HKMC C++ Secure Coding Standard for Automotive Development

CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED  Do not destroy a mutex while it is locked

CONC.DL  Deadlock

CERT.CONC.WAKE_IN_LOOP  Wrap functions that can spuriously wake up in a loop

CERT.CONC.UNSAFE_COND_VAR  Preserve thread safety and liveness when using condition variables

ABV.ANY_SIZE_ARRAY  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION  Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY  Non-array object is used as an array

ABV.STACK  Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED  Buffer Overflow from Unvalidated Input

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

ITER.CONTAINER.MODIFIED  Use of invalid iterator

ITER.END.OUTPARAM.MIGHT  Use of 'end' as an output iterator

ITER.END.OUTPARAM.MUST  Use of 'end' as an output iterator

CXX.ITER.END.BEGIN  Iterator representing end of the range precedes start of range

ITER.INAPPROPRIATE  Use of iterator with inappropriate container object

ITER.INAPPROPRIATE.MULTIPLE  Use of iterator with inappropriate container object

ITER.ADVANCE.NONADJACENT  Advancing iterator by a distance of more than 1

MISRA.FUNC.VARARG  Function with variable number of arguments

MISRA.DEFINE.WRONGNAME  Usage of a name from the standard library for naming a macro

MISRA.DEFINE.WRONGNAME.UNDERSCORE  Usage of a reserved name for naming a macro

MISRA.STDLIB.WRONGNAME  Reused name of standard library macro, object or function

MISRA.STDLIB.WRONGNAME.UNDERSCORE  Usage of a reserved name for naming a language entity

MISRA.UNDEF.WRONGNAME  Undefinition of a name from the standard library

MISRA.UNDEF.WRONGNAME.UNDERSCORE  Undefinition of a reserved name

CERT.DCL.REF_TYPE.CONST_OR_VOLATILE  Never qualify a reference type with const or volatile

CERT.DCL.AMBIGUOUS_DECL  Do not write syntactically ambiguous declarations

CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC  Overload allocation and deallocation functions as a pair in the same scope

PORTING.STORAGE.STRUCT  Byte position of elements in a structure could depend on alignment and packing attributes.

CXX.STATIC.OBJ.RECURSION  Do not reenter function during initialization of static objects

MISRA.DTOR.THROW  Throw in destructor

CERT.DCL.STD_NS_MODIFIED  Do not modify the standard namespaces

MISRA.NAMESPACE.UNMD  Unnamed namespace in header file

AUTOSAR.ADD.ONEDEFRULE.FUNC  Function is violating one definition rule

AUTOSAR.ADD.ONEDEFRULE.VAR  Variable is violating one definition rule

MISRA.CT.UNIQUE.ID  Identifier clashes with tag name

MISRA.TYPE.NAMECLASH.CPP.2008  Identifier in one name space has same spelling as identifier in other name space

MISRA.TYPEDEF.NOT_UNIQUE  Typedef name is used for another entity

CERT.ERR.ABRUPT_TERM  Do not abruptly terminate the program

MISRA.STDLIB.LONGJMP  Use of setjmp macro or longjmp function

MISRA.CTOR.TRY.NON_STATIC  Function try/catch block of constructor or destructor references non-static members

MISRA.CATCH.NOALL  Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD  Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

CL.MLK  Memory Leak - in destructor

MLK.MIGHT  Memory Leak - possible

MLK.MUST  Memory Leak

MLK.RET.MIGHT  Memory Leak - possible

MLK.RET.MUST  Memory Leak

RH.LEAK  Resource leak

MISRA.CATCH.BY_VALUE  Exception object of class type is caught by value

CERT.ERR.CONV.STR_TO_NUM  Detect errors when converting a string to a number

CERT.EXPR.PARENS  The precedence of operators within expressions should be made explicit.

MISRA.EXPR.PARENS.INSUFFICIENT  Limited dependence required for operator precedence rules in expressions

MISRA.INCR_DECR.OTHER  Increment or decrement operator is mixed with other operators in expression

MISRA.INCR_DECR.SIDEEFF.2012  A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator

PORTING.VAR.EFFECTS  Variable used twice in one expression where one usage is subject to side-effects

CERT.EXPR.DELETE_ARR.BASE_PTR  Do not delete an array through a pointer of the incorrect type

MISRA.SIZEOF.SIDE_EFFECT  Operand of sizeof has side effects

UNINIT.CTOR.MIGHT  Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST  Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT  Uninitialized Heap Use - possible

UNINIT.HEAP.MUST  Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT  Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST  Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST  Partially Uninitialized Array

UNINIT.STACK.MIGHT  Uninitialized Variable - possible

UNINIT.STACK.MUST  Uninitialized Variable

CL.FFM.ASSIGN  Use of free memory (double free) - no operator=

CL.FFM.COPY  Use of free memory (double free) - no copy constructor

LOCRET.ARG  Function returns address of local variable

LOCRET.GLOB  Function returns address of local variable

LOCRET.RET  Function returns address of local variable

UFM.DEREF.MIGHT  Use of free memory (access) - possible

UFM.DEREF.MUST  Use of Freed Memory by Pointer

UFM.FFM.MIGHT  Use of free memory (double free) - possible

UFM.FFM.MUST  Freeing Freed Memory

UFM.RETURN.MIGHT  Use of freed memory (return) - possible

UFM.RETURN.MUST  Use of Freed Memory on Return

UFM.USE.MIGHT  Use of free memory - possible

UFM.USE.MUST  Use of Freed Memory

UNINIT.HEAP.MIGHT  Uninitialized Heap Use - possible

UNINIT.HEAP.MUST  Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT  Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST  Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST  Partially Uninitialized Array

UNINIT.STACK.MIGHT  Uninitialized Variable - possible

UNINIT.STACK.MUST  Uninitialized Variable

MISRA.CAST.CONST  Cast operation removes const or volatile modifier from a pointer or reference

CERT.VA_START.TYPE  Pass an object of the correct type to va_start

CERT.MEMCMP.PADDED_DATA  Do not compare padding data

RH.LEAK  Resource leak

UFM.DEREF.MIGHT  Use of free memory (access) - possible

UFM.DEREF.MUST  Use of Freed Memory by Pointer

UFM.FFM.MIGHT  Use of free memory (double free) - possible

UFM.FFM.MUST  Freeing Freed Memory

UFM.RETURN.MIGHT  Use of freed memory (return) - possible

UFM.RETURN.MUST  Use of Freed Memory on Return

UFM.USE.MIGHT  Use of free memory - possible

UFM.USE.MUST  Use of Freed Memory

CL.FMM  Freeing Mismatched Memory - in destructor

FMM.MIGHT  Freeing Mismatched Memory - possible

FMM.MUST  Freeing Mismatched Memory

CERT.MEM.OBJ_LIFETIME_CTOR  Uninitialized Heap Member Function Call

CERT.MEM.OBJ_LIFETIME_DTOR  Object with manually allocated memory not explicitly destroyed

CERT.MEM.PLACEMENTNEW.MISALIGNED  Provide placement new with properly aligned storage

CERT.MEM.PLACEMENTNEW.TOOSMALL  Provide placement new with sufficient storage

CERT.MEM.SMART_PTR.OWNED  Multiple smart pointer owners of pointer

CERT.MEM.SMART_PTR.OWNED.THIS  The underlying resource might be already owned by a non-related smart pointer

MLK.MIGHT  Memory Leak - possible

MLK.MUST  Memory Leak

MLK.RET.MIGHT  Memory Leak - possible

MLK.RET.MUST  Memory Leak

CERT.MSC.STD_RAND_CALL  Do not use std::rand() for generating pseudorandom numbers

AUTOSAR.STDLIB.RANDOM.NBR_GEN_DEFAULT_INIT  Random number engines shall not be default-initialized

CERT.MSC.SEED_RANDOM  Properly seed pseudorandom number generators

FUNCRET.GEN  Non-void function does not return value

CERT.MSC.NORETURN_FUNC_RETURNS  Do not return from a function declared [[noreturn]]

LOCRET.ARG  Function returns address of local variable

LOCRET.GLOB  Function returns address of local variable

LOCRET.RET  Function returns address of local variable

CERT.OOP.CTOR.VIRTUAL_FUNC  Do not invoke virtual functions from constructors or destructors

CL.MLK.VIRTUAL  Memory Leak - possible in destructor

CWARN.DTOR.NONVIRT.DELETE  Delete expression for an object of a class with virtual methods and no virtual destructor

CERT.OOP.CTOR.INIT_ORDER  Write constructor member initializers in the canonical order

CL.SELF-ASSIGN  Use of free memory (double free) - in operator=

CERT.OOP.PTR_MEMBER.NO_MEMBER  Do not use pointer-to-member operators to access nonexistent members

CERT.OOP.CSTD_FUNC_USE  Prefer special member functions and overloaded operators to C Standard Library functions

CERT.OOP.COPY_MUTATES  Copy operations must not mutate the source object

CXX.STATIC.OBJ.FINAL  Initialized public static field not mark as final

CXX.MEMBER.IMPORTANT.PRIVATE  Important member data shall be private

CXX.MEMBER.CRITICAL.PUBLIC.METHOD  Critical private member data shall not be directly writable by a public method

NNTS.MIGHT  Buffer Overflow - Non-null Terminated String

NNTS.MUST  Buffer Overflow - Non-null Terminated String

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.UNBOUND_STRING_INPUT.CIN  Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC  Usage of unbounded string input

ITER.CONTAINER.MODIFIED  Use of invalid iterator