-001

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY   Non-array object is used as an array

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

P-CTR-002

ITER.CONTAINER.MODIFIED   Use of invalid iterator

P-CTR-003

ITER.END.OUTPARAM.MIGHT   Use of 'end' as an output iterator

ITER.END.OUTPARAM.MUST   Use of 'end' as an output iterator

P-CTR-004

CXX.ITER.END.BEGIN   Iterator representing end of the range precedes start of range

ITER.INAPPROPRIATE   Use of iterator with inappropriate container object

ITER.INAPPROPRIATE.MULTIPLE   Use of iterator with inappropriate container object

P-CTR-006

ITER.ADVANCE.NONADJACENT   Advancing iterator by a distance of more than 1

P-DCL-001

MISRA.FUNC.VARARG   Function with variable number of arguments

P-DCL-002

MISRA.DEFINE.WRONGNAME   Usage of a name from the standard library for naming a macro

MISRA.DEFINE.WRONGNAME.UNDERSCORE   Usage of a reserved name for naming a macro

MISRA.STDLIB.WRONGNAME   Reused name of standard library macro, object or function

MISRA.STDLIB.WRONGNAME.UNDERSCORE   Usage of a reserved name for naming a language entity

MISRA.UNDEF.WRONGNAME   Undefinition of a name from the standard library

MISRA.UNDEF.WRONGNAME.UNDERSCORE   Undefinition of a reserved name

P-DCL-003

CERT.DCL.REF_TYPE.CONST_OR_VOLATILE   Never qualify a reference type with const or volatile

P-DCL-004

CERT.DCL.AMBIGUOUS_DECL   Do not write syntactically ambiguous declarations

P-DCL-005

CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC   Overload allocation and deallocation functions as a pair in the same scope

P-DCL-006

PORTING.STORAGE.STRUCT   Byte position of elements in a structure could depend on alignment and packing attributes.

P-DCL-007

CXX.STATIC.OBJ.RECURSION   Do not reenter function during initialization of static objects

P-DCL-008

MISRA.DTOR.THROW   Throw in destructor

P-DCL-009

CERT.DCL.STD_NS_MODIFIED   Do not modify the standard namespaces

P-DCL-010

MISRA.NAMESPACE.UNMD   Unnamed namespace in header file

P-DCL-011

AUTOSAR.ADD.ONEDEFRULE.FUNC   Function is violating one definition rule

AUTOSAR.ADD.ONEDEFRULE.VAR   Variable is violating one definition rule

MISRA.CT.UNIQUE.ID   Identifier clashes with tag name

MISRA.TYPE.NAMECLASH.CPP.2008   Identifier in one name space has same spelling as identifier in other name space

MISRA.TYPEDEF.NOT_UNIQUE   Typedef name is used for another entity

P-ERR-001

CERT.ERR.ABRUPT_TERM   Do not abruptly terminate the program

P-ERR-003

MISRA.STDLIB.LONGJMP   Use of setjmp macro or longjmp function

P-ERR-004

MISRA.CTOR.TRY.NON_STATIC   Function try/catch block of constructor or destructor references non-static members

P-ERR-005

MISRA.CATCH.NOALL   Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD   Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

P-ERR-008

CL.MLK   Memory Leak - in destructor

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

RH.LEAK   Resource leak

P-ERR-010

MISRA.CATCH.BY_VALUE   Exception object of class type is caught by value

P-ERR-011

CERT.ERR.CONV.STR_TO_NUM   Detect errors when converting a string to a number

P-EXP-001

CERT.EXPR.PARENS   The precedence of operators within expressions should be made explicit.

MISRA.EXPR.PARENS.INSUFFICIENT   Limited dependence required for operator precedence rules in expressions

MISRA.INCR_DECR.OTHER   Increment or decrement operator is mixed with other operators in expression

MISRA.INCR_DECR.SIDEEFF.2012   A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

P-EXP-002

CERT.EXPR.DELETE_ARR.BASE_PTR   Do not delete an array through a pointer of the incorrect type

P-EXP-003

MISRA.SIZEOF.SIDE_EFFECT   Operand of sizeof has side effects

P-EXP-004

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

P-EXP-005

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

P-EXP-006

MISRA.CAST.CONST   Cast operation removes const or volatile modifier from a pointer or reference

P-EXP-007

CERT.VA_START.TYPE   Pass an object of the correct type to va_start

P-EXP-010

CERT.MEMCMP.PADDED_DATA   Do not compare padding data

P-FIO-002

RH.LEAK   Resource leak

P-MEM-001

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

P-MEM-002

CL.FMM   Freeing Mismatched Memory - in destructor

FMM.MIGHT   Freeing Mismatched Memory - possible

FMM.MUST   Freeing Mismatched Memory

P-MEM-004

CERT.MEM.OBJ_LIFETIME_CTOR   Uninitialized Heap Member Function Call

CERT.MEM.OBJ_LIFETIME_DTOR   Object with manually allocated memory not explicitly destroyed

P-MEM-005

CERT.MEM.PLACEMENTNEW.MISALIGNED   Provide placement new with properly aligned storage

CERT.MEM.PLACEMENTNEW.TOOSMALL   Provide placement new with sufficient storage

P-MEM-006

CERT.MEM.SMART_PTR.OWNED   Multiple smart pointer owners of pointer

CERT.MEM.SMART_PTR.OWNED.THIS   The underlying resource might be already owned by a non-related smart pointer

P-MEM-007

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

P-MSC-001

CERT.MSC.STD_RAND_CALL   Do not use std::rand() for generating pseudorandom numbers

P-MSC-002

AUTOSAR.STDLIB.RANDOM.NBR_GEN_DEFAULT_INIT   Random number engines shall not be default-initialized

CERT.MSC.SEED_RANDOM   Properly seed pseudorandom number generators

P-MSC-003

FUNCRET.GEN   Non-void function does not return value

P-MSC-004

CERT.MSC.NORETURN_FUNC_RETURNS   Do not return from a function declared [[noreturn]]

P-MSC-005

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

P-OOP-001

CERT.OOP.CTOR.VIRTUAL_FUNC   Do not invoke virtual functions from constructors or destructors

P-OOP-003

CL.MLK.VIRTUAL   Memory Leak - possible in destructor

CWARN.DTOR.NONVIRT.DELETE   Delete expression for an object of a class with virtual methods and no virtual destructor

P-OOP-004

CERT.OOP.CTOR.INIT_ORDER   Write constructor member initializers in the canonical order

P-OOP-005

CL.SELF-ASSIGN   Use of free memory (double free) - in operator=

P-OOP-006

CERT.OOP.PTR_MEMBER.NO_MEMBER   Do not use pointer-to-member operators to access nonexistent members

P-OOP-007

CERT.OOP.CSTD_FUNC_USE   Prefer special member functions and overloaded operators to C Standard Library functions

P-OOP-008

CERT.OOP.COPY_MUTATES   Copy operations must not mutate the source object

P-OOP-009

CXX.STATIC.OBJ.FINAL   Initialized public static field not mark as final

P-OOP-010

CXX.MEMBER.IMPORTANT.PRIVATE   Important member data shall be private

P-OOP-011

CXX.MEMBER.CRITICAL.PUBLIC.METHOD   Critical private member data shall not be directly writable by a public method

P-STR-001

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

P-STR-003

ITER.CONTAINER.MODIFIED   Use of invalid iterator

"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited. ​