JSF AV C++ IDs
The table below maps the Joint Strike Fighter Air Vehicle C++ coding standard to Klocwork C++ checkers. The Joint Strike Fighter Air Vehicle C++ coding standard, developed by Lockheed Martin, helps programmers develop error-free code for safety-critical systems.
| Rule | Checker name and description |
|---|---|
| 11 |
MISRA.CHAR.TRIGRAPH Trigraph usage |
| 12 |
MISRA.CHAR.DIGRAPH Digraph usage |
| 13 |
AUTOSAR.TYPE.WCHAR_T Type wchar_t shall not be used |
| 14 |
MISRA.LITERAL.SUFFIX.CASE Literal suffix in lower case. |
| 17 |
MISRA.STDLIB.ERRNO Use of error indicator 'errno' |
| 18 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage |
| 19 |
AUTOSAR.SETLOCALE The library <clocale> (locale.h) and the setlocale function shall not be used |
| 20 |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| 21 |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| 22 |
MISRA.STDLIB.STDIO Use of input/output library stdio.h in production code |
| 23 |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h |
| 24 |
MISRA.STDLIB.ABORT Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h |
| 25 |
MISRA.STDLIB.TIME Use of the time handling functions of library time.h |
| 26 |
MISRA.ELIF.COND.NOT_BOOL.2012 #elif condition is not 0 or 1 MISRA.ELIF.DEFINED Incorrect 'defined' usage in #elif directive MISRA.ELIF.UNDEF Undefined macros in #elif directive MISRA.ELIF.WRAPAROUND Wrap-around in #elif directive MISRA.EXPANSION.DIRECTIVE Directive-like tokens within a macro argument MISRA.IF.COND.NOT_BOOL.2012 #if condition is not 0 or 1 MISRA.IF.DEFINED Incorrect 'defined' usage in #if directive MISRA.IF.UNDEF Undefined macros in #if directive MISRA.IF.WRAPAROUND Wrap-around in #if directive MISRA.UNDEF Undef usage MISRA.USE.EXPANSION Macro expansion MISRA.USE.UNKNOWNDIR Unknown preprocessor directive is used MISRA.USE.WRONGDIR Improper preprocessor directive |
| 27 |
MISRA.INCGUARD Include guard is not provided MISRA.USE.DEFINE Non-guarding macro definition |
| 28 |
MISRA.USE.DEFINE Non-guarding macro definition |
| 29 |
MISRA.DEFINE.FUNC Function-like macro definition |
| 30 |
MISRA.DEFINE.BADEXP.CPP Inappropriate macro expansion in a C++ source |
| 31 |
MISRA.USE.DEFINE Non-guarding macro definition |
| 32 |
MISRA.USE.DEFINE Non-guarding macro definition |
| 33 |
MISRA.INCL.BAD Non-standard include directive |
| 35 |
MISRA.INCGUARD Include guard is not provided |
| 36 | |
| 37 | |
| 39 |
MISRA.ONEDEFRULE.FUNC Global function definition in a header file MISRA.ONEDEFRULE.VAR Global variable definition in a header file |
| 40 |
CWARN.INCL.NO_INTERFACE Source file does not include its interface header |
| 42 |
AUTOSAR.STYLE.SINGLE_STMT_PER_LINE Each expression statement and identifier declaration shall be placed on a separate line |
| 46 |
MISRA.DEFINE.NOT_DISTINCT.C99.2012 Identifier name is too long |
| 53.1 |
MISRA.INCL.SYMS Non-standard characters in header file names |
| 57 |
JSF.ORDER.ACCESS_SPEC The public, protected, and private sections of a class will be declared in that order |
| 59 |
MISRA.IF.NO_COMPOUND The body of if/else statement is not a compound statement |
| 67 |
MISRA.MEMB.NOT_PRIVATE Member variable in non-POD class is not private |
| 69 |
MISRA.MEMB.NON_CONST Non-const member function does not change any member variables |
| 70 |
AUTOSAR.FRIEND_DECL Friend declarations shall not be used |
| 70.1 |
AUTOSAR.DTOR.NON_VIRTUAL If a public destructor of a class is non-virtual, then the class should be declared final |
| 71 |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible |
| 71.1 |
MISRA.CTOR.DYNAMIC Object's dynamic type is used from the body of its constructor |
| 74 |
AUTOSAR.CTOR.NSDMI_INIT_LIST Both NSDMI and a non-static member initializer in a constructor shall not be used in the same type |
| 75 |
CWARN.MEMBER.INIT.ORDER Members of the initialization list are not listed in the order in which they are declared in the class |
| 76 |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor |
| 77 |
MISRA.CTOR.BASE Constructor does not explicitly call constructor of its base class UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor |
| 77.1 |
JSF.MBR.SIG.MATCHES.COPY_CSTR The definition of a member function shall not contain default arguments that produce a signature identical to that of the implicitly-declared copy constructor |
| 78 |
CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor CWARN.DTOR.NONVIRT.NOTEMPTY Class has virtual functions inherited from a base class, but its destructor is not virtual and not empty |
| 79 |
CL.MLK Memory Leak - in destructor CL.MLK.VIRTUAL Memory Leak - possible in destructor |
| 81 |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| 82 |
AUTOSAR.ASSIGN.RETURN An assignment operator shall return a reference to "this" |
| 84 |
MISRA.BIN_OP.OVERLOAD Comma, || or && operator overloaded MISRA.UN_OP.OVERLOAD Unary & operator is overloaded |
| 85 |
JSF.CLASS.DEFINE.OPPOSITE_OPERATOR When two operators are opposites (such as == and !=), both will be defined and one will be defined in terms of the other |
| 87 |
JSF.INHERITANCE.NON_ABSTRACT Hierarchies should be based on abstract classes |
| 88 |
MISRA.DERIVE.VIRTUAL Class is derived from virtual base MISRA.VIRTUAL.BASE.DIAMOND Base class is used as virtual not in diamond hierarchy |
| 89 |
MISRA.VIRTUAL.NOVIRTUAL Overriding virtual function declared with no 'virtual' keyword |
| 94 |
JSF.DERIVED.NON_VIRT.REDEFINED An inherited nonvirtual function shall not be redefined in a derived class |
| 95 |
MISRA.SAME.DEFPARAMS Overriding virtual function and the function it overrides have different default arguments |
| 96 |
JSF.CAST.DERIVED.ARRAY.FUNC.CALL Arrays shall not be treated polymorphically |
| 97 |
MISRA.FUNC.ARRAY.PARAMS Function argument with array type decay to a pointer |
| 98 |
MISRA.NS.GLOBAL Function, variable or type declaration in global namespace |
| 107 |
MISRA.OBJ.TYPE.COMPAT Type not compatible with type of other declaration |
| 108 |
MISRA.FUNC.VARARG Function with variable number of arguments |
| 109 |
AUTOSAR.FUNC.INLINE_DEF A function definition shall only be placed in a class definition if (1) the function is intended to be inlined (2); it is a member function template; (3) it is a member function of a class template |
| 111 |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| 112 |
MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak |
| 113 |
MISRA.RETURN.NOT_LAST Return is not the last statement in a function |
| 114 |
FUNCRET.GEN Non-void function does not return value |
| 115 |
MISRA.FUNC.UNUSEDRET Return value of a non-void function is not used |
| 117.1 |
MISRA.VAR.NEEDS.CONST Variable is not modified but is declared without const qualifier |
| 118.1 |
MISRA.PPARAM.NEEDS.CONST Pointer parameter is not used to modify the addressed object but is not declared as a pointer to const |
| 119 |
MISRA.FUNC.RECUR Recursive function |
| 135 |
MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope |
| 136 |
MISRA.VAR.MIN.VIS Name visibility is too wide |
| 138 |
MISRA.FUNC.STATIC.REDECL Function or object redeclaration does not include 'static' modifier MISRA.VAR.UNIQUE.STATIC Identifier with static storage specifier clashes with other identifier |
| 140 |
AUTOSAR.REGISTER The register keyword shall not be used |
| 141 |
AUTOSAR.DECL.IN_DEFN A class, structure, or enumeration shall not be declared in the definition of its type MISRA.CT.UNIQUE.ID Identifier clashes with tag name |
| 142 |
UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| 144 |
MISRA.INIT.BRACES Incorrect initializer braces placement. |
| 145 |
MISRA.ENUM.INIT Non-first enumerator is explicitly initialized, but not all elements are explicitly initialized. |
| 147 |
MISRA.FLOAT.BIT.REPR Use of bit manipulations of floating-point values which rely on storage layout |
| 149 |
MISRA.TOKEN.OCTAL.ESCAPE Usage of octal escape sequences MISRA.TOKEN.OCTAL.INT Usage of octal integer constants |
| 150 |
AUTOSAR.HEX.UPPER Hexadecimal constants should be upper case |
| 151.1 |
CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer |
| 152 |
MISRA.DECL.MANY_DCLS More than one declarator in one declaration |
| 153 |
MISRA.UNION Union is used |
| 154 |
MISRA.BITFIELD.SIGNED Length of a named signed bit-field is less than 2 MISRA.BITFIELD.TYPE.CPP Type of bit-field is neither bool, nor signed/unsigned integer MISRA.FIELD.BIT.ENUM Bit-field has enum type. |
| 156 |
JSF.UNNAMED.MEMBER All the members of a structure (or class) shall be named and shall only be accessed via their names |
| 157 |
MISRA.LOGIC.POSTFIX Operand in a logical 'and' or 'or' expression is not a postfix expression MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects |
| 158 |
MISRA.LOGIC.PRIMARY Operand in a logical 'and' or 'or' expression is not a primary expression |
| 159 |
MISRA.BIN_OP.OVERLOAD Comma, || or && operator overloaded MISRA.UN_OP.OVERLOAD Unary & operator is overloaded |
| 160 |
MISRA.ASSIGN.COND Assignment operator is used in a condition MISRA.ASSIGN.SUBEXPR Assignment operator is used in a sub-expression outside a condition |
| 162 |
MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness |
| 164 |
MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative |
| 164.1 |
MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative |
| 165 |
MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned |
| 166 |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| 168 |
MISRA.COMMA Comma operator is used |
| 169 |
JSF.POINTER_TO_POINTER Pointers to pointers should be avoided when possible |
| 170 |
MISRA.PTR.TO_PTR_TO_PTR Pointer declaration has more than two levels of indirection |
| 173 |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| 174 |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| 175 |
MISRA.LITERAL.NULL.PTR Literal zero used as the null-pointer-constant. |
| 176 |
JSF.FUNC.PTR.TYPEDEF A typedef will be used to simplify program syntax when declaring function pointers |
| 177 |
MISRA.CTOR.NOT_EXPLICIT Constructor with one argument of built-in type is not declared 'explicit' |
| 178 |
MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast' |
| 179 |
MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class |
| 180 |
MISRA.CONV.NUM.NARROWER Implicit numeric conversion to narrower type |
| 182 |
MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type |
| 184 |
MISRA.CONV.FLOAT Implicit floating-point conversion |
| 185 |
MISRA.C_CAST C-style cast to non-void type MISRA.FUNC_CAST Functional notation cast different from explicit constructor call |
| 186 |
UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return |
| 187 |
MISRA.STMT.NO_EFFECT The statement has no side effects, and does not change control flow |
| 188 |
JSF.LABEL Labels will not be used, except in switch statements |
| 189 |
AUTOSAR.GOTO The goto statement shall not be used |
| 190 |
MISRA.CONTINUE.ILL Continue statement is used in an ill-formed for loop |
| 191 |
JSF.BREAK The break statement shall not be used |
| 192 |
MISRA.IF.NO_ELSE A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause |
| 193 |
MISRA.SWITCH.NOT_WELL_FORMED Switch statement is not well-formed MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause |
| 194 |
MISRA.SWITCH.NODEFAULT No default clause at the end of a switch statement MISRA.SWITCH.NOT_WELL_FORMED Switch statement is not well-formed |
| 195 |
MISRA.SWITCH.BOOL Condition of switch statement is boolean expression |
| 196 |
MISRA.SWITCH.NOT_WELL_FORMED Switch statement is not well-formed MISRA.SWITCH.NO_CASE No case-clause in a switch statement |
| 197 |
MISRA.FOR.COUNTER.FLT For loop counter has a floating point type MISRA.FOR.COUNTER.MANY Many counters in a for loop |
| 198 |
MISRA.FOR.COUNTER.MANY Many counters in a for loop |
| 199 |
MISRA.FOR.COND.EQ ++ or -- operations are not used to change loop counter, but condition tests loop counter for equality MISRA.FOR.INCR For loop counter is modified in an inappropriate way MISRA.FOR.INCR.CHANGE For loop increment expression does not change loop counter |
| 200 |
JSF.LOOP.NULL.INIT_OR_INCR Null initialize or increment expressions in for loops will not be used |
| 201 |
MISRA.FOR.COND.CHANGE For loop counter is modified within the loop condition section MISRA.FOR.STMT.CHANGE For loop counter is modified within the loop statement |
| 202 |
MISRA.FLOAT_EQUAL Floating point expression is tested for equality |
| 203 |
NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound |
| 204 |
MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression |
| 204.1 |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| 205 |
AUTOSAR.TYPE.QUAL.VOLATILE The volatile type qualifier shall not be used |
| 206 |
AUTOSAR.OP.NEW_DELETE Non-placement new or delete expressions shall not be used AUTOSAR.STDLIB.MEMORY Functions malloc, calloc, realloc and free shall not be used FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| 207 |
JSF.UNENCAPSULATED.GLOBAL Unencapsulated global data will be avoided |
| 208 |
JSF.EXCEPTION C++ exceptions shall not be used |
| 209 |
AUTOSAR.BUILTIN_NUMERIC Fixed width integer types from <cstdint> shall be used in place of the basic numerical types PORTING.MACRO.NUMTYPE Macro describing a builtin numeric type is used |
| 210 |
PORTING.BITFIELDS Usage of bitfields within a structure PORTING.BSWAP.MACRO A custom byte swap macro is used without checking endian PORTING.BYTEORDER.SIZE An incompatible type is used with a network macro such as 'ntohl' |
| 210.1 |
JSF.CAST.MBR.ORDER.ACCESS_SPEC Algorithms shall not make assumptions concerning the order of allocation of nonstatic data members separated by an access specifier |
| 212 |
PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE Relational expression may be always true depending on 'char' type signedness |
| 213 |
MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions |
| 214 |
JSF.USE.STATIC.NON_LOCAL Assuming that non-local static objects, in separate translation units, are initialized in a special order shall not be done |
| 215 |
MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.