CERT C++ rules
The following table maps CERT C rules to Klocwork C++ checkers.
| Rule | Checker name and description |
|---|---|
| ARR30-C(L2) |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| ARR37-C(L2) |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| ARR38-C(L2) |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| ARR39-C(L2) |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| CERT ARR30-C (L2): Do not form or use out-of-bounds pointers or array subscripts |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| CERT ARR37-C (L2): Do not add or subtract an integer to a pointer to a non-array object |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| CERT ARR38-C (L2): Guarantee that library functions do not form invalid pointers |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| CERT ARR39-C (L2): Do not add or subtract a scaled integer to a pointer |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| CERT CON33-C (L3): Avoid race conditions when using library functions |
CERT.CONC.LIB_FUNC_USE Avoid race conditions when using library functions |
| CERT CON37-C (L3): Do not call signal() in a multithreaded program |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| CERT CON40-C (L2): Do not refer to an atomic variable twice in an expression |
CERT.CONC.ATOMIC_TWICE_EXPR Do not refer to an atomic variable twice in an expression |
| CERT CON41-C (L3): Wrap functions that can fail spuriously in a loop |
CERT.CONC.ATOMIC_COMP_FAIL_IN_LOOP Wrap functions that can spuriously fail up in a loop |
| CERT CON50-CPP (L3): Do not destroy a mutex while it is locked |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| CERT CON54-CPP (L3): Wrap functions that can spuriously wake up in a loop |
CERT.CONC.WAKE_IN_LOOP Wrap functions that can spuriously wake up in a loop |
| CERT CON55-CPP (L3): Preserve thread safety and liveness when using condition variables |
CERT.CONC.UNSAFE_COND_VAR Preserve thread safety and liveness when using condition variables |
| CERT CTR50-CPP (L2): Guarantee that container indices and iterators are within the valid range |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CERT CTR51-CPP (L2): Use valid references |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| CERT CTR52-CPP (L1): Guarantee that library functions do not overflow |
ITER.END.OUTPARAM.MIGHT Use of 'end' as an output iterator ITER.END.OUTPARAM.MUST Use of 'end' as an output iterator |
| CERT CTR55-CPP (L2): Do not use an additive operator on an iterator if the result would overflow |
ITER.ADVANCE.NONADJACENT Advancing iterator by a distance of more than 1 |
| CERT DCL30-C (L2): Declare objects with appropriate storage durations |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| CERT DCL39-C (L3): Avoid information leakage when passing a structure across a trust boundary |
PORTING.STORAGE.STRUCT Byte position of elements in a structure could depend on alignment and packing attributes. |
| CERT DCL40-C (L3): Do not create incompatible declarations of the same function or object |
MISRA.FUNC.PARAMS.IDENT Identifiers used in declaration and definition of function are not identical |
| CERT DCL50-CPP (L1): Do not define a C-style variadic function |
MISRA.FUNC.VARARG Function with variable number of arguments |
| CERT DCL51-CPP (L3): Do not declare or define a reserved identifier |
MISRA.DEFINE.WRONGNAME Usage of a name from the standard library for naming a macro MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| CERT DCL52-CPP (L3): Never qualify a reference type with const or volatile |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE Never qualify a reference type with const or volatile |
| CERT DCL53-CPP (L3): Do not write syntactically ambiguous declarations |
CERT.DCL.AMBIGUOUS_DECL Do not write syntactically ambiguous declarations |
| CERT DCL54-CPP (L3): Overload allocation and deallocation functions as a pair in the same scope |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC Overload allocation and deallocation functions as a pair in the same scope |
| CERT DCL57-CPP (L2): Do not let exceptions escape from destructors or deallocation functions |
MISRA.DTOR.THROW Throw in destructor |
| CERT DCL58-CPP (L2): Do not modify the standard namespaces |
CERT.DCL.STD_NS_MODIFIED Do not modify the standard namespaces |
| CERT DCL59-CPP (L3): Do not define an unnamed namespace in a header file |
MISRA.NAMESPACE.UNMD Unnamed namespace in header file |
| CERT ENV30-C (L3): Do not modify the object referenced by the return value of certain functions |
CXX.STDLIB.ILLEGAL_WRITE The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type |
| CERT ENV32-C (L1): All exit handlers must return normally |
CERT.EXIT.HANDLER_TERMINATE All exit handlers must return normally |
| CERT ENV33-C (L1): Do not call system() |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution |
| CERT ENV34-C (L3): Do not store pointers returned by certain functions |
CXX.STDLIB.ILLEGAL_REUSE The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to the same function |
| CERT ERR30-C (L1): Set errno to zero before calling a library function known to set errno |
CXX.ERRNO.INCORRECTLY_CHECKED Errno condition check not required after calling library function CXX.ERRNO.NOT_CHECKED Errno condition check is missing after calling library function CXX.ERRNO.NOT_SET Errno is not reset to zero before calling library function |
| CERT ERR32-C (L3): Do not rely on indeterminate values of errno |
MISRA.INCL.SIGNAL.2012 The standard header file signal.h shall not be used MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| CERT ERR33-C (L1): Detect and handle standard library errors |
NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.FUNC.MUST Result of function that may return NULL will be dereferenced SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CERT ERR34-C (L2): Detect errors when converting a string to a number |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| CERT ERR50-CPP (L3): Do not abruptly terminate the program |
CERT.ERR.ABRUPT_TERM Do not abruptly terminate the program MISRA.TERMINATE terminate() function is called explicitly |
| CERT ERR51-CPP (L2): Handle all exceptions |
MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| CERT ERR52-CPP (L3): Do not use setjmp() or longjmp() |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| CERT ERR53-CPP (L3): Do not reference base classes or class data members in a constructor or destructor function-try-block handler |
MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members |
| CERT ERR54-CPP (L1): Catch handlers should order their parameter types from most derived to least derived |
MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block |
| CERT ERR57-CPP (L3): Do not leak resources when handling exceptions |
CL.MLK Memory Leak - in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak |
| CERT ERR59-CPP (L2): Do not throw an exception across execution boundaries |
CERT.EXCEPTION.OVER.BOUNDARY Exception thrown over execution boundary. |
| CERT ERR61-CPP (L3): Catch exceptions by lvalue reference |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value |
| CERT ERR62-CPP (L3): Detect errors when converting a string to a number |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number |
| CERT EXP34-C (L1): Ensure a null pointer is not dereferenced |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| CERT EXP39-C (L3): Do not access a variable through a pointer of an incompatible type |
CXX.CAST.OBJ_PTR_TO_OBJ_PTR Cast between a pointer to object type and a pointer to a different object type |
| CERT EXP42-C (L1): Do not compare padding data |
CERT.MEMCMP.PADDED_DATA Do not compare padding data |
| CERT EXP45-C (L2): Do not perform assignments in selection statements |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition MISRA.ASSIGN.COND Assignment operator is used in a condition |
| CERT EXP46-C (L2): Do not use a bitwise operator with a Boolean-like operand |
MISRA.LOGIC.OPERATOR.NOT_BOOL Operand of non-logical operator is effectively boolean |
| CERT EXP47-C (L2): Do not call va_arg with an argument of the incorrect type |
CERT.VA_ARG.TYPE Do not call va_arg with an argument of the incorrect type |
| CERT EXP50-CPP (L2): Do not depend on the order of evaluation for side effects |
CERT.EXPR.PARENS The precedence of operators within expressions should be made explicit. MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| CERT EXP51-CPP (L3): Do not delete an array through a pointer of the incorrect type |
CERT.EXPR.DELETE_ARR.BASE_PTR Do not delete an array through a pointer of the incorrect type |
| CERT EXP52-CPP (L3): Do not rely on side effects in unevaluated operands |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| CERT EXP53-CPP (L1): Do not read uninitialized memory |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| CERT EXP54-CPP (L2): Do not access an object outside of its lifetime |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| CERT EXP55-CPP (L3): Do not access a cv-qualified object through a cv-unqualified type |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| CERT EXP56-CPP (L3): Do not call a function with a mismatched language linkage |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size |
| CERT EXP57-CPP (L3): Do not cast or delete pointers to incomplete classes |
CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE Do not delete a pointer to an incomplete type |
| CERT EXP58-CPP (L3): Pass an object of the correct type to va_start |
CERT.VA_START.TYPE Pass an object of the correct type to va_start |
| CERT EXP60-CPP (L2): Do not pass a nonstandard-layout type object across execution boundaries |
CERT.EXPR.PASS_NON_STD_LAYOUT Do not pass a nonstandard-layout type object across execution boundaries |
| CERT EXP61-CPP (L2): A lamda object must not outlive any of its reference captured objects |
LOCRET.RET Function returns address of local variable |
| CERT EXP62-CPP (L1): Do not access the bits of an object representation that are not part of the object's value representation |
CERT.MEMCMP.PADDED_DATA Do not compare padding data CWARN.MEM.NONPOD Memory manipulation routine applied to a non-POD object |
| CERT FIO30-C (L1): Exclude user input from format strings |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| CERT FIO34-C (L1): Distinguish between characters read from a file and EOF or WEOF |
CWARN.CMPCHR.EOF A 'char' expression compared with EOF constant |
| CERT FIO37-C (L1): Do not assume that fgets() or fgetws() returns a nonempty string when successful |
CERT.FIO.FGETS Do not assume that fgets() or fgetws() returns a nonempty string when successful |
| CERT FIO38-C (L3): Do not copy a FILE object |
CERT.FILE_PTR.DEREF A pointer to a FILE object shall not be dereferenced CERT.FILE_PTR.DEREF.CAST Object is casted to a FILE pointer, and it shall not be dereferenced CERT.FILE_PTR.DEREF.INDIRECT A pointer to a FILE object shall not be indirectly dereferenced by a system function CERT.FILE_PTR.DEREF.RETURN A pointer to a FILE object (returned by function) shall not be dereferenced MISRA.FILE_PTR.DEREF.2012 A pointer to a FILE object shall not be dereferenced MISRA.FILE_PTR.DEREF.CAST.2012 Object is casted to a FILE pointer, and it shall not be dereferenced MISRA.FILE_PTR.DEREF.INDIRECT.2012 A pointer to a FILE object shall not be indirectly dereferenced by a system function MISRA.FILE_PTR.DEREF.RETURN.2012 A pointer to a FILE object (returned by function) shall not be dereferenced |
| CERT FIO39-C (L2): Do not alternately input and output from a stream without an intervening flush or positioning call |
CERT.FIO.NO_FLUSH Flush or positioning function call missing |
| CERT FIO42-C (L3): Close files when they are no longer needed |
RH.LEAK Resource leak |
| CERT FIO44-C (L3): Only use values for fsetpos() that are returned from fgetpos() |
CERT.FSETPOS.VALUE Only use values for fsetpos() that are returned from fgetpos() |
| CERT FIO45-C (L2): Avoid TOCTOU race conditions while accessing files |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| CERT FIO46-C (L3): Do not access a closed file |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| CERT FIO47-C (L2): Use valid format strings |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| CERT FIO51-CPP (L3): Close files when they are no longer needed |
RH.LEAK Resource leak |
| CERT FLP30-C (L2): Do not use floating-point variables as loop counters |
MISRA.FOR.COUNTER.FLT For loop counter has a floating point type |
| CERT FLP32-C (L1): Prevent or detect domain and range errors in math functions |
CERT.MATH.DOMAIN.CHECK One or more arguments passed to a standard library math function are outside its valid domain CERT.MATH.RANGE.CHECK Error condition must be checked after calling a library math function that might cause range error |
| CERT FLP34-C (L3): Ensure that floating-point conversions are within range of the new type |
MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CONV.FLOAT Implicit floating-point conversion |
| CERT FLP36-C (L3): Preserve precision when converting integral values to floating-point type |
PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type |
| CERT FLP37-C (L3): Do not use object representations to compare floating-point values |
CERT.MEMCMP.FLOAT_MEMBER Do not compare when member is floating point |
| CERT INT30-C (L2): Ensure that unsigned integer operations do not wrap |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound |
| CERT INT31-C (L1): Ensure that integer conversions do not result in lost or misinterpreted data |
PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| CERT INT32-C (L1): Ensure that operations on signed integers do not result in overflow |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound |
| CERT INT33-C (L2): Ensure that division and remainder operations do not result in divide-by-zero errors |
DBZ.CONST Division by a zero constant occurs DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor DBZ.GENERAL Division by zero might occur DBZ.GENERAL.FLOAT Division by floating-point zero might occur DBZ.ITERATOR Division by zero might occur in a loop iterator DBZ.ITERATOR.CALL Division by zero might occur in a function call DBZ.ITERATOR.FLOAT Division by zero might occur in a loop iterator |
| CERT INT34-C (L3): Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
MISRA.SHIFT.RANGE.2012 Right operand of shift operation is out of range - greater or equal to the essential type size of left operand, or is negative |
| CERT MEM30-C (L2): Do not access freed memory |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| CERT MEM31-C (L3): Free dynamically allocated memory when no longer needed |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| CERT MEM34-C (L2): Only free memory allocated dynamically |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory |
| CERT MEM35-C (L2): Allocate sufficient memory for an object |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation |
| CERT MEM36-C (L3): Do not modify the alignment of objects by calling realloc() |
AUTOSAR.STDLIB.MEMORY Functions malloc, calloc, realloc and free shall not be used |
| CERT MEM50-CPP (L2): Do not access freed memory |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| CERT MEM51-CPP (L2): Properly deallocate dynamically allocated resources |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.FMM Freeing Mismatched Memory - in destructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use |
| CERT MEM52-CPP (L1): Detect and handle memory allocation errors |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| CERT MEM53-CPP (L2): Explicitly construct and destruct objects when manually managing object lifetime |
CERT.MEM.OBJ_LIFETIME_CTOR Uninitialized Heap Member Function Call CERT.MEM.OBJ_LIFETIME_DTOR Object with manually allocated memory not explicitly destroyed |
| CERT MEM54-CPP (L2): Provide placement new with properly aligned pointers to sufficient storage capacity |
CERT.MEM.PLACEMENTNEW.MISALIGNED Provide placement new with properly aligned storage CERT.MEM.PLACEMENTNEW.TOOSMALL Provide placement new with sufficient storage |
| CERT MEM55-CPP (L2): Honor replacement dynamic storage management requirements |
CERT.MEM.OVERRIDE.DELETE Honor replacement dynamic storage management requirements for 'delete' CERT.MEM.OVERRIDE.NEW Honor replacement dynamic storage management requirements for 'new' |
| CERT MEM56-CPP (L2): Do not store an already-owned pointer value in an unrelated smart pointer |
CERT.MEM.SMART_PTR.OWNED Multiple smart pointer owners of pointer CERT.MEM.SMART_PTR.OWNED.THIS The underlying resource might be already owned by a non-related smart pointer |
| CERT MSC30-C (L3): Do not use the rand() function for generating pseudorandom numbers |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| CERT MSC32-C (L1): Properly seed pseudorandom number generators |
CERT.MSC.SEED_RANDOM Properly seed pseudorandom number generators |
| CERT MSC33-C (L2): Do not pass invalid data to the asctime() function |
CERT.MSC.ASCTIME Do not pass invalid data to the asctime() function |
| CERT MSC37-C (L2): Ensure that control never reaches the end of a non-void function |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| CERT MSC39-C (L3): Do not call va_arg() on a va_list that has an indeterminate value |
VA.LIST.INDETERMINATE Attempt to call va_arg() on a va_list that has an indeterminate value |
| CERT MSC40-C (L3): Do not violate constraints |
MISRA.FUNC.STATIC.REDECL Function or object redeclaration does not include 'static' modifier |
| CERT MSC41-C (L2): Never hard code sensitive information |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| CERT MSC50-CPP (L3): Do not use std::rand() for generating pseudorandom numbers |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| CERT MSC51-CPP (L1): Ensure your random number generator is properly seeded |
AUTOSAR.STDLIB.RANDOM.NBR_GEN_DEFAULT_INIT Random number engines shall not be default-initialized |
| CERT MSC52-CPP (L2): Value-returning functions must return a value from all exit paths |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| CERT MSC53-CPP (L3): Do not return from a function declared [[noreturn]] |
CERT.MSC.NORETURN_FUNC_RETURNS Do not return from a function declared [[noreturn]] |
| CERT MSC54-CPP (L2): A signal handler must be a plain old function |
CERT.MSC.SIG_HANDLER.POF A signal handler must be a plain old function |
| CERT OOP50-CPP (L3): Do not invoke virtual functions from constructors or destructors |
CERT.OOP.CTOR.VIRTUAL_FUNC Do not invoke virtual functions from constructors or destructors |
| CERT OOP52-CPP (L3): Do not delete a polymorphic object without a virtual destructor |
CL.MLK.VIRTUAL Memory Leak - possible in destructor CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor |
| CERT OOP53-CPP (L2): Write constructor member initializers in the canonical order |
CERT.OOP.CTOR.INIT_ORDER Write constructor member initializers in the canonical order |
| CERT OOP54-CPP (L3): Gracefully handle self-copy assignment |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| CERT OOP55-CPP (L2): Do not use pointer-to-member operators to access nonexistent members |
CERT.OOP.PTR_MEMBER.NO_MEMBER Do not use pointer-to-member operators to access nonexistent members |
| CERT OOP57-CPP (L1): Prefer special member functions and overloaded operators to C Standard Library functions |
CERT.OOP.CSTD_FUNC_USE Prefer special member functions and overloaded operators to C Standard Library functions |
| CERT OOP58-CPP (L2): Copy operations must not mutate the source object |
CERT.OOP.COPY_MUTATES Copy operations must not mutate the source object |
| CERT POS30-C (L1): Use the readlink() function properly |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| CERT POS34-C (L2): Do not call putenv() with a pointer to an automatic variable as the argument |
CERT.PUTENV.AUTO_VARIABLE Do not call putenv() with a pointer to an automatic variable as the argument |
| CERT POS35-C (L2): Avoid race conditions while checking for the existence of a symbolic link |
CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| CERT POS36-C (L1): Observe correct revocation order while relinquishing privileges |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| CERT POS37-C (L1): Ensure that privilege relinquishment is successful |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| CERT POS39-C (L1): Use the correct byte ordering when transferring data between systems |
BYTEORDER.HTON.SEND Missed conversion from host to network byte order BYTEORDER.HTON.WRITE Missed conversion from host to network byte order BYTEORDER.NTOH.READ Missed conversion from network to host byte order BYTEORDER.NTOH.RECV Missed conversion from network to host byte order |
| CERT POS44-C (L3): Do not use signals to terminate threads |
MISRA.INCL.SIGNAL.2012 The standard header file signal.h shall not be used |
| CERT POS47-C (L3): Do not use threads that can be canceled asynchronously |
CERT.POS.THREAD.ASYNC_CANCEL Do not use threads that can be canceled asynchronously |
| CERT POS51-C (L3): Avoid deadlock with POSIX threads by locking in predefined order |
CONC.DL Deadlock CONC.NO_UNLOCK Missing unlock for variable |
| CERT POS52-C (L3): Do not perform operations that can block while holding a POSIX lock |
CONC.SLEEP Function may block in critical section |
| CERT POS54-C (L1): Detect and handle POSIX library errors |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CERT PRE30-C (L3): Do not create a universal character name through concatenation |
MISRA.DEFINE.SHARP # or ## operator in a macro definition |
| CERT PRE31-C (L2): Avoid side effects in arguments to unsafe macros |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| CERT PRE32-C (L3): Do not use preprocessor directives in invocations of function-like macros |
MISRA.EXPANSION.DIRECTIVE Directive-like tokens within a macro argument |
| CERT SIG31-C (L1): Do not access shared objects in signal handlers |
CERT.SIG.SIG_HANDLER.SHARED_OBJ Do not access shared object in signal handlers CERT.SIG.SIG_HANDLER.SHARED_OBJ.HEAP Do not access shared object in signal handlers CERT.SIG.SIG_HANDLER.SHARED_OBJ.MIGHT Do not access shared object in signal handlers |
| CERT SIG34-C (L3): Do not call signal() from within interruptible signal handlers |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| CERT SIG35-C (L3): Do not return from a computational exception signal handler |
CERT.STDLIB.SIGNAL Do not return from a computational exception signal handler |
| CERT STR30-C (L2): Do not attempt to modify string literals |
CERT.STR.ARG.CONST_TO_NONCONST Do not pass a const char pointer to a non-const char pointer argument CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer |
| CERT STR31-C (L2): Guarantee that storage for strings has sufficient space for character data and the null terminator |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| CERT STR32-C (L1): Do not pass a non-null-terminated character sequence to a library function that expects a string |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| CERT STR34-C (L2): Cast characters to unsigned char before converting to larger integer sizes |
CXX.CAST.SIGNED_CHAR_TO_INTEGER Cast char to unsigned char before converting to larger integer sizes |
| CERT STR37-C (L3): Arguments to character-handling functions must be representable as an unsigned char |
AUTOSAR.STDLIB.CCTYPE.UCHAR Arguments to character-handling functions defined in <cctype> shall be representable as an unsigned char |
| CERT STR38-C (L1): Do not confuse narrow and wide character strings and functions |
CXX.DIFF.WIDTH.STR_AND_FUNC Implicit cast between narrow and wide character string while calling function |
| CERT STR50-CPP (L2): Guarantee that storage for strings has sufficient space for character data and the null terminator |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input |
| CERT STR51-CPP (L1): Do not attempt to create a std::string from a null pointer |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| CON33-C(L3) |
CERT.CONC.LIB_FUNC_USE Avoid race conditions when using library functions |
| CON37-C(L3) |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| CON40-C(L2) |
CERT.CONC.ATOMIC_TWICE_EXPR Do not refer to an atomic variable twice in an expression |
| CON41-C(L3) |
CERT.CONC.ATOMIC_COMP_FAIL_IN_LOOP Wrap functions that can spuriously fail up in a loop |
| CON50-CPP(L3) |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| CON54-CPP(L3) |
CERT.CONC.WAKE_IN_LOOP Wrap functions that can spuriously wake up in a loop |
| CON55-CPP(L3) |
CERT.CONC.UNSAFE_COND_VAR Preserve thread safety and liveness when using condition variables |
| CTR50-CPP(L2) |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CTR51-CPP(L2) |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| CTR52-CPP(L1) |
ITER.END.OUTPARAM.MIGHT Use of 'end' as an output iterator ITER.END.OUTPARAM.MUST Use of 'end' as an output iterator |
| CTR55-CPP(L2) |
ITER.ADVANCE.NONADJACENT Advancing iterator by a distance of more than 1 |
| DCL30-C(L2) |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| DCL39-C(L3) |
PORTING.STORAGE.STRUCT Byte position of elements in a structure could depend on alignment and packing attributes. |
| DCL40-C(L3) |
MISRA.FUNC.PARAMS.IDENT Identifiers used in declaration and definition of function are not identical |
| DCL50-CPP(L1) |
MISRA.FUNC.VARARG Function with variable number of arguments |
| DCL51-CPP(L3) |
MISRA.DEFINE.WRONGNAME Usage of a name from the standard library for naming a macro MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| DCL52-CPP(L3) |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE Never qualify a reference type with const or volatile |
| DCL53-CPP(L3) |
CERT.DCL.AMBIGUOUS_DECL Do not write syntactically ambiguous declarations |
| DCL54-CPP(L3) |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC Overload allocation and deallocation functions as a pair in the same scope |
| DCL57-CPP(L2) |
MISRA.DTOR.THROW Throw in destructor |
| DCL58-CPP(L2) |
CERT.DCL.STD_NS_MODIFIED Do not modify the standard namespaces |
| DCL59-CPP(L3) |
MISRA.NAMESPACE.UNMD Unnamed namespace in header file |
| ENV30-C(L3) |
CXX.STDLIB.ILLEGAL_WRITE The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type |
| ENV32-C(L1) |
CERT.EXIT.HANDLER_TERMINATE All exit handlers must return normally |
| ENV33-C(L1) |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution |
| ENV34-C(L3) |
CXX.STDLIB.ILLEGAL_REUSE The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to the same function |
| ERR30-C(L1) |
CXX.ERRNO.INCORRECTLY_CHECKED Errno condition check not required after calling library function CXX.ERRNO.NOT_CHECKED Errno condition check is missing after calling library function CXX.ERRNO.NOT_SET Errno is not reset to zero before calling library function |
| ERR32-C(L3) |
MISRA.INCL.SIGNAL.2012 The standard header file signal.h shall not be used MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| ERR33-C(L1) |
NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.FUNC.MUST Result of function that may return NULL will be dereferenced SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| ERR34-C(L2) |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| ERR50-CPP(L3) |
CERT.ERR.ABRUPT_TERM Do not abruptly terminate the program MISRA.TERMINATE terminate() function is called explicitly |
| ERR51-CPP(L2) |
MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| ERR52-CPP(L3) |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| ERR53-CPP(L3) |
MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members |
| ERR54-CPP(L1) |
MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block |
| ERR57-CPP(L3) |
CL.MLK Memory Leak - in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak |
| ERR59-CPP(L2) |
CERT.EXCEPTION.OVER.BOUNDARY Exception thrown over execution boundary. |
| ERR61-CPP(L3) |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value |
| ERR62-CPP(L3) |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number |
| EXP34-C(L1) |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| EXP39-C(L3) |
CXX.CAST.OBJ_PTR_TO_OBJ_PTR Cast between a pointer to object type and a pointer to a different object type |
| EXP42-C(L1) |
CERT.MEMCMP.PADDED_DATA Do not compare padding data |
| EXP45-C(L2) |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition MISRA.ASSIGN.COND Assignment operator is used in a condition |
| EXP46-C(L2) |
MISRA.LOGIC.OPERATOR.NOT_BOOL Operand of non-logical operator is effectively boolean |
| EXP47-C(L2) |
CERT.VA_ARG.TYPE Do not call va_arg with an argument of the incorrect type |
| EXP50-CPP(L2) |
CERT.EXPR.PARENS The precedence of operators within expressions should be made explicit. MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP51-CPP(L3) |
CERT.EXPR.DELETE_ARR.BASE_PTR Do not delete an array through a pointer of the incorrect type |
| EXP52-CPP(L3) |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP53-CPP(L1) |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP54-CPP(L2) |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP55-CPP(L3) |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| EXP56-CPP(L3) |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size |
| EXP57-CPP(L3) |
CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE Do not delete a pointer to an incomplete type |
| EXP58-CPP(L3) |
CERT.VA_START.TYPE Pass an object of the correct type to va_start |
| EXP60-CPP(L2) |
CERT.EXPR.PASS_NON_STD_LAYOUT Do not pass a nonstandard-layout type object across execution boundaries |
| EXP61-CPP(L2) |
LOCRET.RET Function returns address of local variable |
| EXP62-CPP(L1) |
CERT.MEMCMP.PADDED_DATA Do not compare padding data CWARN.MEM.NONPOD Memory manipulation routine applied to a non-POD object |
| FIO30-C(L1) |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| FIO34-C(L1) |
CWARN.CMPCHR.EOF A 'char' expression compared with EOF constant |
| FIO37-C(L1) |
CERT.FIO.FGETS Do not assume that fgets() or fgetws() returns a nonempty string when successful |
| FIO38-C(L3) |
CERT.FILE_PTR.DEREF A pointer to a FILE object shall not be dereferenced CERT.FILE_PTR.DEREF.CAST Object is casted to a FILE pointer, and it shall not be dereferenced CERT.FILE_PTR.DEREF.INDIRECT A pointer to a FILE object shall not be indirectly dereferenced by a system function CERT.FILE_PTR.DEREF.RETURN A pointer to a FILE object (returned by function) shall not be dereferenced MISRA.FILE_PTR.DEREF.2012 A pointer to a FILE object shall not be dereferenced MISRA.FILE_PTR.DEREF.CAST.2012 Object is casted to a FILE pointer, and it shall not be dereferenced MISRA.FILE_PTR.DEREF.INDIRECT.2012 A pointer to a FILE object shall not be indirectly dereferenced by a system function MISRA.FILE_PTR.DEREF.RETURN.2012 A pointer to a FILE object (returned by function) shall not be dereferenced |
| FIO39-C(L2) |
CERT.FIO.NO_FLUSH Flush or positioning function call missing |
| FIO42-C(L3) |
RH.LEAK Resource leak |
| FIO44-C(L3) |
CERT.FSETPOS.VALUE Only use values for fsetpos() that are returned from fgetpos() |
| FIO45-C(L2) |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO46-C(L3) |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| FIO47-C(L2) |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| FIO51-CPP(L3) |
RH.LEAK Resource leak |
| FLP30-C(L2) |
MISRA.FOR.COUNTER.FLT For loop counter has a floating point type |
| FLP32-C(L1) |
CERT.MATH.DOMAIN.CHECK One or more arguments passed to a standard library math function are outside its valid domain CERT.MATH.RANGE.CHECK Error condition must be checked after calling a library math function that might cause range error |
| FLP34-C(L3) |
MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CONV.FLOAT Implicit floating-point conversion |
| FLP36-C(L3) |
PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type |
| FLP37-C(L3) |
CERT.MEMCMP.FLOAT_MEMBER Do not compare when member is floating point |
| INT30-C(L2) |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound |
| INT31-C(L1) |
PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| INT32-C(L1) |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound |
| INT33-C(L2) |
DBZ.CONST Division by a zero constant occurs DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor DBZ.GENERAL Division by zero might occur DBZ.GENERAL.FLOAT Division by floating-point zero might occur DBZ.ITERATOR Division by zero might occur in a loop iterator DBZ.ITERATOR.CALL Division by zero might occur in a function call DBZ.ITERATOR.FLOAT Division by zero might occur in a loop iterator |
| INT34-C(L3) |
MISRA.SHIFT.RANGE.2012 Right operand of shift operation is out of range - greater or equal to the essential type size of left operand, or is negative |
| MEM30-C(L2) |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM31-C(L3) |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| MEM34-C(L2) |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory |
| MEM35-C(L2) |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation |
| MEM36-C(L3) |
AUTOSAR.STDLIB.MEMORY Functions malloc, calloc, realloc and free shall not be used |
| MEM50-CPP(L2) |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM51-CPP(L2) |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.FMM Freeing Mismatched Memory - in destructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use |
| MEM52-CPP(L1) |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| MEM53-CPP(L2) |
CERT.MEM.OBJ_LIFETIME_CTOR Uninitialized Heap Member Function Call CERT.MEM.OBJ_LIFETIME_DTOR Object with manually allocated memory not explicitly destroyed |
| MEM54-CPP(L2) |
CERT.MEM.PLACEMENTNEW.MISALIGNED Provide placement new with properly aligned storage CERT.MEM.PLACEMENTNEW.TOOSMALL Provide placement new with sufficient storage |
| MEM55-CPP(L2) |
CERT.MEM.OVERRIDE.DELETE Honor replacement dynamic storage management requirements for 'delete' CERT.MEM.OVERRIDE.NEW Honor replacement dynamic storage management requirements for 'new' |
| MEM56-CPP(L2) |
CERT.MEM.SMART_PTR.OWNED Multiple smart pointer owners of pointer CERT.MEM.SMART_PTR.OWNED.THIS The underlying resource might be already owned by a non-related smart pointer |
| MSC30-C(L3) |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| MSC32-C(L1) |
CERT.MSC.SEED_RANDOM Properly seed pseudorandom number generators |
| MSC33-C(L2) |
CERT.MSC.ASCTIME Do not pass invalid data to the asctime() function |
| MSC37-C(L2) |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| MSC39-C(L3) |
VA.LIST.INDETERMINATE Attempt to call va_arg() on a va_list that has an indeterminate value |
| MSC40-C(L3) |
MISRA.FUNC.STATIC.REDECL Function or object redeclaration does not include 'static' modifier |
| MSC41-C(L2) |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| MSC50-CPP(L3) |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| MSC51-CPP(L1) |
AUTOSAR.STDLIB.RANDOM.NBR_GEN_DEFAULT_INIT Random number engines shall not be default-initialized |
| MSC52-CPP(L2) |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| MSC53-CPP(L3) |
CERT.MSC.NORETURN_FUNC_RETURNS Do not return from a function declared [[noreturn]] |
| MSC54-CPP(L2) |
CERT.MSC.SIG_HANDLER.POF A signal handler must be a plain old function |
| OOP50-CPP(L3) |
CERT.OOP.CTOR.VIRTUAL_FUNC Do not invoke virtual functions from constructors or destructors |
| OOP52-CPP(L3) |
CL.MLK.VIRTUAL Memory Leak - possible in destructor CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor |
| OOP53-CPP(L2) |
CERT.OOP.CTOR.INIT_ORDER Write constructor member initializers in the canonical order |
| OOP54-CPP(L3) |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| OOP55-CPP(L2) |
CERT.OOP.PTR_MEMBER.NO_MEMBER Do not use pointer-to-member operators to access nonexistent members |
| OOP57-CPP(L1) |
CERT.OOP.CSTD_FUNC_USE Prefer special member functions and overloaded operators to C Standard Library functions |
| OOP58-CPP(L2) |
CERT.OOP.COPY_MUTATES Copy operations must not mutate the source object |
| POS30-C(L1) |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| POS34-C(L2) |
CERT.PUTENV.AUTO_VARIABLE Do not call putenv() with a pointer to an automatic variable as the argument |
| POS35-C(L2) |
CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| POS36-C(L1) |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS37-C(L1) |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS39-C(L1) |
BYTEORDER.HTON.SEND Missed conversion from host to network byte order BYTEORDER.HTON.WRITE Missed conversion from host to network byte order BYTEORDER.NTOH.READ Missed conversion from network to host byte order BYTEORDER.NTOH.RECV Missed conversion from network to host byte order |
| POS44-C(L3) |
MISRA.INCL.SIGNAL.2012 The standard header file signal.h shall not be used |
| POS47-C(L3) |
CERT.POS.THREAD.ASYNC_CANCEL Do not use threads that can be canceled asynchronously |
| POS51-C(L3) |
CONC.DL Deadlock CONC.NO_UNLOCK Missing unlock for variable |
| POS52-C(L3) |
CONC.SLEEP Function may block in critical section |
| POS54-C(L1) |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| PRE30-C(L3) |
MISRA.DEFINE.SHARP # or ## operator in a macro definition |
| PRE31-C(L2) |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| PRE32-C(L3) |
MISRA.EXPANSION.DIRECTIVE Directive-like tokens within a macro argument |
| SIG31-C(L1) |
CERT.SIG.SIG_HANDLER.SHARED_OBJ Do not access shared object in signal handlers CERT.SIG.SIG_HANDLER.SHARED_OBJ.HEAP Do not access shared object in signal handlers CERT.SIG.SIG_HANDLER.SHARED_OBJ.MIGHT Do not access shared object in signal handlers |
| SIG34-C(L3) |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| SIG35-C(L3) |
CERT.STDLIB.SIGNAL Do not return from a computational exception signal handler |
| STR30-C(L2) |
CERT.STR.ARG.CONST_TO_NONCONST Do not pass a const char pointer to a non-const char pointer argument CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer |
| STR31-C(L2) |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| STR32-C(L1) |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| STR34-C(L2) |
CXX.CAST.SIGNED_CHAR_TO_INTEGER Cast char to unsigned char before converting to larger integer sizes |
| STR37-C(L3) |
AUTOSAR.STDLIB.CCTYPE.UCHAR Arguments to character-handling functions defined in <cctype> shall be representable as an unsigned char |
| STR38-C(L1) |
CXX.DIFF.WIDTH.STR_AND_FUNC Implicit cast between narrow and wide character string while calling function |
| STR50-CPP(L2) |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input |
| STR51-CPP(L1) |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| and check errno only after the function returns a value indicating failure |
CXX.ERRNO.INCORRECTLY_CHECKED Errno condition check not required after calling library function CXX.ERRNO.NOT_CHECKED Errno condition check is missing after calling library function CXX.ERRNO.NOT_SET Errno is not reset to zero before calling library function |
| and iterators to reference elements of a container |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| pointers |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.