Logo
1.800.487.3217
info@roguewave.com
Need Support Click here
Skip to main content
  • Home
  • Support
  • Videos

Search

  • Release notes
    • What's new in Klocwork 2020.4
      • What's new in Klocwork 2020.3
      • What's new in Klocwork 2020.2
      • What's new in Klocwork 2020.1
    • Fixed issues in Klocwork 2020.4
      • Fixed issues in Klocwork 2020.3
      • Fixed issues in Klocwork 2020.2
      • Fixed issues in Klocwork 2020.1
    • Limitations
  • System Requirements
    • Supported platforms
    • Disk space requirements
    • Processor and RAM requirements
    • Java Virtual Machine requirements
    • Ports used by the Klocwork servers
    • Supported IDEs
    • Supported continuous integration servers
    • Supported browsers
    • Supported source code management systems for Klocwork Code Review
    • Supported Java build tools
    • C/C++ compilers supported for build integration
    • Supported C++ language specifications
    • Supported C# language specifications
    • Supported Java language specifications
    • Application servers supported by Klocwork JSP scanning
    • Supported versions of Flex Net Publisher
    • Supported versions of MariaDB
    • Supported LDAP servers
  • Install
    • About the Klocwork packages and components
    • Upgrading from a previous version
      • Import your existing projects into a new projects root
        • Validate your database (mandatory)
      • Migrate your projects_root directory
    • Installing Klocwork
      • Installing the Klocwork Server package on Windows
      • Installing the Klocwork Server package on Windows -- Upgrade only
      • Installing the Klocwork Server package on Linux
      • Installing the Klocwork Server package on Linux -- Upgrade only
      • Installing the Build Tools package
      • Installing the Build Tools package -- Upgrade only
      • Installing the continuous integration (kwciagent) package
      • Klocwork Server Configuration for Mac/AIX/Solaris
      • Downloading and deploying the desktop analysis plug-ins
      • Downloading and deploying additional resources to your Klocwork Portal
      • Installing a desktop analysis plug-in
        • Install your plug-in
        • Installing the Klocwork plug-in from the Eclipse update site
        • Installing the IntelliJ IDEA/Android Studio/CLion plugins
        • Installing the Visual Studio Code extension
        • Troubleshooting
    • Running a custom installation for new or upgraded IDEs
    • Installing the Distributed Analysis package
    • Unattended installation on Windows
    • After you install
      • Testing your installation
      • Troubleshooting your installation
      • What to communicate to the team
    • Uninstalling Klocwork
  • Administer and Deploy
    • Klocwork Administration
      • Managing the Klocwork Servers
      • Moving or creating additional projects root directories
        • Moving a projects_root directory
        • Creating an additional projects_root directory
        • Licensing with multiple projects_root directories
        • Example: Setting up multiple projects_root directories
        • Special steps for Windows
        • What's next?
      • Cross-version support for builds
      • Viewing and changing Klocwork server settings
      • Optimizing server performance
      • Server log files
      • Licensing
        • Get a license
        • Changing the vendor daemon port in your license file
        • How licensing works
          • Web service license
        • Reserving licenses
        • Finding out how many licenses are in use
        • Switching the licensing debug log to reduce file size
        • Releasing stuck licenses
        • Resolving conflicts with other tools that use FlexNet Publisher licensing
        • Using your organization's FlexNet Publisher server
        • Setting up redundant license servers
      • Security and permissions
        • Setting up access control
          • Setting up single sign-on
          • Setting up LDAP access control
          • Setting up NIS access control
          • Setting up Basic access control
          • Authentication using the ltoken
        • Enabling access to Klocwork projects
        • Using a secure Klocwork Server connection
        • Setting a password for the Klocwork database
        • Permissions for Klocwork administrators and build engineers
        • Permissions for users
      • Integrating bug tracking with Klocwork Static Code Analysis
        • Creating the Python script
        • Displaying links and comments from the bug tracker
      • Improving database performance
      • Backing up Klocwork data
      • Klocwork support for non-ASCII encoding
      • Configuring email notifications
      • Configuration files you can edit
    • Deployment
      • Deployment questions
      • Deployment Phase I - Deployment decisions
      • Deployment Phase I worksheet
      • Deployment Phase II - Implementation steps
      • Deployment Phase II worksheet
      • Deployment Phase III - Expanding Klocwork usage
      • Deployment Phase III worksheet
  • Checkers
    • C and C++ checker reference
      • Attempt to use Memory after Free
        • CL.FFM.ASSIGN
        • CL.FFM.COPY
        • CL.SELF-ASSIGN
        • CL.SHALLOW.ASSIGN
        • CL.SHALLOW.COPY
        • LOCRET.ARG
        • LOCRET.GLOB
        • LOCRET.RET
        • UFM.DEREF.MIGHT
        • UFM.DEREF.MUST
        • UFM.FFM.MIGHT
        • UFM.FFM.MUST
        • UFM.RETURN.MIGHT
        • UFM.RETURN.MUST
        • UFM.USE.MIGHT
        • UFM.USE.MUST
      • Banned recommended APIs
        • SV.BANNED.RECOMMENDED.ALLOCA
        • SV.BANNED.RECOMMENDED.NUMERIC
        • SV.BANNED.RECOMMENDED.OEM
        • SV.BANNED.RECOMMENDED.PATH
        • SV.BANNED.RECOMMENDED.SCANF
        • SV.BANNED.RECOMMENDED.SPRINTF
        • SV.BANNED.RECOMMENDED.STRLEN
        • SV.BANNED.RECOMMENDED.TOKEN
        • SV.BANNED.RECOMMENDED.WINDOW
      • Banned required APIs
        • SV.BANNED.REQUIRED.CONCAT
        • SV.BANNED.REQUIRED.COPY
        • SV.BANNED.REQUIRED.GETS
        • SV.BANNED.REQUIRED.ISBAD
        • SV.BANNED.REQUIRED.SPRINTF
      • Buffer overflow
        • ABV.ANY_SIZE_ARRAY
        • ABV.GENERAL
        • ABV.ITERATOR
        • ABV.MEMBER
        • ABV.STACK
        • ABV.TAINTED
        • ABV.UNICODE.BOUND_MAP
        • ABV.UNICODE.FAILED_MAP
        • ABV.UNICODE.NNTS_MAP
        • ABV.UNICODE.SELF_MAP
        • ABV.UNKNOWN_SIZE
        • NNTS.MIGHT
        • NNTS.MUST
        • NNTS.TAINTED
        • RABV.CHECK
        • RN.INDEX
        • SV.FMT_STR.BAD_SCAN_FORMAT
        • SV.STRBO.BOUND_COPY.OVERFLOW
        • SV.STRBO.BOUND_COPY.UNTERM
        • SV.STRBO.BOUND_SPRINTF
        • SV.STRBO.UNBOUND_COPY
        • SV.STRBO.UNBOUND_SPRINTF
        • SV.UNBOUND_STRING_INPUT.CIN
        • SV.UNBOUND_STRING_INPUT.FUNC
      • C/C++ Warnings
        • CWARN.ALIGNMENT
        • CWARN.BITOP.SIZE
        • CWARN.COPY.NOASSIGN
        • CWARN.DTOR.NONVIRT.DELETE
        • CWARN.DTOR.NONVIRT.NOTEMPTY
        • CWARN.DTOR.VOIDPTR
        • CWARN.INCL.ABSOLUTE
        • CWARN.INCL.NO_INTERFACE
        • CWARN.MEM.NONPOD
        • CWARN.MEMBER.INIT.ORDER
        • CWARN.MOVE.CONST
        • CWARN.NOEFFECT.OUTOFRANGE
        • CWARN.NOEFFECT.SELF_ASSIGN
        • CWARN.NOEFFECT.UCMP.GE.MACRO
        • CWARN.NOEFFECT.UCMP.GE
        • CWARN.NOEFFECT.UCMP.LT.MACRO
        • CWARN.NOEFFECT.UCMP.LT
        • CWARN.NULLCHECK.FUNCNAME
        • CWARN.OVERRIDE.CONST
        • CWARN.PASSBYVALUE.ARG
        • CWARN.PASSBYVALUE.EXC
      • COM defects
        • BSTR.CAST.C
        • BSTR.CAST.CPP
        • BSTR.FUNC.ALLOC
        • BSTR.FUNC.FREE
        • BSTR.FUNC.LEN
        • BSTR.FUNC.REALLOC
        • BSTR.IA.ASSIGN
        • BSTR.IA.INIT
        • BSTR.OPS.ARITHM
        • BSTR.OPS.COMP
        • BSTR.OPS.EQS
      • Calculated values never used
        • VA_UNUSED.GEN
        • VA_UNUSED.INIT
      • Concurrency
        • CONC.DL
        • CONC.NO_UNLOCK
        • CONC.SLEEP
      • DNS spoofing
        • SV.BFC.USING_STRUCT
        • SV.USAGERULES.SPOOFING
      • Hard-coded credentials
        • HCC
        • HCC.PWD
        • HCC.USER
      • Ignored return values
        • SV.RVT.RETVAL_NOTTESTED
      • Improper memory deallocation
        • CL.FMM
        • FMM.MIGHT
        • FMM.MUST
        • FNH.MIGHT
        • FNH.MUST
        • FUM.GEN.MIGHT
        • FUM.GEN.MUST
      • Inappropriate iterator usage
        • ITER.CONTAINER.MODIFIED
        • ITER.END.DEREF.MIGHT
        • ITER.END.DEREF.MUST
        • ITER.INAPPROPRIATE.MULTIPLE
        • ITER.INAPPROPRIATE
      • Invalid Arithmetic Operations
        • DBZ.CONST
        • DBZ.CONST.CALL
        • DBZ.GENERAL
        • DBZ.ITERATOR
      • Localized string
        • LS.CALL
        • LS.CALL.STRING
      • Lowest possible privilege
        • SV.LPP.CONST
        • SV.LPP.VAR
        • SV.SIP.CONST
        • SV.SIP.VAR
      • Memory leaks
        • CL.MLK.VIRTUAL
        • CL.MLK.ASSIGN
        • CL.MLK
        • FREE.INCONSISTENT
        • MLK.MIGHT
        • MLK.MUST
        • MLK.RET.MIGHT
        • MLK.RET.MUST
      • Mismatched return types
        • CL.ASSIGN.NON_CONST_ARG
        • CL.ASSIGN.RETURN_CONST
        • CL.ASSIGN.VOID
        • FUNCRET.GEN
        • FUNCRET.IMPLICIT
        • RETVOID.GEN
        • RETVOID.IMPLICIT
        • VOIDRET
      • Null pointer dereference
        • NPD.CHECK.CALL.MIGHT
        • NPD.CHECK.CALL.MUST
        • NPD.CHECK.MIGHT
        • NPD.CHECK.MUST
        • NPD.CONST.CALL
        • NPD.CONST.DEREF
        • NPD.FUNC.CALL.MIGHT
        • NPD.FUNC.CALL.MUST
        • NPD.FUNC.MIGHT
        • NPD.FUNC.MUST
        • NPD.GEN.CALL.MIGHT
        • NPD.GEN.CALL.MUST
        • NPD.GEN.MIGHT
        • NPD.GEN.MUST
        • RNPD.CALL
        • RNPD.DEREF
      • Parse warning defects
        • CWARN.BAD.PTR.ARITH
        • CWARN.BOOLOP.INC
        • CWARN.CAST.VIRTUAL_INHERITANCE
        • CWARN.CMPCHR.EOF
        • CWARN.CONSTCOND.DO
        • CWARN.CONSTCOND.IF
        • CWARN.CONSTCOND.SWITCH
        • CWARN.CONSTCOND.TERNARY
        • CWARN.CONSTCOND.WHILE
        • CWARN.EMPTY.LABEL
        • CWARN.EMPTY.TYPEDEF
        • CWARN.FUNCADDR
        • CWARN.HIDDEN.PARAM
        • CWARN.IMPLICITINT
        • CWARN.INLINE.NONFUNC
        • CWARN.MEMSET.SIZEOF.PTR
        • CWARN.PACKED.TYPEDEF
        • CWARN.RET.MAIN
        • CWARN.SIGNEDBIT
      • Pipe hijacking
        • SV.PIPE.CONST
        • SV.PIPE.VAR
      • Porting issues
        • PORTING.BITFIELDS
        • PORTING.BSWAP.MACRO
        • PORTING.BYTEORDER.SIZE
        • PORTING.CAST.FLTPNT
        • PORTING.CAST.PTR.FLTPNT
        • PORTING.CAST.PTR.SIZE
        • PORTING.CAST.PTR
        • PORTING.CAST.SIZE
        • PORTING.CMPSPEC.EFFECTS.ASSIGNMENT
        • PORTING.CMPSPEC.TYPE.BOOL
        • PORTING.CMPSPEC.TYPE.LONGLONG
        • PORTING.MACRO.NUMTYPE
        • PORTING.OPTS
        • PORTING.PRAGMA.ALIGN
        • PORTING.PRAGMA.PACK
        • PORTING.SIGNED.CHAR
        • PORTING.STORAGE.STRUCT
        • PORTING.STRUCT.BOOL
        • PORTING.UNIONS
        • PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE
        • PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE
        • PORTING.UNSIGNEDCHAR.RELOP
        • PORTING.VAR.EFFECTS
      • Possible DLL hijacks
        • SV.DLLPRELOAD.NONABSOLUTE.DLL
        • SV.DLLPRELOAD.NONABSOLUTE.EXE
        • SV.DLLPRELOAD.SEARCHPATH
      • Print functions format
        • SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD
        • SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED
        • SV.FMT_STR.PRINT_IMPROP_LENGTH
        • SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW
        • SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY
        • SV.FMT_STR.UNKWN_FORMAT
      • Registry manipulation
        • SV.BRM.HKEY_LOCAL_MACHINE
      • Resource handling issues
        • RH.LEAK
        • SV.INCORRECT_RESOURCE_HANDLING.URH
        • SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS
      • Scan functions format
        • SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
        • SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
        • SV.FMT_STR.SCAN_IMPROP_LENGTH
        • SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW
        • SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY
        • SV.FMT_STR.UNKWN_FORMAT.SCAN
      • Speculative execution issues
        • SPECTRE.VARIANT1
      • Strong type checkers
        • STRONG.TYPE.ASSIGN
        • STRONG.TYPE.ASSIGN.ARG
        • STRONG.TYPE.ASSIGN.CONST
        • STRONG.TYPE.ASSIGN.INIT
        • STRONG.TYPE.ASSIGN.RETURN
        • STRONG.TYPE.ASSIGN.ZERO
        • STRONG.TYPE.EXTRACT
        • STRONG.TYPE.JOIN.CMP
        • STRONG.TYPE.JOIN.CONST
        • STRONG.TYPE.JOIN.EQ
        • STRONG.TYPE.JOIN.OTHER
        • STRONG.TYPE.JOIN.ZERO
      • Suspicious code practices
        • ASSIGCOND.CALL
        • ASSIGCOND.GEN
        • BYTEORDER.HTON.SEND
        • BYTEORDER.HTON.WRITE
        • BYTEORDER.NTOH.READ
        • BYTEORDER.NTOH.RECV
        • EFFECT
        • INCONSISTENT.LABEL
        • INCORRECT.ALLOC_SIZE
        • LA_UNUSED
        • NUM.OVERFLOW
        • PRECISION.LOSS.CALL
        • PRECISION.LOSS
        • SEMICOL
        • SV.CODE_INJECTION.SHELL_EXEC
        • SV.FIU.PROCESS_VARIANTS
        • SV.FMTSTR.GENERIC
        • SV.TOCTOU.FILE_ACCESS
        • SV.USAGERULES.PERMISSIONS
        • SV.USAGERULES.PROCESS_VARIANTS
        • UNUSED.FUNC.STL_EMPTY
        • UNUSED.FUNC.WARN
      • Unnecessary or missing includes
        • HA.DUPLICATE
        • HA.OPTIMIZE
        • HA.UNUSED
      • Unreachable code
        • INFINITE_LOOP.GLOBAL
        • INFINITE_LOOP.LOCAL
        • INFINITE_LOOP.MACRO
        • INVARIANT_CONDITION.GEN
        • INVARIANT_CONDITION.UNREACH
        • UNREACH.GEN
        • UNREACH.SIZEOF
        • UNUSED.FUNC.GEN
        • UNREACH.RETURN
      • Unused local variables
        • LV_UNUSED.GEN
      • Unvalidated user input
        • SV.STR_PAR.UNDESIRED_STRING_PARAMETER
        • SV.TAINTED.ALLOC_SIZE
        • SV.TAINTED.BINOP
        • SV.TAINTED.CALL.BINOP
        • SV.TAINTED.CALL.DEREF
        • SV.TAINTED.CALL.GLOBAL
        • SV.TAINTED.CALL.INDEX_ACCESS
        • SV.TAINTED.CALL.LOOP_BOUND
        • SV.TAINTED.DEREF
        • SV.TAINTED.FMTSTR
        • SV.TAINTED.GLOBAL
        • SV.TAINTED.INDEX_ACCESS
        • SV.TAINTED.INJECTION
        • SV.TAINTED.LOOP_BOUND
        • SV.TAINTED.PATH_TRAVERSAL
        • SV.TAINTED.SECURITY_DECISION
        • SV.TAINTED.XSS.REFLECTED
      • Use of uninitialized data
        • UNINIT.CTOR.MIGHT
        • UNINIT.CTOR.MUST
        • UNINIT.HEAP.MIGHT
        • UNINIT.HEAP.MUST
        • UNINIT.STACK.ARRAY.MIGHT
        • UNINIT.STACK.ARRAY.MUST
        • UNINIT.STACK.ARRAY.PARTIAL.MUST
        • UNINIT.STACK.MIGHT
        • UNINIT.STACK.MUST
      • Weak encryption
        • RCA
        • RCA.HASH.SALT.EMPTY
        • SV.PCC.CONST
        • SV.PCC.INVALID_TEMP_PATH
        • SV.PCC.MISSING_TEMP_CALLS.MUST
        • SV.PCC.MISSING_TEMP_FILENAME
        • SV.PCC.MODIFIED_BEFORE_CREATE
        • SV.WEAK_CRYPTO.WEAK_HASH
    • AUTOSAR community checker reference
    • CERT community C and C++ checker reference
      • CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED
      • CERT.CONC.UNSAFE_COND_VAR
      • CERT.CONC.WAKE_IN_LOOP
      • CERT.DCL.AMBIGUOUS_DECL
      • CERT.DCL.REF_TYPE.CONST_OR_VOLATILE
      • CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC
      • CERT.DCL.STD_NS_MODIFIED
      • CERT.ERR.ABRUPT_TERM
      • CERT.ERR.CONV.STR_TO_NUM
      • CERT.EXPR.DELETE_ARR.BASE_PTR
      • CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE
      • CERT.EXPR.PASS_NON_STD_LAYOUT
      • CERT.EXPR.VOLATILE.ADDR.PARAM
      • CERT.EXPR.VOLATILE.ADDR
      • CERT.EXPR.VOLATILE.PTRPTR
      • CERT.MEM.OVERRIDE.DELETE
      • CERT.MEM.OVERRIDE.NEW
      • CERT.MSC.NORETURN_FUNC_RETURNS
      • CERT.MSC.SIG_HANDLER.POF
      • CERT.MSC.STD_RAND_CALL
      • CERT.OOP.COPY_MUTATES
      • CERT.OOP.CSTD_FUNC_USE
      • CERT.OOP.CTOR.INIT_ORDER
      • CERT.OOP.PTR_MEMBER.NO_MEMBER
      • CERT.POS.THREAD.ASYNC_CANCEL
      • CERT.STR.ARG.CONST_TO_NONCONST
      • CERT.STR.ASSIGN.CONST_TO_NONCONST
    • Klocwork Quality Standard community C and C++ checker reference
      • CXX.BSTR.LITERAL
      • CXX.CWARN.DTOR.NONVIRT
      • CXX.CWARN.HARDCODED_LOOP_BOUND
      • CXX.CWARN.ITER.EXTERN
      • CXX.CWINAPP.INIT
      • CXX.FUNC.CSTRING.FORMAT
      • CXX.FUNC.MEMSET.BUILTIN
      • CXX.FUNC.T2OLE.LOOP
      • CXX.FUNC.T2OLE.RETURN
    • MISRA C:2012 with Amendment 2 (C11) checker reference
    • MISRA C:2012 with Amendment 1 checker reference
    • MISRA C:2012 checker reference
    • MISRA C:2012 community checker reference
    • MISRA C++:2008 checker reference
    • MISRA C:2004 checker reference
    • C# checker reference
      • CS.ASSIGN.SELF
      • CS.CMP.VAL.NULL
      • CS.CONSTCOND.DO
      • CS.CONSTCOND.IF
      • CS.CONSTCOND.SWITCH
      • CS.CONSTCOND.TERNARY
      • CS.CONSTCOND.WHILE
      • CS.CTOR.VIRTUAL
      • CS.DBZ.CONST
      • CS.DBZ.CONST.CALL
      • CS.DBZ.GENERAL
      • CS.DBZ.ITERATOR
      • CS.EMPTY.CATCH
      • CS.FLOAT.EQCHECK
      • CS.FRACTION.LOSS
      • CS.HIDDEN.MEMBER.LOCAL.CLASS
      • CS.HIDDEN.MEMBER.LOCAL.STRUCT
      • CS.HIDDEN.MEMBER.PARAM.CLASS
      • CS.HIDDEN.MEMBER.PARAM.STRUCT
      • CS.IFACE.EMPTY
      • CS.INFORMATION_EXPOSURE.ALL
      • CS.INFORMATION_EXPOSURE.ATTR
      • CS.LOOP.STR.CONCAT
      • CS.NPS
      • CS.NRE.CHECK.CALL.MIGHT
      • CS.NRE.CHECK.CALL.MUST
      • CS.NRE.CHECK.MIGHT
      • CS.NRE.CHECK.MUST
      • CS.NRE.CONST.CALL
      • CS.NRE.CONST.DEREF
      • CS.NRE.FUNC.CALL.MIGHT
      • CS.NRE.FUNC.CALL.MUST
      • CS.NRE.FUNC.MIGHT
      • CS.NRE.FUNC.MUST
      • CS.NRE.GEN.CALL.MIGHT
      • CS.NRE.GEN.CALL.MUST
      • CS.NRE.GEN.MIGHT
      • CS.NRE.GEN.MUST
      • CS.OVRD.EQUALS
      • CS.RCA
      • CS.RESOURCE.AUTOBOXING
      • CS.RESOURCE.LOOP
      • CS.RESOURCE.UNBOXING
      • CS.RLK
      • CS.RNRE
      • CS.SQL.INJECT.LOCAL
      • CS.SV.TAINTED.ALLOC_SIZE
      • CS.SV.TAINTED.BINOP
      • CS.SV.TAINTED.CALL.BINOP
      • CS.SV.TAINTED.CALL.GLOBAL
      • CS.SV.TAINTED.CALL.INDEX_ACCESS
      • CS.SV.TAINTED.CALL.LOOP_BOUND
      • CS.SV.TAINTED.CALL.LOOP_BOUND.RESOURCE
      • CS.SV.TAINTED.DESERIALIZATION
      • CS.SV.TAINTED.FMTSTR
      • CS.SV.TAINTED.GLOBAL
      • CS.SV.TAINTED.INDEX_ACCESS
      • CS.SV.TAINTED.INJECTION
      • CS.SV.TAINTED.LOOP_BOUND
      • CS.SV.TAINTED.LOOP_BOUND.RESOURCE
      • CS.SV.TAINTED.PATH_TRAVERSAL
      • CS.SV.USAGERULES.PERMISSIONS
      • CS.UNCHECKED.CAST
      • CS.UNCHECKED.LOOPITER.CAST
      • CS.WRONG.CAST
      • CS.WRONG.CAST.MIGHT
      • CS.WRONGSIG.CMPTO
      • CS.WRONGUSE.REFEQ
    • Klocwork Quality Standard community C# checker reference
      • CS.BANNED.CONSOLE_WRITE
      • CS.BANNED.GC_COLLECT
      • CS.BANNED.INVOKE
      • CS.BANNED.PARSE
      • CS.BOXING
      • CS.DB.CLOSE.FINALLY
      • CS.EXCEPT.NO_LOG
      • CS.EXCEPT.RETHROW
      • CS.EXPR.EQ.STR
      • CS.IDISP.DISPOSE
      • CS.IDISP.DTOR
      • CS.IDISP.USING
      • CS.LA_UNUSED
      • CS.LV_UNUSED.GEN
      • CS.MAGIC.CHAR
      • CS.MAGIC.NUMBER
      • CS.MAGIC.STRING
      • CS.MEMB.NOT_SERIALIZABLE
      • CS.METHOD.EMPTY
      • CS.METHOD.NEW
      • CS.METHOD.RETURN.REF_MEMBER
      • CS.METHOD.STRUCT.NO_REF_OUT
      • CS.METHOD.UNUSED_PRIVATE
      • CS.PROP.LOCK
      • CS.STMT.CONTROL.EMPTY
      • CS.STMT.DO.BLOCK
      • CS.STMT.FOR.BLOCK
      • CS.STMT.IFELSE.BLOCK
      • CS.STMT.WHILE.BLOCK
      • CS.SV.CRITICAL_CONST
      • CS.SV.CRITICAL_LVL
      • CS.SV.EXPOSED_FIELD
      • CS.SV.HIDDEN_FORM
      • CS.SV.LINK_DEMAND.INHERITANCE
      • CS.SV.LINK_DEMAND.LEVEL2
      • CS.SV.LINK_DEMAND.TRANSP
      • CS.SV.SER_CTOR
      • CS.SV.SQL_QUERY
      • CS.SV.TRANSP.ASSEMBLY_LOAD
      • CS.SV.TRANSP.ASSERT
      • CS.SV.TRANSP.CONFLICT
      • CS.SV.TRANSP.HPCE
      • CS.SV.TRANSP.SEC_DMD
      • CS.SV.TRANSP.SUCSA
      • CS.SV.TYPE_EQVL
      • CS.SWITCH.DEFAULT.POSITION
      • CS.SWITCH.NODEFAULT
      • CS.UNINIT.LOCAL_VAR
      • CS.UNINIT.LOOP_COUNTER
    • Java checker reference
      • ANDROID.LIFECYCLE.SV.FRAGMENTINJ
      • ANDROID.LIFECYCLE.SV.GETEXTRA
      • ANDROID.NPE
      • ANDROID.RLK.MEDIAPLAYER
      • ANDROID.RLK.MEDIARECORDER
      • ANDROID.RLK.SQLCON
      • ANDROID.RLK.SQLOBJ
      • ANDROID.UF.BITMAP
      • ANDROID.UF.CAMERA
      • ANDROID.UF.MEDIAPLAYER
      • ANDROID.UF.MEDIARECORDER
      • CMP.CLASS
      • CMPF.FLOAT
      • CMP.OBJ
      • CMP.STR
      • COV.CMP
      • ECC.EMPTY
      • EHC.EQ
      • EHC.HASH
      • ESCMP.EMPTYSTR
      • EXC.BROADTHROWS
      • FIN.EMPTY
      • FIN.NOSUPER
      • FSC.PRT
      • FSC.PRV
      • FSC.PUB
      • JD.BITCMP
      • JD.BITMASK
      • JD.BITR
      • JD.CALL.WRONGSTATIC
      • JD.CAST.COL.MIGHT
      • JD.CAST.COL.MUST
      • JD.CAST.DOWNCAST
      • JD.CAST.KEY
      • JD.CAST.SUSP.MIGHT
      • JD.CAST.SUSP.MUST
      • JD.CAST.UPCAST
      • JD.CATCH
      • JD.CONCUR
      • JD.EQ.ARR
      • JD.EQ.UTA
      • JD.EQ.UTC
      • JD.FINRET
      • JD.IFBAD
      • JD.IFEMPTY
      • JD.INF.ALLOC
      • JD.INF.AREC
      • JD.INST.TRUE
      • JD.LIST.ADD
      • JD.LOCK
      • JD.LOCK.NOTIFY
      • JD.LOCK.SLEEP
      • JD.LOCK.WAIT
      • JD.METHOD.CBS
      • JD.NEXT
      • JD.OVER
      • JD.RC.EXPR.CHECK
      • JD.RC.EXPR.DEAD
      • JD.ST.POS
      • JD.SYNC.DCL
      • JD.SYNC.IN
      • JD.THREAD.RUN
      • JD.UMC.FINALIZE
      • JD.UMC.RUNFIN
      • JD.UMC.WAIT
      • JD.UNCAUGHT
      • JD.UN.MET
      • JD.UNMOD
      • JD.UN.PMET
      • JD.VNU
      • JD.VNU.NULL
      • MNA.CAP
      • MNA.CNS
      • MNA.SUS
      • NPE.COND
      • NPE.CONST
      • NPE.RET
      • NPE.RET.UTIL
      • NPE.STAT
      • REDUN.DEF
      • REDUN.EQ
      • REDUN.EQNULL
      • REDUN.FINAL
      • REDUN.NULL
      • REDUN.OP
      • RI.IGNOREDCALL
      • RI.IGNOREDNEW
      • RLK.AWT
      • RLK.FIELD
      • RLK.HIBERNATE
      • RLK.IMAGEIO
      • RLK.IN
      • RLK.JNDI
      • RLK.MAIL
      • RLK.MICRO
      • RLK.NIO
      • RLK.OUT
      • RLK.SOCK
      • RLK.SQLCON
      • RLK.SQLOBJ
      • RLK.SWT
      • RLK.ZIP
      • RNU.THIS
      • RR.IGNORED
      • RTC.CALL
      • STRCON.LOOP
      • SV.CLASSDEF.INJ
      • SV.CLASSLOADER.INJ
      • SV.CLEXT.CLLOADER
      • SV.CLEXT.POLICY
      • SV.CLLOADER
      • SV.CLONE.SUP
      • SV.CSRF.GET
      • SV.CSRF.ORIGIN
      • SV.CSRF.TOKEN
      • SV.DATA.BOUND
      • SV.DATA.DB
      • SV.DATA.FILE
      • SV.DOS.ARRINDEX
      • SV.DOS.ARRSIZE
      • SV.DOS.TMPFILEDEL
      • SV.DOS.TMPFILEEXIT
      • SV.ECV
      • SV.EMAIL
      • SV.EXEC
      • SV.EXEC.DIR
      • SV.EXEC.ENV
      • SV.EXEC.LOCAL
      • SV.EXEC.PATH
      • SV.EXPOSE.FIELD
      • SV.EXPOSE.FIN
      • SV.EXPOSE.IFIELD
      • SV.EXPOSE.MUTABLEFIELD
      • SV.EXPOSE.RET
      • SV.EXPOSE.STORE
      • SV.HASH.NO_SALT
      • SV.HTTP_SPLIT
      • SV.IL.DEV
      • SV.IL.FILE
      • SV.INT_OVF
      • SV.LDAP
      • SV.LOADLIB.INJ
      • SV.LOG_FORGING
      • SV.PASSWD.HC
      • SV.PASSWD.HC.EMPTY
      • SV.PASSWD.PLAIN
      • SV.PATH
      • SV.PATH.INJ
      • SV.PERMS.HOME
      • SV.PERMS.WIDE
      • SV.PRIVILEGE.MISSING
      • SV.RANDOM
      • SV.SCRIPT
      • SV.SENSITIVE.DATA
      • SV.SENSITIVE.OBJ
      • SV.SERIAL.INON
      • SV.SERIAL.NOFINAL
      • SV.SERIAL.NON
      • SV.SERIAL.NOREAD
      • SV.SERIAL.NOWRITE
      • SV.SERIAL.OVERRIDE
      • SV.SERIAL.SIG
      • SV.SHARED.VAR
      • SV.SOCKETS
      • SV.SQL
      • SV.SQL.DBSOURCE
      • SV.STRBUF.CLEAN
      • SV.STRUTS.NOTRESET
      • SV.STRUTS.NOTVALID
      • SV.STRUTS.PRIVATE
      • SV.STRUTS.RESETMET
      • SV.STRUTS.STATIC
      • SV.STRUTS.VALIDMET
      • SV.TAINT
      • SV.TAINT_NATIVE
      • SV.TMPFILE
      • SV.UMC.EXIT
      • SV.UMC.JDBC
      • SV.UMC.THREADS
      • SV.UMD.MAIN
      • SV.USE.POLICY
      • SV.WEAK.CRYPT
      • SV.XPATH
      • SV.XSS.COOKIE
      • SV.XSS.DB
      • SV.XSS.REF
      • SV.XXE.DBF
      • SV.XXE.SF
      • SV.XXE.SPF
      • SV.XXE.TF
      • SV.XXE.XIF
      • SV.XXE.XRF
      • SYNCH.NESTED
      • SYNCH.NESTEDS
      • UC.BOOLB
      • UC.BOOLS
      • UC.STRS
      • UC.STRV
      • UF.IMAGEIO
      • UF.IN
      • UF.JNDI
      • UF.MAIL
      • UF.MICRO
      • UF.NIO
      • UF.OUT
      • UF.SOCK
      • UF.SQLCON
      • UF.SQLOBJ
      • UF.ZIP
      • UMC.EXIT
      • UMC.GC
      • UMC.SYSERR
      • UMC.SYSOUT
      • UMC.TOSTRING
      • Conventions used in reported Java issue messages
    • Klocwork Quality Standard community Java checker reference
      • JAVA.DANGEROUS_CAST
      • JAVA.HIDDEN.MEMBER.LOCAL
      • JAVA.HIDDEN.PARAM.LOCAL
      • JAVA.MAGIC.CHAR
      • JAVA.MAGIC.NUMBER
      • JAVA.MAGIC.STRING
      • JAVA.STMT.DO.BLOCK
      • JAVA.STMT.FOR.BLOCK
      • JAVA.STMT.IFELSE.BLOCK
      • JAVA.STMT.WHILE.BLOCK
      • JAVA.SWITCH.DEFAULT.POSITION
      • JAVA.SWITCH.NOBREAK
      • JAVA.SWITCH.NODEFAULT
      • JAVA.UNINIT.LOCAL_VAR
      • JAVA.UNINIT.LOOP_COUNTER
    • Coding standards mapped to Klocwork checkers
      • 2020 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers
      • 2019 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers
      • Payment Card Industry Data Security Standard IDs mapped to Klocwork checkers
      • C/C++ coding standards
        • AUTOSAR 18-10 Standard mapped to Klocwork and community C and C++ checkers
        • CERT C and C++ IDs mapped to Klocwork C and C++ checkers
        • CERT C and C++ IDs mapped to Klocwork and Klocwork community C and C++ checkers
        • CWE IDs mapped to Klocwork C and C++ checkers
        • DISA STIG version 3 IDs mapped to Klocwork C and C++ checkers
        • DISA STIG version 4 IDs mapped to Klocwork C and C++ checkers
        • Joint Strike Fighter Air Vehicle C++ IDs mapped to Klocwork C++ checkers
        • ISO/IEC TS 17961 C rules mapped to Klocwork checkers
        • Klocwork Quality Standard mapped to Klocwork C and C++ checkers
        • Klocwork Quality Standard mapped to Klocwork community C and C++ checkers
        • MISRA C:2012 with Amendment 2 rules mapped to Klocwork checkers
        • MISRA C:2012 with Amendment 1 rules mapped to Klocwork checkers
        • MISRA C:2012 rules mapped to Klocwork checkers
        • MISRA C:2012 rules mapped to Klocwork MISRA C:2012 community checkers
        • MISRA C++:2008 rules mapped to Klocwork checkers
        • MISRA C:2004 rules mapped to Klocwork checkers
        • NASA: Ten Rules for Safety Critical Coding mapped to Klocwork checkers
      • C# coding standards
        • CWE IDs mapped to Klocwork C# checkers
        • Klocwork Quality Standard mapped to Klocwork C# checkers
        • Klocwork Quality Standard mapped to Klocwork community C# checkers
      • Java coding standards
        • CERT Java IDs mapped Klocwork Java checkers
        • CWE IDs mapped to Klocwork Java checkers
        • DISA STIG version 3 IDs mapped to Klocwork Java checkers
        • DISA STIG version 4 IDs mapped to Klocwork Java checkers
        • Klocwork Quality Standard mapped to Klocwork Java checkers
        • Klocwork Quality Standard mapped to Klocwork community Java checkers
        • OWASP Top 10 Security Risks for 2013 mapped to Klocwork Java checkers
        • OWASP Top 10 Security Risks for 2017 mapped to Klocwork Java checkers
    • Writing and deploying new checkers
      • Writing custom C/C++ checkers
        • Which type of checker to create: KAST or Path?
        • Important changes to the Path API in version 11.2
        • Important changes to the KAST API in version 10.0
        • C/C++ KAST checkers
          • Creating C/C++ KAST checkers
          • C/C++ KAST syntax reference
          • C/C++ KAST examples
          • Tutorial 1 - Creating a C/C++ KAST checker
          • Tutorial 2 - Creating a C/C++ KAST checker with built-in functions
          • Tutorial 3 - Creating a C/C++ KAST checker with custom functions
          • Creating and testing C/C++ KAST custom functions
            • Understanding the workflow
            • Example 1: 'Hello world'
            • Example 2: Modifying error messages
            • Example 3: Listing classes and members
            • Example 4: Accessing inheritance information
            • Example 5: Traversing the AST tree
            • Example 6: Emulating simple KAST expressions in a custom function
            • Example 7: Using node traversal in a custom function
            • Example 8: Designing a 'descendent::' search
        • Creating C/C++ Path checkers
      • Writing custom C# checkers
        • Tutorial - Creating a C# KAST checker
        • Creating C# KAST checkers
      • Writing custom Java checkers
        • Java KAST checkers
          • Creating Java KAST checkers
          • Anatomy of a Java KAST checker
            • help.xml: Defining help for your checker
            • checkers.xml: Java KAST configuration
            • Testcase.java: Using a test case
            • MyFunc.java: Using custom functions
            • plugin_functions.xml: Using custom functions
          • Java KAST examples
          • Java KAST syntax reference
            • Syntax
            • Qualifiers
            • Conditions
            • Variables
            • Other extensions
            • Built-in functions
            • Java custom functions
            • Checker performance
          • Java KAST workflow diagram
          • Tutorial - Creating a Java KAST checker
        • Java Path checkers
          • Anatomy of a Java Path checker
            • Knowledge base entries
            • checkers.xml: Defining the category, severity, and error message
            • help.xml: Defining help for your checker
          • Java knowledge base reference
          • Creating Java Path checkers
            • Types of Java Path checkers
            • Java Path checker creation process
          • Java Path workflow diagram
          • Tutorial - Creating a Java Path checker
      • Deploying custom checkers
        • Deploying the checker package to the Server and build machines
        • Deploying the checker package to your desktop
        • Uninstalling checkers from the Server and build machines
        • Uninstalling checkers from your desktop
  • Configure
    • Build configuration
      • Continuous integration and Klocwork analysis
        • Klocwork Jenkins CI plugin
      • Using Klocwork with Containers
        • Setting up Klocwork with Containers (Linux)
      • Alternate build integration methods for Visual Studio C/C++ projects
      • Build properties displayed by kwadmin
      • Tuning C/C++ analysis
        • C/C++ knowledge base reference
      • Tuning Java analysis
        • Creating a JKB file
        • Editing a JKB file
        • Tuning Java analysis through knowledge bases
        • Tuning Java analysis in Eclipse
          • Create a Java Knowledge Base file in Eclipse
          • Example: Tuning in Eclipse
        • Tuning Java analysis in IntelliJ IDEA
          • Walk-through: Handling an NPE.RET false positive
          • Troubleshooting JKB annotation errors
        • Tutorials - Tuning Java analysis
          • Java tuning tutorials 1 and 2 - Tuning SV.XSS.REF to reduce false positives
          • Java tuning tutorial 3 - Tuning NPE.RET to reduce false positives
          • Java tuning tutorial 4 - Tuning NPE.RET to detect additional issues (Advanced)
      • Adding an unsupported C/C++ compiler
    • Project configuration
      • Configuring checkers for the integration build analysis
        • Opening the Configuration Editor in Klocwork Static Code Analysis
        • Configuring taxonomies and categories
        • Configuring industry-specific coding standards and checkers
        • Using the standalone Configuration Editor
        • Applying a global checker configuration to all new projects
        • Copying the checker configuration to an existing project
        • When do your changes take effect?
        • Tutorial - Creating a taxonomy and viewing the results
      • Changing the thresholds for reported metrics
        • Adding the community HIS Metrics configuration file
      • Setup integration project C-sharp flowchart
      • Setup integration project C/C++ flowchart
      • Setup integration project Java flowchart
      • Reference for integration project and build properties
      • Localization details
      • Import your projects and server settings
  • Analyze
    • Creating a build specification
      • Desktop analysis
      • Build specification file format
        • Format of the build specification file for C/C++ projects
        • Format of the build specification file for Java projects
        • Format of the build specification file for .jsp files
        • Format of the build specification file for C# projects
      • Creating a C/C++ build specification
      • Creating a Java build specification
      • Creating a C-sharp build specification
      • Analyzing mixed C/C++ and C-sharp projects
      • Using kwwrap plus kwinject to generate a build specification
      • Using a build trace to troubleshoot build specification problems
        • Troubleshooting an incomplete kwinject build specification
        • Build trace file format
          • Example
        • Compiler mapping file format (kwfilter.conf)
          • Filter binding lines
          • Attach and detach keywords (Windows only)
          • Deploying kwfilter.conf
    • Running the C and C++ integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • C/C++ integration build analysis - Cheat sheet
    • Running the Java integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • Java integration build analysis - Cheat sheet
    • Running the C-sharp integration build analysis
      • Running your first integration build analysis
      • Running your next integration build analysis
      • What's next?
      • C-sharp integration build analysis - Cheat sheet
    • Running a distributed Klocwork C/C++ analysis
      • How distributed analysis works
      • Running a distributed analysis
    • Tracking issues by owner
    • Managing project branches
      • Synchronizing status changes and comments across projects
      • Matching issues across projects
    • Speeding up the analysis
      • Running Klocwork in an IncrediBuild environment
    • Integrating Klocwork with Electric Cloud
      • Deployment considerations
      • Generate a build specification for Electric Cloud
      • Run a distributed Klocwork analysis in Electric Cloud
    • Replacing the path to your source files
    • Viewing integration build log files
    • C/C++ Path Analysis errors
  • Desktop Analysis Tools
    • Using Klocwork Desktop
      • Klocwork Desktop for C/C++ project setup overview
      • Detect issues while you code
      • Filtering issues on the desktop
      • Providing a build specification template for your developers
        • Example: Creating and using a build specification template
        • Creating a build specification template for C/C++ projects
        • Creating a build specification template for Java projects
        • Using a build specification template with kwcheck
        • Using a build specification template with kwbuildproject
    • Klocwork Refactoring
      • Using Klocwork Refactoring in your coding environment
      • Header Analysis
      • Header analysis in Visual Studio
      • Removing unused functions in Visual Studio
      • Refactoring shortcuts in Visual Studio
      • Header analysis in Eclipse
      • Refactoring shortcuts in Eclipse
    • Getting started with Klocwork Desktop plug-in for Visual Studio
      • Tips and tricks for Klocwork Desktop Plug-in for Visual Studio
      • Visual Studio dialogs
        • Authentication dialog in Visual Studio
        • General Options dialog
          • Analysis and Appearance tabs
          • Data tab
          • Logging tab
        • Klocwork Solution Properties dialog in Visual Studio
    • Getting started with Klocwork extension for Visual Studio Code
    • Getting started with the Klocwork Desktop C/C++ plugin for Eclipse
    • Getting started with Klocwork Desktop Java Plug-in for Eclipse
    • Tips and tricks for Klocwork Desktop Plug-in for Eclipse
      • Customize the analysis
    • Getting started with Klocwork Desktop Java Plug-in for IntelliJ IDEA/Android Studio
      • Tips and tricks for Klocwork Desktop Java Plug-in for IntelliJ IDEA/Android Studio
    • Getting started with Klocwork Desktop plugin for CLion
      • Tips and tricks for the Klocwork Desktop plugin for CLion
        • Change server settings
    • Configure build specification variables - Klocwork Desktop
    • Connected desktop and synchronization
      • How connected desktop works
    • Customizing your desktop analysis
    • Klocwork Desktop command line
      • Getting started with kwcheck for C/C++
      • Getting started with kwcheck for Java
    • Klocwork Desktop GUI
      • Getting started with Klocwork Desktop for Java
      • Getting started with Klocwork Desktop for C/C++
      • Getting started with Klocwork Desktop in remote mode
        • Before you begin
        • Create a remote configuration file
          • Remote configuration file format
          • Format of the configuration file using port forwarding
        • Open the remote project
        • Investigate issues
        • Fix defects and ignore the rest
        • Monitor new issues
        • Troubleshooting
      • Tips and tricks for Klocwork Desktop
        • Start and connect to your remote project in one step
        • Locate system issues
    • Integrating Klocwork with Wind River Workbench
    • Capturing your build settings for QNX Momentics
  • Measure and Manage
    • Accessing Klocwork Static Code Analysis
    • Reporting and metrics
      • Getting started with reports in Klocwork Static Code Analysis
        • Viewing reports
        • Filtering reports
        • Available fields
        • Creating a report
        • Report types
        • Editing reports
        • Sharing reports
        • What's next?
      • Advanced reporting for the integration build
        • Adding external documents to Klocwork Static Code Analysis
      • About Builds/Dates
      • The reporting timeline
      • Default reports in Klocwork Static Code Analysis
      • Creating a Compliance Report
      • Customizing metrics reports in Klocwork Static Code Analysis
        • The metrics.xml file
        • Simple walk-through: Customizing the default Size and Complexity reports
        • Walk-through: Adding custom reports based on Klocwork metrics
        • Adding custom reports based on metrics you define
        • Supported entity types
    • Searching in Klocwork Static Code Analysis
    • Comparing two builds in Klocwork Static Code Analysis
    • Investigating and citing issues in the integration build
      • Viewing a list of issues in your integration build
      • Handling a long list of issues
      • Using SmartRank to prioritize issues
      • Investigating issues
      • Reporting false positives
      • Changing an issue's status to show how it should be handled
      • Assigning ownership
      • Viewing the history of an issue
      • Getting email notification of new issues
      • What's next?
    • How issues are mapped between versions and builds
    • Source Cross-Referencing
      • Searching in source cross-reference
      • Accessing the issue list for a selected entity
      • Viewing source code
      • Using the source viewer in Klocwork Static Code Analysis
    • Managing integration projects and builds
    • Managing configuration files for integration projects
    • Customizing your view of the integration build analysis
      • All about views
      • The default view
      • Public and shared views
      • Supported keywords
      • Tutorial 1: Creating a view for a group of developers
      • Tutorial 2: Excluding issues in test code from view
      • Organizing your code into modules
    • Tracking projects with the Cross-Project Report
  • Code Review
    • What is Klocwork Code Review?
    • Code Review administration guide
      • Configuring permission policies
      • Import code reviews from an existing Code Review Server
      • Configuring live links in Klocwork reviews
      • Cleaning up stalled code reviews
    • Working with Klocwork Code Review
      • Log in to Code Review
      • Submitting your review
        • Setting up a pre-checkin code review
          • Pre-checkin code review: administrator setup
          • Creating a code review from your IDE
          • Creating a code review on the command line
          • Viewing a diff of your file in Visual Studio
          • Changing your Klocwork Server settings
          • Configuring your SCM
          • Fixing and re-submitting your code review
        • Setting up a post-checkin code review
          • Integrating a project with your SCM
          • Creating a code review on the command line
          • Loading new revisions from your SCM
      • Hanging out in Code Review
        • Your Code Review headquarters: your feed page
          • Getting notified of changes in Klocwork
        • Searching in Code Review
          • Using Keywords to filter search results
      • Creating reports in Code Review
        • Creating a new report
        • Editing reports
        • Accessing reports in Code Review
        • Filtering your reports
        • Pre-defined reports in Code Review
      • Participating in code reviews
        • As a committer
        • As a reviewer
      • Viewing the Code Review Action and Revision Status reports
        • Getting more data from the reports
      • Viewing the User Activity report
      • Select Server Project dialog in Eclipse
    • Reference
    • Troubleshooting
      • Troubleshooting code review setup
      • Can't create a new user message
      • Cannot run program git
      • Failed to create code review
      • Prompted to download a file
      • Upload failed - Unknown username error
      • No data is available for selected feed
      • Project not available when trying to set up a Klocwork feed
      • Insufficient permissions
      • Code Review encoding error
      • Can't see Klocwork issues in my code review
      • No source code management system is detected
      • Error 1723: There is a problem with this Windows installer package
      • Error occurred during SSL handshake
      • Diffs are incorrect or unavailable, and reviews appear out of order
    • Limitations for Code Review
  • Reference
    • Command Reference
      • Kwadmin
      • Kwagent
      • Kwandroid
      • Kwant
      • Kwauth
      • Kwbuildproject
        • Linker options for kwbuildproject
        • Compiler options for kwbuildproject
        • Kwbuildproject throws java.lang.ExceptionInInitializerError
      • Kwchangestatus
      • Kwcheck
        • Kwcheck output reference
        • Kwcheck tips and tricks
          • Adding compiler options to kwcheck
          • Connect to a different server project
          • Switch between standalone and connected desktop
          • Delete a local project
          • Enable and disable checkers
          • Change project settings
          • Override incremental analysis
          • Filter issues in the list
          • Locate and fix 'System' issues
      • Kwciagent
      • Kwcodereview
      • Kwcollect
      • Kwconv
      • Kwcreatechecker
        • Example help.xml file for custom checkers
      • Kwcscollect
      • Kwcsprojparser
      • Kwdefectimport
        • Import external defects with kwdefectimport
      • Kwdeploy
      • Kwdiscover
      • Kwdist
      • Kwdistadmin
      • Kwdtagent
      • Kwecbuild
      • Kwgcheck
      • Kwgradle
      • Kwgradlew
      • Kwinject
        • How kwinject works
          • Interception
          • Filtering
          • How kwinject handles a command line from your build
          • Determining which build commands should be intercepted by Klocwork
          • Environment variables used by kwinject
          • Example: Caching temporary source files
      • Kwjava
      • Kwlogparser
      • Kwmatch
      • Kwmaven
      • Kwmavenw
      • Kwprojcopy
      • Kwscm
      • Kwservice
      • Kwshell
      • Kwstruct101
        • Integrating with Structure101
          • How Structure101 licensing works
      • Kwupdate
      • Kwuser
      • Kwvcprojparser
        • Kwvcprojparser message Project file is not found. Skipping
      • Kwwebappscan
      • Kwwrap
      • Kwxsync
        • Renaming a project URL in a kwxsync storage file
        • Remove a project from kwxsync storage
    • Concepts
      • Abstract syntax tree (AST)
      • Analysis profile
      • Build specification
      • Build specification template
      • Build trace
      • Code problem certainty
      • Complexity Index Metric
      • Configuration Editor
      • Continuous analysis
      • Distributed analysis
      • Entity
      • Header analysis
      • Incremental analysis
      • Integration build analysis
        • How to run the analysis
      • Issue category
      • Issue citing
      • Issue code
      • Issue grouping
      • Issue ID
      • Issue severity
      • Issue states
      • Issue statuses
      • Java knowledge base (JKB)
      • Klocwork administrator
      • Klocwork Product Portal
      • Klocwork Servers
      • Knowledge base
      • Local project directory (.kwlp)
      • McCabe Cyclomatic Complexity
      • Migration
      • MIR
      • Model (user and system)
      • Module
      • Origin (local or system)
      • Override file
      • Owner
      • Parallel analysis
      • Projects_root directory
      • Propagation
      • Reference (taxonomy)
      • SmartRank
      • Source ownership file (.sow)
      • Standalone desktop
      • Tables directory
      • Taxonomy
      • Taxonomy Editor
      • Traceback information
        • C/C++ traceback example in Klocwork Static Code Analysis
        • C/C++ traceback example in Eclipse
        • C/C++ traceback example in Visual Studio
      • Tuning
      • User profile
      • Using tags
        • Using fbkb_tags
      • View
      • Working sets
    • Klocwork Web API cookbook
      • Reference information
      • Formatting requests to the API
      • Understanding the API response
      • Specifying drilldown for the report action
      • Access control API examples
      • Issue and metric API examples
    • Klocwork Code Review Web API cookbook
      • Reference information
      • Formatting requests to the API
      • Using the search API
    • Metrics reference
      • File-level metrics
      • Class-level metrics
      • Function- and method-level metrics
    • Legal information
      • FOSS
      • JDOM license
      • License Agreement for Sun JIMI Software Development Kit
        • Sun Microsystems, Inc. Binary Code License Agreement
        • JIMI SDK, Version 2.0 SUPPLEMENTAL LICENSE TERMS
      • SUN license for JavaHelp
      • Third-party copyright notices
      • Voluntary Product Accessibility Template (VPAT)
  • Troubleshoot
    • General troubleshooting issues
      • Accessing your desktop build.log and parse errors.log
      • Can't change issue status on desktop
      • Cannot display the web page error when clicking some links in plug-in help
      • Cannot display the web page or Failed to Connect messages
      • Cannot run two sets of the Klocwork Servers as Windows Services
      • Error indicating that a previous version of the Klocwork user package is installed
      • Error reading setup initialization file during installation
      • Errors printed in the Output window of Checker Studio
      • Failed to connect to server due to missing PKI certificate
      • Failed to lock file or directory: No locks available
      • Import fails when importing projects with a large number of builds
      • Installation fails when path contains multibyte characters
      • Java memory problems when running Klocwork applications
      • java.util.concurrent.RejectedExecutionException
      • Klocwork clients cannot access servers after disconnecting Windows computer from network
      • Klocwork buttons or menu items grayed out in IDE plug-ins
        • Managed C++
        • Supported configuration types
        • Continuous analysis is enabled
      • Klocwork clients cannot connect to Klocwork Server
      • Kwinject error - Compiler can't be configured
      • Offline product documentation not loaded properly
      • Remote clients cannot connect
      • Remote host closed connection during handshake
      • Unable to restart Klocwork Servers
      • Unable to run MariaDB as root user
      • Unable to start Klocwork Servers following Windows installation
      • Unable to start or check the Klocwork Servers because of LDAP error
      • Unable to start the Database Server because the path to the socket file is too long
      • Unable to stop Klocwork Servers
      • We hit StackOverflowError in MySQL driver
    • Authentication issues
      • Authentication unstable when switching between 32-bit and 64-bit Java
      • Cannot use the Remember me option on a server with multiple server instances
      • LDAP server not detected
      • Simple bind failed error when trying to connect to Active Directory
    • Build issues
      • Analysis fails with exited and exception messages
      • Authentication failed message
      • Kwadmin load of build fails; portal shows status as in progress
      • kwant: ERROR: Cannot retrieve main class 'com/klocwork/kwant/KWAnt'
      • kwcsprojparser generates error(s) when folder names use special characters
      • kwgradle fails to generate a build specification
      • kwinject fails to work with processes spawned under sudo
      • Kwinject will not produce a build specification when run in a 4NT shell
      • Local build processes failing in kwinject-enabled builds
      • Message about UnsupportedClassVersionError
      • Missing temporary files cause errors during Klocwork analysis
      • SemaRuntimeExceptions when running java analysis with Android Lollipop
      • Tables fail to load when Windows Indexer or antivirus program accesses temporary MariaDB files
      • Tables fail to load when there are more than 5000 of the same defect in a file
      • Troubleshooting include errors in the integration build log
    • Custom checkers issues
      • Help for my custom C# checker doesn't display in Klocwork Desktop help
    • Database issues
      • Database connection error
      • Database loading and propagation errors
      • Database loading stage failed
      • Lost connection to MySQL server at 'XXX', system error
      • Migration error: Database server fails to start
    • Desktop synchronization troubleshooting
      • Cannot connect to server - server is not available
      • Cannot connect to server - Unable to get Klocwork Server - Incompatible client version
      • Cannot perform project synchronization - Failed to read the buildspec file - Variable is not defined
      • Cannot perform project synchronization - Failed to synchronize - No files found
      • Cannot perform project synchronization - No common files with a project on the Klocwork Server
      • Cannot perform project synchronization - No system builds exist for the project
      • Desktop and server file mapping
      • Recreate your build specification
    • Eclipse troubleshooting
      • Eclipse 3.6.0 with LDAP crashes if Reviewers field is clicked after selecting a reviewer name
      • Eclipse hangs when trying to install Klocwork plug-in on machine with no internet access
      • Eclipse plug-in requires the MSVC redistributable package
      • Eclipse update site fails when downloading from a secure server
      • Installing the Eclipse update site after upgrading Eclipse
      • Path to installation is not set - Eclipse
      • Toolbar on views does not display properly on 64-bit Ubuntu
    • IntelliJ IDEA troubleshooting
      • Cannot access issue help from IntelliJ IDEA 11.1.1 or 11.1.2
      • Cannot find Japanese version of IntelliJ IDEA plug-in
      • Cannot start analysis - the JDK is not specified for selected modules (IntelliJ IDEA)
      • Error trying to import taxonomy file using IDEA 2020.2
      • Help links for detected issues don't work in IntelliJ IDEA 11.1
      • Klocwork icons may not appear on menu bars in IntelliJ IDEA 12
      • PDF links don't work in the help for IntelliJ IDEA
      • Server settings are not specified error message in IntelliJ IDEA
      • URLs to external sites don't work in the help for IntelliJ IDEA
    • Klocwork Desktop issues
      • Failed to start agent on port
      • Project name not saved when using non-default location
      • Why are my files grayed out in the Project Navigator?
      • Why can't I analyze my files or project in Klocwork Desktop?
    • Licensing issues
      • Can't connect to License Server
      • Desktop licensing problems
      • kwlef error states license is not valid
      • License Server error when shutting down host Windows machine
      • Why can't I get a license?
    • Multibyte character issues
      • Cannot connect to the Klocwork server and host name contains multibyte characters
      • Installation fails when path contains multibyte characters
    • Static Code Analysis issues
      • Cannot edit custom folder names for reports
      • Cannot search for severities in Klocwork Static Code Analysis
      • Empty report or issue list in Klocwork Static Code Analysis
      • Internet Explorer does not list project names if Server host name contains underscore
      • No legend printed with Klocwork Static Code Analysis reports
      • Slow performance in Klocwork Static Code Analysis
      • Unable to log in to Klocwork Static Code Analysis after setting up basic access control
    • Visual Studio troubleshooting
      • Cannot access issue help with F1 in Visual Studio
      • Cannot access Klocwork Properties in Visual Studio
      • Cannot create a file when that file already exists
      • Cannot see Klocwork windows in Visual Studio
      • Klocwork Help registration could not acquire the location of the Help Viewer
      • Kwvcprojparser message Project file is not found. Skipping
      • Package Load Failure occurs in Visual Studio after I install patch
      • This project item is not a candidate for analysis

   EN   JP   CN

CERT C and C++ IDs mapped to Klocwork and Klocwork community C and C++ checkers

In this topic:
  • CERT C IDs mapped to Klocwork and Klocwork community checkers
  • CERT C++ IDs mapped to Klocwork and Klocwork community checkers

The following tables list the Klocwork and Klocwork community C/C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT).

CERT C IDs mapped to Klocwork and Klocwork community checkers

RuleKlocwork Checker Code and Description
ARR00-C

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.STRBO.BOUND_COPY.OVERFLOW   Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY   Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

ARR01-C

CWARN.MEMSET.SIZEOF.PTR   Memset-like function is called for 'sizeof' applied to pointer

ARR30-C

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.STRBO.BOUND_COPY.OVERFLOW   Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

ARR38-C

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CON05-C

CONC.SLEEP   Function may block in critical section

CON35-C

CONC.DL   Deadlock

DCL01-C

MISRA.VAR.HIDDEN  Identifier declared in an inner scope hides identifier in outer scope

DCL07-C

MISRA.CAST.FUNC_PTR.2012  Conversion performed between a pointer to a function and another incompatible type

MISRA.FUNC.NOPROT.DEF  Function has a definition but no prototype

MISRA.FUNC.PROT_FORM.KR.2012  Function types shall be in prototype form

DCL10-C

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW   Too few arguments in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY   Too many arguments in a scan function call

DCL11-C

MISRA.FUNC.VARARG  Function with variable number of arguments

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH   Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD   Incompatible type of a scan function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a scan function parameter

SV.FMT_STR.UNKWN_FORMAT.SCAN   Unknown format specifier in a scan function call

DCL13-C

MISRA.PPARAM.NEEDS.CONST  Pointer parameter is not used to modify the addressed object but is not declared as a pointer to const

DCL18-C

MISRA.TOKEN.OCTAL.ESCAPE  Usage of octal escape sequences

MISRA.TOKEN.OCTAL.INT  Usage of octal integer constants

DCL20-C

MISRA.FUNC.NO_PARAMS  Function without parameters is missing void parameter type

DCL23-C

MISRA.IDENT.DISTINCT.C99.2012  Identifiers declared in the same scope or name space are not distinct

DCL30-C

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

DCL31-C

CWARN.IMPLICITINT   Anachronistic 'implicit int'

FUNCRET.IMPLICIT   Non-void function implicitly returning int does not return value

MISRA.DECL.NO_TYPE  Declaration without a type

MISRA.FUNC.NOPROT.CALL  Function is called but has no prototype

RETVOID.IMPLICIT   Implicitly int function returns void value

DCL36-C

MISRA.FUNC.STATIC.REDECL  Function or object redeclaration does not include 'static' modifier

DCL37-C

MISRA.DEFINE.WRONGNAME.UNDERSCORE  Usage of a reserved name for naming a macro

MISRA.STDLIB.WRONGNAME  Reused name of standard library macro, object or function

MISRA.STDLIB.WRONGNAME.UNDERSCORE  Usage of a reserved name for naming a language entity

DCL39-C

PORTING.STORAGE.STRUCT   Byte position of elements in a structure could depend on alignment and packing attributes.

PORTING.STRUCT.BOOL   Struct/class has a bool member

ENV01-C

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

ENV33-C

MISRA.STDLIB.ABORT  Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

ERR34-C

MISRA.STDLIB.ATOI  Use of 'atof', 'atoi' or 'atol' from library stdlib.h

EXP00-C

MISRA.EXPR.PARENS.2012  The precedence of operators within expressions should be made explicit.

EXP02-C

MISRA.LOGIC.SIDEEFF  Right operand in a logical 'and' or 'or' expression contains side effects

EXP08-C

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

EXP12-C

MISRA.FUNC.UNUSEDRET.2012  The return value of a non-void function shall be used.

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

EXP15-C

SEMICOL   Suspiciously placed semicolon

EXP16-C

CWARN.FUNCADDR   Function address is used instead of a call to this function

CWARN.NULLCHECK.FUNCNAME   Function address was directly compared against 0

EXP19-C

MISRA.IF.NO_COMPOUND  The body of if/else statement is not a compound statement

MISRA.STMT.NO_COMPOUND  The body of switch, while, do/while or for statement is not a compound statement

EXP30-C

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

EXP32-C

CERT.EXPR.VOLATILE.ADDR   Do not access a volatile object through a nonvolatile pointer

CERT.EXPR.VOLATILE.ADDR.PARAM   Do not pass a volatile object to a function through a nonvolatile pointer

CERT.EXPR.VOLATILE.PTRPTR   Do not assign a reference to a non-volatile pointer to a volatile pointer-to-pointer

EXP33-C

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

EXP34-C

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

EXP36-C

MISRA.CAST.PTR.UNRELATED  Object of pointer type cast to unrelated type

MISRA.CAST.PTR_TO_INT  Cast between a pointer and an integral type

PORTING.CAST.PTR   Cast between types that are not both pointers or not pointers

PORTING.CAST.PTR.FLTPNT   Cast of a pointer to a floating point expression to a non floating point type pointer

PORTING.CAST.PTR.SIZE   Attempt to cast an expression to a type of a potentially incompatible size

PORTING.CAST.SIZE   Expression is cast to a type of potentially different size

EXP37-C

MISRA.FUNC.UNMATCHED.PARAMS  Number of formal and actual parameters passed to function do not match

EXP44-C

MISRA.SIZEOF.SIDE_EFFECT  Operand of sizeof has side effects

EXP45-C

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

MISRA.ASSIGN.COND  Assignment operator is used in a condition

EXP46-C

MISRA.LOGIC.OPERATOR.NOT_BOOL  Operand of non-logical operator is effectively boolean

FIO01-C

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

FIO02-C

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

FIO22-C

RH.LEAK   Resource leak

FIO30-C

SV.FMTSTR.GENERIC   Format String Vulnerability

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

FIO34-C

CWARN.CMPCHR.EOF   A 'char' expression compared with EOF constant

FIO42-C

RH.LEAK   Resource leak

FIO45-C

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

FIO46-C

SV.INCORRECT_RESOURCE_HANDLING.URH   Insecure Resource Handling

FIO47-C

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH   Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD   Incompatible type of a scan function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a scan function parameter

SV.FMT_STR.SCAN_IMPROP_LENGTH   Improper use of length modifier in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW   Too few arguments in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY   Too many arguments in a scan function call

SV.FMT_STR.UNKWN_FORMAT   Unknown format specifier in a print function call

FLP30-C

MISRA.FOR.COND.FLT  Floating point object is used in the condition section of a 'for' loop

MISRA.FOR.COUNTER.FLT  For loop counter has a floating point type

INT02-C

MISRA.CAST.INT  Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.UNSIGNED_BITS  The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CONV.INT.SIGN  Implicit integral conversion changes signedness

MISRA.CVALUE.IMPL.CAST  The value of an expression implicitly converted to a different type

MISRA.UMINUS.UNSIGNED  Operand of unary minus is unsigned

PRECISION.LOSS   Loss of Precision

INT04-C

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

INT07-C

PORTING.SIGNED.CHAR   'char' used without explicitly specifying signedness

INT09-C

MISRA.ENUM.IMPLICIT.VAL.NON_UNIQUE.2012  Implicit enumerator value is not unique

INT12-C

MISRA.BITFIELD.TYPE  Type of bit-field is not signed/unsigned integer

INT13-C

MISRA.BITS.NOT_UNSIGNED  Operand of bitwise operation is not unsigned integer

MISRA.BITS.NOT_UNSIGNED.PREP  Operand of bitwise operation is not unsigned integer

INT30-C

CWARN.NOEFFECT.OUTOFRANGE   Value outside of range

NUM.OVERFLOW   Possible Overflow

INT31-C

PRECISION.LOSS   Loss of Precision

PRECISION.LOSS.CALL   Loss of Precision during function call

INT33-C

DBZ.CONST   Division by a zero constant occurs

DBZ.CONST.CALL   The value '0' is passed to function that can use this value as divisor

DBZ.GENERAL   Division by zero might occur

DBZ.ITERATOR   Division by zero might occur in a loop iterator

INT36-C

MISRA.CAST.OBJ_PTR_TO_INT.2012  Conversion performed between a pointer to an object and an integer type

MEM00-C

FNH.MIGHT   Freeing Non-Heap Memory - possible

FNH.MUST   Freeing Non-Heap Memory

FREE.INCONSISTENT   Inconsistent Freeing of Memory

FUM.GEN.MIGHT   Freeing Unallocated Memory - possible

FUM.GEN.MUST   Freeing Unallocated Memory

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

RH.LEAK   Resource leak

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

MEM05-C

MISRA.FUNC.RECUR  Recursive function

MEM12-C

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

RH.LEAK   Resource leak

MEM30-C

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

MEM31-C

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

MEM34-C

FNH.MIGHT   Freeing Non-Heap Memory - possible

FNH.MUST   Freeing Non-Heap Memory

FUM.GEN.MIGHT   Freeing Unallocated Memory - possible

FUM.GEN.MUST   Freeing Unallocated Memory

MEM35-C

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

MSC01-C

CWARN.EMPTY.LABEL   Empty label statement

INFINITE_LOOP.GLOBAL   Infinite loop

INFINITE_LOOP.LOCAL   Infinite loop

INFINITE_LOOP.MACRO   Infinite loop

LA_UNUSED   Label unused

MISRA.IF.NO_ELSE  A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause

MISRA.SWITCH.NODEFAULT  No default clause at the end of a switch statement

MISRA.SWITCH.WELL_FORMED.DEFAULT.2012  Every switch statement shall have a default label.

MSC07-C

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

LA_UNUSED   Label unused

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

MSC12-C

CWARN.NOEFFECT.SELF_ASSIGN   A variable is assigned to self

CWARN.NOEFFECT.UCMP.GE   Comparison of unsigned value against 0 is always true

CWARN.NOEFFECT.UCMP.GE.MACRO   Comparison of unsigned value against 0 within a macro is always true

CWARN.NOEFFECT.UCMP.LT   Comparison of unsigned value against 0 is always false

CWARN.NOEFFECT.UCMP.LT.MACRO   Comparison of unsigned value against 0 within a macro is always false

CWARN.NULLCHECK.FUNCNAME   Function address was directly compared against 0

EFFECT   Statement has no effect

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

LA_UNUSED   Label unused

MISRA.STMT.NO_EFFECT  The statement has no side effects, and does not change control flow

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

MSC13-C

LV_UNUSED.GEN   Local variable unused

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

MSC17-C

MISRA.SWITCH.WELL_FORMED.BREAK.2012  An unconditional break statement shall terminate every switch-clause.

MSC37-C

FUNCRET.GEN   Non-void function does not return value

MISRA.RETURN.NOT_LAST  Return is not the last statement in a function

POS02-C

SV.BRM.HKEY_LOCAL_MACHINE   HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

POS35-C

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

POS36-C

SV.FIU.PROCESS_VARIANTS   Use of Dangerous Process Creation

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

SV.USAGERULES.PROCESS_VARIANTS   Use of Dangerous Process Creation Function

POS37-C

SV.FIU.PROCESS_VARIANTS   Use of Dangerous Process Creation

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

POS39-C

BYTEORDER.HTON.SEND   Missed conversion from host to network byte order

BYTEORDER.HTON.WRITE   Missed conversion from host to network byte order

BYTEORDER.NTOH.READ   Missed conversion from network to host byte order

BYTEORDER.NTOH.RECV   Missed conversion from network to host byte order

POS47-C

CERT.POS.THREAD.ASYNC_CANCEL   Do not use threads that can be canceled asynchronously

POS51-C

CONC.DL   Deadlock

POS52-C

CONC.SLEEP   Function may block in critical section

POS54-C

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

PRE00-C

MISRA.DEFINE.FUNC  Function-like macro definition

PRE01-C

MISRA.DEFINE.NOPARS  Macro parameter with no parentheses

PRE02-C

MISRA.DEFINE.BADEXP  Inappropriate macro expansion

PRE05-C

MISRA.DEFINE.SHARP.ORDER.2012  Unspecified order of evaluation of multiple '#' or '##'

PRE06-C

MISRA.INCGUARD  Include guard is not provided

PRE10-C

MISRA.DEFINE.BADEXP  Inappropriate macro expansion

STR02-C

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.INJECTION   Command Injection

STR03-C

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

STR05-C

MISRA.STRING_LITERAL.NON_CONST.2012  A string literal shall not be assigned to an object unless the object's type is pointer to const-qualified char

STR31-C

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

SV.STRBO.BOUND_COPY.OVERFLOW   Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY   Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

STR32-C

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

WIN00-C

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE   Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH   Do not use SearchPath to find DLLs

WIN30-C

FMM.MIGHT   Freeing Mismatched Memory - possible

FMM.MUST   Freeing Mismatched Memory

CERT C++ IDs mapped to Klocwork and Klocwork community checkers

RuleKlocwork Checker Code and Description
CON02-CPP

CONC.DL   Deadlock

CON50-CPP

CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED   Do not destroy a mutex while it is locked

CON54-CPP

CERT.CONC.WAKE_IN_LOOP   Wrap functions that can spuriously wake up in a loop

CON55-CPP

CERT.CONC.UNSAFE_COND_VAR   Preserve thread safety and liveness when using condition variables

CTR01-CPP

CWARN.MEMSET.SIZEOF.PTR   Memset-like function is called for 'sizeof' applied to pointer

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

CTR50-CPP

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

DCL01-CPP

MISRA.VAR.HIDDEN  Identifier declared in an inner scope hides identifier in outer scope

DCL07-CPP

MISRA.VAR.MIN.VIS  Name visibility is too wide

DCL10-CPP

MISRA.BIN_OP.OVERLOAD  Comma, || or && operator overloaded

MISRA.UN_OP.OVERLOAD  Unary & operator is overloaded

DCL12-CPP

MISRA.SPEC.ILL  Explicit instantiation of a template makes the code ill-formed

DCL19-CPP

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

DCL50-CPP

MISRA.FUNC.VARARG  Function with variable number of arguments

DCL52-CPP

CERT.DCL.REF_TYPE.CONST_OR_VOLATILE   Never qualify a reference type with const or volatile

DCL53-CPP

CERT.DCL.AMBIGUOUS_DECL   Do not write syntactically ambiguous declarations

DCL54-CPP

CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC   Overload allocation and deallocation functions as a pair in the same scope

DCL58-CPP

CERT.DCL.STD_NS_MODIFIED   Do not modify the standard namespaces

ENV02-CPP

MISRA.STDLIB.ABORT  Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

ERR01-CPP

MISRA.STDLIB.ERRNO  Use of error indicator 'errno'

ERR08-CPP

MISRA.THROW.PTR  Exception object is a pointer

ERR09-CPP

MISRA.CATCH.BY_VALUE  Exception object of class type is caught by value

MISRA.THROW.PTR  Exception object is a pointer

ERR10-CPP

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

ERR50-CPP

CERT.ERR.ABRUPT_TERM   Do not abruptly terminate the program

MISRA.CATCH.ALL  No ellipsis exception handler in a try-catch block

ERR52-CPP

MISRA.STDLIB.LONGJMP  Use of setjmp macro or longjmp function

ERR53-CPP

MISRA.CTOR.TRY.NON_STATIC  Function try/catch block of constructor or destructor references non-static members

ERR54-CPP

MISRA.CATCH.NOALL  Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD  Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

ERR62-CPP

CERT.ERR.CONV.STR_TO_NUM   Detect errors when converting a string to a number

EXP00-CPP

MISRA.EXPR.PARENS 

MISRA.EXPR.PARENS.INSUFFICIENT  Limited dependence required for operator precedence rules in expressions

MISRA.EXPR.PARENS.REDUNDANT  Limited dependence required for operator precedence rules in expressions

EXP01-CPP

CWARN.MEMSET.SIZEOF.PTR   Memset-like function is called for 'sizeof' applied to pointer

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

EXP05-CPP

BSTR.CAST.C   C style type cast to BSTR

MISRA.C_CAST  C-style cast to non-void type

EXP06-CPP

MISRA.SIZEOF.SIDE_EFFECT  Operand of sizeof has side effects

EXP08-CPP

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

MISRA.PTR.ARITH  Pointer is used in arithmetic or array index expression

EXP09-CPP

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

EXP10-CPP

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

EXP11-CPP

PORTING.BITFIELDS   Usage of bitfields within a structure

PORTING.CAST.FLTPNT   Cast of a floating point expression to a non floating point type

PORTING.CAST.PTR   Cast between types that are not both pointers or not pointers

PORTING.CAST.PTR.FLTPNT   Cast of a pointer to a floating point expression to a non floating point type pointer

PORTING.CAST.PTR.SIZE   Attempt to cast an expression to a type of a potentially incompatible size

PORTING.CAST.SIZE   Expression is cast to a type of potentially different size

EXP12-CPP

MISRA.FUNC.UNUSEDRET  Return value of a non-void function is not used

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

EXP15-CPP

MISRA.CAST.UNSIGNED_BITS  The result of bitwise operation on unsigned char or short is not cast back to original type

EXP34-CPP

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

EXP50-CPP

MISRA.EXPR.PARENS 

MISRA.EXPR.PARENS.INSUFFICIENT  Limited dependence required for operator precedence rules in expressions

MISRA.EXPR.PARENS.REDUNDANT  Limited dependence required for operator precedence rules in expressions

MISRA.INCR_DECR.OTHER  Increment or decrement operator is mixed with other operators in expression

PORTING.VAR.EFFECTS   Variable used twice in one expression where one usage is subject to side-effects

EXP51-CPP

CERT.EXPR.DELETE_ARR.BASE_PTR   Do not delete an array through a pointer of the incorrect type

EXP52-CPP

MISRA.SIZEOF.SIDE_EFFECT  Operand of sizeof has side effects

EXP53-CPP

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

EXP54-CPP

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

EXP55-CPP

MISRA.CAST.CONST  Cast operation removes const or volatile modifier from a pointer or reference

EXP56-CPP

MISRA.CAST.PTR.UNRELATED  Object of pointer type cast to unrelated type

MISRA.CAST.PTR_TO_INT  Cast between a pointer and an integral type

PORTING.CAST.PTR   Cast between types that are not both pointers or not pointers

PORTING.CAST.PTR.FLTPNT   Cast of a pointer to a floating point expression to a non floating point type pointer

PORTING.CAST.PTR.SIZE   Attempt to cast an expression to a type of a potentially incompatible size

PORTING.CAST.SIZE   Expression is cast to a type of potentially different size

EXP57-CPP

CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE   Do not delete a pointer to an incomplete type

FIO00-CPP

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH   Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.UNKWN_FORMAT   Unknown format specifier in a print function call

FIO01-CPP

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

FIO02-CPP

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

FIO04-CPP

MISRA.FUNC.UNUSEDRET  Return value of a non-void function is not used

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

FIO17-CPP

MISRA.INCL.UNSAFE  Unsafe header inclusion

MISRA.STDLIB.STDIO  Use of input/output library stdio.h in production code

FIO51-CPP

RH.LEAK   Resource leak

INT02-CPP

MISRA.CAST.INT  Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.UNSIGNED_BITS  The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CONV.INT.SIGN  Implicit integral conversion changes signedness

MISRA.CVALUE.IMPL.CAST  The value of an expression implicitly converted to a different type

MISRA.UMINUS.UNSIGNED  Operand of unary minus is unsigned

PRECISION.LOSS   Loss of Precision

INT04-CPP

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.STRBO.UNBOUND_COPY   Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

INT05-CPP

SV.BANNED.RECOMMENDED.SCANF   Banned recommended API: unsafe scanf-type functions

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

INT06-CPP

MISRA.STDLIB.ATOI  Use of 'atof', 'atoi' or 'atol' from library stdlib.h

SV.BANNED.RECOMMENDED.SCANF   Banned recommended API: unsafe scanf-type functions

INT07-CPP

MISRA.CHAR.NOT_CHARACTER  'char' is used for non-character value

MISRA.SIGNED_CHAR.NOT_NUMERIC  'signed char' or 'unsigned char' is used for non-numeric value

PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE   Relational expression may be always false depending on 'char' type signedness

INT11-CPP

PORTING.CAST.PTR   Cast between types that are not both pointers or not pointers

INT12-CPP

MISRA.BITFIELD.TYPE  Type of bit-field is not signed/unsigned integer

INT13-CPP

MISRA.BITS.NOT_UNSIGNED  Operand of bitwise operation is not unsigned integer

MISRA.BITS.NOT_UNSIGNED.PREP  Operand of bitwise operation is not unsigned integer

MEM00-CPP

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

MEM01-CPP

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

MEM05-CPP

MISRA.FUNC.RECUR  Recursive function

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

MEM09-CPP

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

MEM50-CPP

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

MEM51-CPP

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

CL.FMM   Freeing Mismatched Memory - in destructor

FMM.MIGHT   Freeing Mismatched Memory - possible

FMM.MUST   Freeing Mismatched Memory

FNH.MIGHT   Freeing Non-Heap Memory - possible

FNH.MUST   Freeing Non-Heap Memory

FUM.GEN.MIGHT   Freeing Unallocated Memory - possible

FUM.GEN.MUST   Freeing Unallocated Memory

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

MEM52-CPP

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

MEM55-CPP

CERT.MEM.OVERRIDE.DELETE   Honor replacement dynamic storage management requirements for 'delete'

CERT.MEM.OVERRIDE.NEW   Honor replacement dynamic storage management requirements for 'new'

MSC01-CPP

CWARN.EMPTY.LABEL   Empty label statement

LA_UNUSED   Label unused

MISRA.IF.NO_ELSE  A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause

MISRA.SWITCH.NODEFAULT  No default clause at the end of a switch statement

MSC02-CPP

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

EFFECT   Statement has no effect

MISRA.FUNC.ADDR  Address of a function is used without & operator

MSC03-CPP

EFFECT   Statement has no effect

SEMICOL   Suspiciously placed semicolon

MSC04-CPP

MISRA.TOKEN.BADCOM  Inappropriate character sequence in a comment

MSC07-CPP

LA_UNUSED   Label unused

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

MSC08-CPP

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

MSC12-CPP

CWARN.NOEFFECT.SELF_ASSIGN   A variable is assigned to self

CWARN.NOEFFECT.UCMP.GE   Comparison of unsigned value against 0 is always true

CWARN.NOEFFECT.UCMP.GE.MACRO   Comparison of unsigned value against 0 within a macro is always true

CWARN.NOEFFECT.UCMP.LT   Comparison of unsigned value against 0 is always false

CWARN.NOEFFECT.UCMP.LT.MACRO   Comparison of unsigned value against 0 within a macro is always false

CWARN.NULLCHECK.FUNCNAME   Function address was directly compared against 0

EFFECT   Statement has no effect

MISRA.STMT.NO_EFFECT  The statement has no side effects, and does not change control flow

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

MSC13-CPP

LV_UNUSED.GEN   Local variable unused

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

MSC18-CPP

MISRA.SWITCH.NO_BREAK  No break or throw statement at the end of switch-clause

MISRA.SWITCH.WELL_FORMED.BREAK.2012  An unconditional break statement shall terminate every switch-clause.

MSC20-CPP

MISRA.SWITCH.LABEL  A switch label belongs to nested compound statement inside switch body

MISRA.SWITCH.WELL_FORMED.BREAK.2012  An unconditional break statement shall terminate every switch-clause.

MSC21-CPP

MISRA.FOR.COND.EQ  ++ or -- operations are not used to change loop counter, but condition tests loop counter for equality

MSC50-CPP

CERT.MSC.STD_RAND_CALL   Do not use std::rand() for generating pseudorandom numbers

MSC53-CPP

CERT.MSC.NORETURN_FUNC_RETURNS   Do not return from a function declared [[noreturn]]

MSC54-CPP

CERT.MSC.SIG_HANDLER.POF   A signal handler must be a plain old function

OOP52-CPP

CL.MLK.VIRTUAL   Memory Leak - possible in destructor

CWARN.DTOR.NONVIRT.DELETE   Delete expression for an object of a class with virtual methods and no virtual destructor

OOP53-CPP

CERT.OOP.CTOR.INIT_ORDER   Write constructor member initializers in the canonical order

OOP54-CPP

CL.SELF-ASSIGN   Use of free memory (double free) - in operator=

OOP55-CPP

CERT.OOP.PTR_MEMBER.NO_MEMBER   Do not use pointer-to-member operators to access nonexistent members

OOP57-CPP

CERT.OOP.CSTD_FUNC_USE   Prefer special member functions and overloaded operators to C Standard Library functions

OOP58-CPP

CERT.OOP.COPY_MUTATES   Copy operations must not mutate the source object

PRE00-CPP

MISRA.DEFINE.FUNC  Function-like macro definition

MISRA.USE.EXPANSION  Macro expansion

PRE01-CPP

MISRA.DEFINE.NOPARS  Macro parameter with no parentheses

PRE04-CPP

MISRA.STDLIB.WRONGNAME  Reused name of standard library macro, object or function

MISRA.STDLIB.WRONGNAME.UNDERSCORE  Usage of a reserved name for naming a language entity

MISRA.UNDEF.WRONGNAME  Undefinition of a name from the standard library

MISRA.UNDEF.WRONGNAME.UNDERSCORE  Undefinition of a reserved name

PRE06-CPP

MISRA.INCGUARD  Include guard is not provided

PRE07-CPP

MISRA.CHAR.TRIGRAPH  Trigraph usage

PRE09-CPP

SV.BANNED.RECOMMENDED.ALLOCA   Banned recommended API: stack allocation functions

SV.BANNED.RECOMMENDED.NUMERIC   Banned recommended API: unsafe numeric conversion functions

SV.BANNED.RECOMMENDED.OEM   Banned recommended API: OEM character page conversion functions

SV.BANNED.RECOMMENDED.PATH   Banned recommended API: unsafe path name manipulation functions

SV.BANNED.RECOMMENDED.SCANF   Banned recommended API: unsafe scanf-type functions

SV.BANNED.RECOMMENDED.SPRINTF   Banned recommended API: unsafe sprintf-type functions

SV.BANNED.RECOMMENDED.STRLEN   Banned recommended API: unsafe string length functions

SV.BANNED.RECOMMENDED.TOKEN   Banned recommended API: unsafe string tokenizing functions

SV.BANNED.RECOMMENDED.WINDOW   Banned recommended API: unsafe window functions

SV.BANNED.REQUIRED.CONCAT   Banned required API: unsafe string concatenation functions

SV.BANNED.REQUIRED.COPY   Banned required API: unsafe buffer copy functions

SV.BANNED.REQUIRED.GETS   Banned required API: unsafe stream reading functions

SV.BANNED.REQUIRED.ISBAD   Banned required API: IsBad-type functions

SV.BANNED.REQUIRED.SPRINTF   Banned required API: unsafe sprintf-type functions

STR02-CPP

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.INJECTION   Command Injection

STR03-CPP

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

STR04-CPP

MISRA.CHAR.NOT_CHARACTER  'char' is used for non-character value

STR06-CPP

SV.BANNED.RECOMMENDED.TOKEN   Banned recommended API: unsafe string tokenizing functions

STR07-CPP

MISRA.CHAR.OPERAND  Expression of type 'char' or 'wchar_t' is used as non-character operand

STR50-CPP

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

STR51-CPP

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

Parent topic: C/C++ coding standards
Previous topic: CERT C and C++ IDs mapped to Klocwork C and C++ checkers
Next topic: CWE IDs mapped to Klocwork C and C++ checkers

Company

  • Visit Rogue Wave.com
  • Company News
  • Privacy
  • FAQ
  • Sitemap
  • Contact Rogue Wave Support
  • For problems with this website contact support@roguewave.com
  • Phone support: 1.303.545.3205
  • US and Canada: 1.800.404.4767
  • Japan: +81 (0) 3 5211 7761

© Perforce Software, Inc. All rights reserved.