directive MC3R1.D4.5 (advisory)
Identifiers in the same name space with overlapping visibility should be typographically unambiguous
directive MC3R1.D4.10 (required)
directive MC3R1.D4.11 (required)
The validity of values passed to library functions shall be checked
directive MC3R1.D4.13 (advisory)
parser B.PARSER
reporter B.REPORT.ECB
reporter B.REPORT.ERR
Output B.PARSER error reports in plain text to standard error
rule B.BUGFIND.apiModeling.Errno
Make the special value 'errno' available to other checkers
rule B.BUGFIND.apiModeling.StdCLibraryFunctions
Improve modeling of the C standard library functions
rule B.BUGFIND.apiModeling.TrustNonnull
Trust that returns from framework methods annotated with _Nonnull are not null
rule B.BUGFIND.apiModeling.TrustReturnsNonnull
Trust that returns from methods annotated with returns_nonnull are not null
rule B.BUGFIND.apiModeling.google.GTest
rule B.BUGFIND.apiModeling.llvm.CastValue
Model implementation of custom RTTIs
rule B.BUGFIND.apiModeling.llvm.ReturnValue
Model the guaranteed boolean return value of function calls
rule B.BUGFIND.core.BoolAssignment
Warn about assigning non-{0,1} values to Boolean variables
rule B.BUGFIND.core.C11Lock
rule B.BUGFIND.core.CallAndMessage
Check for logical errors for function calls (e.g., uninitialized arguments, null function pointers)
rule B.BUGFIND.core.CallAndMessageModeling
rule B.BUGFIND.core.CastSize
Check when casting a malloc'ed type T, whether the size is a multiple of the size of T
rule B.BUGFIND.core.CastToStruct
Check for cast from non-struct pointer to struct pointer
rule B.BUGFIND.core.Conversion
Loss of sign/precision in implicit conversions
rule B.BUGFIND.core.DivideZero
rule B.BUGFIND.core.DynamicTypeChecker
Check for cases where the dynamic and the static type of an object are unrelated
rule B.BUGFIND.core.DynamicTypePropagation
Generate dynamic type information
rule B.BUGFIND.core.FixedAddr
Check for assignment of a fixed address to a pointer
rule B.BUGFIND.core.IdenticalExpr
Warn about unintended use of identical expressions in operators
rule B.BUGFIND.core.NonNullParamChecker
rule B.BUGFIND.core.NonnilStringConstants
Assume that const string-like globals are non-null
rule B.BUGFIND.core.NullDereference
Check for dereferences of null pointers
rule B.BUGFIND.core.PointerArithm
Check for pointer arithmetic on locations other than array elements
rule B.BUGFIND.core.PointerSub
Check for pointer subtractions on two pointers pointing to different memory chunks
rule B.BUGFIND.core.PthreadLockBase
Helper registering multiple checks
rule B.BUGFIND.core.SizeofPtr
Warn about unintended use of sizeof() on pointer expressions
rule B.BUGFIND.core.StackAddrEscapeBase
Generate information about stack address escapes
rule B.BUGFIND.core.StackAddressAsyncEscape
Check that addresses to stack memory do not escape the function
rule B.BUGFIND.core.StackAddressEscape
Check that addresses to stack memory do not escape the function
rule B.BUGFIND.core.TestAfterDivZero
rule B.BUGFIND.core.UndefinedBinaryOperatorResult
Check for undefined results of binary operators
rule B.BUGFIND.core.VLASize
Check for declarations of VLA of undefined or zero size
rule B.BUGFIND.core.builtin.BuiltinFunctions
Evaluate compiler builtin functions (e.g., alloca())
rule B.BUGFIND.core.builtin.NoReturnFunctions
Evaluate "panic" functions that are known to not return to the caller
rule B.BUGFIND.core.uninitialized.ArraySubscript
Check for uninitialized values used as array subscripts
rule B.BUGFIND.core.uninitialized.Assign
Check for assigning uninitialized values
rule B.BUGFIND.core.uninitialized.Branch
Check for uninitialized values used as branch conditions
rule B.BUGFIND.core.uninitialized.CapturedBlockVariable
Check for blocks that capture uninitialized values
rule B.BUGFIND.core.uninitialized.NewArraySize
Check if the size of the array in a new[] expression is undefined
rule B.BUGFIND.core.uninitialized.UndefReturn
Check for uninitialized values being returned to the caller
rule B.BUGFIND.cplusplus.ContainerModeling
rule B.BUGFIND.cplusplus.DeleteWithNonVirtualDtor
Reports destructions of polymorphic objects with a non-virtual destructor in their base class
rule B.BUGFIND.cplusplus.EnumCastOutOfRange
Check integer to enumeration casts for out of range values
rule B.BUGFIND.cplusplus.InnerPointer
Check for inner pointers of C++ containers used after re/deallocation
rule B.BUGFIND.cplusplus.InvalidatedIterator
Check for use of invalidated iterators
rule B.BUGFIND.cplusplus.IteratorModeling
Models iterators of C++ containers
rule B.BUGFIND.cplusplus.IteratorRange
Check for iterators used outside their valid ranges
rule B.BUGFIND.cplusplus.MismatchedIterator
rule B.BUGFIND.cplusplus.Move
Find use-after-move bugs in C++
rule B.BUGFIND.cplusplus.NewDelete
Check for double-free and use-after-free problems. Traces memory managed by new/delete
rule B.BUGFIND.cplusplus.NewDeleteLeaks
Check for memory leaks. Traces memory managed by new/delete
rule B.BUGFIND.cplusplus.PlacementNew
Check if default placement new is provided with pointers to sufficient storage capacity
rule B.BUGFIND.cplusplus.PureVirtualCall
Check pure virtual function calls during construction/destruction
rule B.BUGFIND.cplusplus.STLAlgorithmModeling
Models the algorithm library of the C++ STL
rule B.BUGFIND.cplusplus.SelfAssignment
Checks C++ copy and move assignment operators for self assignment
rule B.BUGFIND.cplusplus.SmartPtr
Find the dereference of null SmrtPtr
rule B.BUGFIND.cplusplus.SmartPtrModeling
Model behavior of C++ smart pointers
rule B.BUGFIND.cplusplus.StringChecker
rule B.BUGFIND.cplusplus.UninitializedObject
Reports uninitialized fields after object construction
rule B.BUGFIND.cplusplus.VirtualCall
Check virtual function calls during construction/destruction
rule B.BUGFIND.cplusplus.VirtualCallModeling
Auxiliary modeling for the virtual method call checkers
rule B.BUGFIND.deadcode.DeadStores
Check for values stored to variables that are never read afterwards
rule B.BUGFIND.deadcode.UnreachableCode
rule B.BUGFIND.nondeterminism.PointerIteration
Checks for non-determinism caused by iteration of unordered containers of pointers
rule B.BUGFIND.nondeterminism.PointerSorting
Check for non-determinism caused by sorting of pointers
rule B.BUGFIND.nullability.NullPassedToNonnull
Warns when a null pointer is passed to a pointer which has a _Nonnull type
rule B.BUGFIND.nullability.NullReturnedFromNonnull
Warns when a null pointer is returned from a function that has _Nonnull return type
rule B.BUGFIND.nullability.NullabilityBase
Stores information during the analysis about nullability
rule B.BUGFIND.nullability.NullableDereferenced
Warns when a nullable pointer is dereferenced
rule B.BUGFIND.nullability.NullablePassedToNonnull
Warns when a nullable pointer is passed to a pointer which has a _Nonnull type
rule B.BUGFIND.nullability.NullableReturnedFromNonnull
Warns when a nullable pointer is returned from a function that has _Nonnull return type
rule B.BUGFIND.performance.GCDAntipattern
Check for performance anti-patterns when using Grand Central Dispatch
rule B.BUGFIND.performance.Padding
Check for excessively padded structs
rule B.BUGFIND.portability.UnixAPI
Finds implementation-defined behavior in UNIX/Posix functions
rule B.BUGFIND.security.ArrayBound
rule B.BUGFIND.security.ArrayBoundV2
rule B.BUGFIND.security.FloatLoopCounter
Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)
rule B.BUGFIND.security.MallocOverflow
Check for overflows in the arguments to malloc()
rule B.BUGFIND.security.MmapWriteExec
Warn on mmap() calls that are both writable and executable
rule B.BUGFIND.security.ReturnPtrRange
Check for an out-of-bound pointer being returned to callers
rule B.BUGFIND.security.cert.env.InvalidPtr
Finds usages of possibly invalidated pointers
rule B.BUGFIND.security.cert.pos.34c
Finds calls to the 'putenv' function which pass a pointer to an automatic variable as the argument
rule B.BUGFIND.security.insecureAPI.DeprecatedOrUnsafeBufferHandling
Warn on uses of unsecure or deprecated buffer manipulating functions
rule B.BUGFIND.security.insecureAPI.SecuritySyntaxChecker
Base of various security function related checkers
rule B.BUGFIND.security.insecureAPI.UncheckedReturn
Warn on uses of functions whose return values must be always checked
rule B.BUGFIND.security.insecureAPI.bcmp
Warn on uses of the 'bcmp' function
rule B.BUGFIND.security.insecureAPI.bcopy
Warn on uses of the 'bcopy' function
rule B.BUGFIND.security.insecureAPI.bzero
Warn on uses of the 'bzero' function
rule B.BUGFIND.security.insecureAPI.getpw
Warn on uses of the 'getpw' function
rule B.BUGFIND.security.insecureAPI.gets
Warn on uses of the 'gets' function
rule B.BUGFIND.security.insecureAPI.mkstemp
Warn when 'mkstemp' is passed fewer than 6 X's in the format string
rule B.BUGFIND.security.insecureAPI.mktemp
Warn on uses of the 'mktemp' function
rule B.BUGFIND.security.insecureAPI.rand
Warn on uses of the 'rand', 'random', and related functions
rule B.BUGFIND.security.insecureAPI.strcpy
Warn on uses of the 'strcpy' and 'strcat' functions
rule B.BUGFIND.security.insecureAPI.vfork
Warn on uses of the 'vfork' function
rule B.BUGFIND.security.taint.TaintPropagation
Generate taint information used by other checkers
rule B.BUGFIND.unix.API
Check calls to various UNIX/Posix functions
rule B.BUGFIND.unix.BlockInCriticalSection
Check for calls to blocking functions inside a critical section
rule B.BUGFIND.unix.Chroot
rule B.BUGFIND.unix.DynamicMemoryModeling
rule B.BUGFIND.unix.Errno
Check for improper use of 'errno'
rule B.BUGFIND.unix.Malloc
rule B.BUGFIND.unix.MallocSizeof
Check for dubious malloc arguments involving sizeof
rule B.BUGFIND.unix.MismatchedDeallocator
Check for mismatched deallocators
rule B.BUGFIND.unix.PthreadLock
rule B.BUGFIND.unix.SimpleStream
Check for misuses of stream APIs
rule B.BUGFIND.unix.StdCLibraryFunctionArgs
rule B.BUGFIND.unix.Stream
Check stream handling functions
rule B.BUGFIND.unix.Vfork
Check for proper usage of vfork
rule B.BUGFIND.unix.cstring.BadSizeArg
Check the size argument passed into C string functions for common erroneous patterns
rule B.BUGFIND.unix.cstring.BufferOverlap
Checks for overlap in two buffer arguments
rule B.BUGFIND.unix.cstring.CStringModeling
rule B.BUGFIND.unix.cstring.NotNullTerminated
Check for arguments which are not null-terminating strings
rule B.BUGFIND.unix.cstring.NullArg
Check for null pointers being passed as arguments to C string functions
rule B.BUGFIND.unix.cstring.OutOfBounds
Check for out-of-bounds access in string functions
rule B.BUGFIND.unix.cstring.UninitializedRead
Checks if the string manipulation function would read uninitialized bytes
rule B.BUGFIND.valist.CopyToSelf
Check for va_lists which are copied onto itself
rule B.BUGFIND.valist.Uninitialized
Check for usages of uninitialized (or already released) va_lists
rule B.BUGFIND.valist.Unterminated
Check for va_lists which are not released by a va_end call
rule B.BUGFIND.valist.ValistBase
Gathers information about va_lists
rule B.MACREXPR
rule B.TROJANSOURCE
Source code shall not contain underhanded UTF-8 characters
rule MC3R1.R1.1 (required)
rule MC3R1.R1.3 (required)
There shall be no occurrence of undefined or critical unspecified behaviour
rule MC3R1.R5.1 (required)
External identifiers shall be distinct
rule MC3R1.R5.2 (required)
Identifiers declared in the same scope and name space shall be distinct
rule MC3R1.R5.4 (required)
Macro identifiers shall be distinct
rule MC3R1.R6.1 (required)
Bit-fields shall only be declared with an appropriate type
rule MC3R1.R8.5 (required)
An external object or function shall be declared once in one and only one file
rule MC3R1.R8.6 (required)
An identifier with external linkage shall have exactly one external definition
rule MC3R1.R8.10 (required)
An inline function shall be declared with the `static' storage class
rule MC3R1.R9.1 (mandatory)
The value of an object with automatic storage duration shall not be read before it has been set
rule MC3R1.R9.4 (required)
An element of an object shall not be initialized more than once
rule MC3R1.R13.1 (required)
Initializer lists shall not contain persistent side effects
rule MC3R1.R13.2 (required)
rule MC3R1.R16.7 (required)
A switch-expression shall not have essentially Boolean type
rule MC3R1.R17.4 (mandatory)
rule MC3R1.R17.5 (advisory)
rule MC3R1.R18.1 (required)
rule MC3R1.R18.2 (required)
rule MC3R1.R18.3 (required)
rule MC3R1.R18.6 (required)
rule MC3R1.R19.1 (mandatory)
An object shall not be assigned or copied to an overlapping object
rule MC3R1.R20.2 (required)
rule MC3R1.R20.3 (required)
The `#include' directive shall be followed by either a `<filename>' or `"filename"' sequence
rule MC3R1.R20.4 (required)
A macro shall not be defined with the same name as a keyword
rule MC3R1.R20.6 (required)
Tokens that look like a preprocessing directive shall not occur within a macro argument
rule MC3R1.R21.1 (required)
`#define' and `#undef' shall not be used on a reserved identifier or reserved macro name
rule MC3R1.R21.2 (required)
A reserved identifier or reserved macro name shall not be declared
rule MC3R1.R21.13 (mandatory)
rule MC3R1.R21.14 (required)
The Standard Library function `memcmp' shall not be used to compare null terminated strings
rule MC3R1.R21.17 (mandatory)
rule MC3R1.R21.18 (mandatory)
The `size_t' argument passed to any function in `<string.h>' shall have an appropriate value
rule MC3R1.R21.19 (mandatory)
rule MC3R1.R21.20 (mandatory)
rule MC3R1.R22.2 (mandatory)
A block of memory shall only be freed if it was allocated by means of a Standard Library function
rule MC3R1.R22.4 (mandatory)
There shall be no attempt to write to a stream which has been opened as read-only
rule MC3R1.R22.6 (mandatory)
The value of a pointer to a `FILE' shall not be used after the associated stream has been closed
rule MC3R1.R22.8 (required)
The value of `errno' shall be set to zero prior to a call to an errno-setting-function
rule MC3R1.R22.10 (mandatory)
rule MC3R1.R20.11 (required)
rule MC3R1.R20.13 (required)
A line whose first token is `#' shall be a valid preprocessing directive
rule MC3R1.R20.14 (required)
tool B.CBT
Tag reports using ECLAIR style comments
tool B.EXPLAIN
tool B.TOOLCHAIN
ECLAIR shall be able to retrieve toolchain information from the toolchain itself