In this release, we've focused on enhancing our functional safety and security compliance solution. We've extended the coverage of the AUTOSAR C++ 14 standard to help you achieve full compliance with AUTOSAR's required and automated rules and added support for the latest release of the CWE guidelines.

Support for Environments

New IDEs

We've added support for:

QNX Software Development Platform 7.0

New Compilers

Compiler Name	Compiler Acronym
GNU GCC 9.x	gcc_9
GNU GCC 9.x (x86_64)	gcc_9-64
IAR Compiler for ARM v. 8.22x	iccarm_8_22
IAR Compiler for ARM v. 8.40x	iccarm_8_40
Microsoft Visual C++ 14.2	vc_14_2
Microsoft Visual C++ 14.2 (x86_64)	vc_14_2-64
Clang C/C++ Compiler v 8.0 (x86_64)	clang_8_0

Support for QNX GCC 5.x (ARM) is now extended and approved for use in safety-critical software development.

The ARM NEON extensions are now supported for GCC- and ARM-based compilers.

Deprecated Compilers

Support for the following compilers is deprecated and will be removed in future releases:

ARM RealView 4.1
ARM RealView 4.1 for uVision
CodeSourcery Sourcery G++ Lite 2009q1-203
GNU GCC 4.0.x
GNU GCC 4.0.x (x86_64)
GNU GCC 4.1.x
GNU GCC 4.1.x (x86_64)
GNU GCC 4.2.x
GNU GCC 4.2.x (x86_64)
GNU GCC 4.3.x
GNU GCC 4.3.x (x86_64)
GNU GCC 4.4.x
GNU GCC 4.4.x (x86_64)
IAR Compiler for ARM v. 6.1x
IAR Compiler for ARM v. 6.3x
IAR Compiler for MSP430 v. 5.4x
Microsoft Visual C++ 9.0
Microsoft Visual C++ 10.0
TI TMS320C2000 C/C++ Compiler v6.2
TI TMS320C6x C/C++ Compiler v7.3
TI MSP430 C/C++ Compiler v4.0
Vx-toolset for TriCore C/C++ Compiler 4.0
Wind River GCC 3.4.x

Intel C++ Compiler v 18.0 is no longer supported on Windows.

Extended Automotive Compliance Pack

We've extended support for AUTOSAR C++ 14 to help you achieve compliance with the standard. All AUTOSAR rules from the "required" and "automated" categories are now fully covered to support your testing efforts in the development of automotive system architectures.

Extended Security Compliance Pack

We've added support for the newly updated 2019 Common Weakness Enumeration (CWE). C/C++test now ships with new test configurations to help you enforce compliance with the CWE Top 25 2019 and CWE Weaknesses on the Cusp guidelines; see the New and Updated Test Configurations section below.

New and Updated Code Analysis Rules

We've added new static analysis rules to extend coverage of compliance standards, with a special focus on the AUTOSAR standard C++ 14 ; see New Rules and Updated Rules for the lists of new and updated rules.

In addition, we've added a NOMCIM metric to calculate the number of function calls in functions.

New and Updated Test Configurations

We've added the following test configurations:

CWE Top 25 2019
CWE Top 25 + On the Cusp 2019
OWASP Top 10 2017
UL 2900

Deprecated Test Configurations

CWE-SANS Top 25 Most Dangerous Programming Errors – deprecated and replaced with the CWE Top 25 2019 test configuration
OWASP Top 10 2017 – deprecated and replaced with the new OWASP Top 10 2017 test configuration
UL 2900 – deprecated and replaced with the new UL 2900 test configuration that includes CWE SANS Top 25 + On the Cusp 2019 and OWASP Top 10 2017 rules

The deprecated test configurations are not available by default and can only be applied as user-defined test configuration. They are now shipped with C/C++test in the following location: [INSTALL_DIR]\configs\Deprecated.

Creating Stubs that Call the Original Function

The Stub Callbacks mechanism has been enhanced to call the original function if no test-case specific Stub Callback Function is registered in the test case; see Creating Stubs that Call the Original Function.

Standalone License Server

You can now obtain the Parasoft license from an additional instance of DTP or a standalone License Server. See Licensing.

OpenID Connect Support

You can now authenticate on DTP via OpenID Connect to add a layer of security to your interactions with your DTP server. See Configuring OpenID Connect in the UI and Configuring OpenID Connect the .properties File for details.

Other Changes

The @test issue tracking tag is now supported by default for associating test with development artifacts; see Indicating Code and Test Correlations.
Performance of flow analysis in the incremental analysis mode has improved. We've reduced analysis times in subsequent runs.
Connecting to Project Center is no longer supported. The Project Center module shipped with DTP/Concerto has reached its end-of-life (EOL) phase and was removed in DTP 5.4.2.
QNX Momentics IDEs older than version 7 are no longer supported.

Resolved Bugs and FRs

Bug/FR ID	Description
CPP-39554	Rule CODSTA-13 should be updated to follow MISRA2004-17_3
CPP-39913	VS Cannot enable filtered rules in Visual Studio.
CPP-42073	Add support for ARM NEON extensions
CPP-42495	Rule COMMENT-04 should not report on a function declaration when function definition is not available (visible)
CPP-42527	Improve mapping for AUTOSAR-M2_13_2-a (C++14 semantics)
CPP-42858	Improve mapping for CERT-INT31
CPP-43140	Improve mapping for MISRA2012-RULE-2_2
CPP-43141	Rule CODSTA-163_b (MISRAC2012-RULE_10_3-b) reports false positive on ternary operator
CPP-43142	Rule CODSTA-CPP-59 reports false positive on #include directives excluded by __cplusplus macro
CPP-43143	Rule MISRA2004-9_2_c (AUTOSAR-M8_5_2-c) reports incorrectly on std::array and constexpr
CPP-43150	Rule GLOBAL-ONEUSEVAR (MISRA2008-0_1_4) reports false positive when static const variable is used as template argument
CPP-43413	Rule OPT-02 (OPT-03, OPT-31) reports false positive on parameters/variables captured by lambdas
CPP-43414	Parse failure reported for user-defined suffixes in templates (C++14)
CPP-43465	LSI cannot read object/library data for ARM OE toolchain
CPP-43479	Error reported when instrumenting code (Process exited with code: 137)
CPP-43523	Error reported when running unit tests: Invalid file format: Unable to read exports
CPP-43549	Custom source/header file extensions not propagated from IDE to Static Analysis engine
CPP-43558	Timeout is not deactivated when debugging test cases
CPP-43567	Symbols __once_call and __once_callable from libstdc++ are reported not found by LSI
CPP-43568	C/C++test cannot be installed if both VS2017 and VS 2019 are installed on a machine
CPP-43602	Configure gnu99 option for GHS/ARM compilers
CPP-43603	Rule FORMAT-43 reports false positive when unpaired braces are #ifdef'd/#ifndef'd
CPP-43643	Missing support for "--core" option in IAR-RL78 compiler configuration
CPP-43667	Rule OPT-05 reports false positive if const variable is used as template argument
CPP-43675	Rule PB-45 reports false positive when plain char is passed as '%c' specifier in printf/scanf function call
CPP-43688	Rules PB-45, PB-46, PB-47, PB-48, PB-49 work incorrectly for arguments of 'scanf' functions
CPP-43689	Rule PB-50 reports false positive when characters specifier is used in 'scanf' function
CPP-43706	Improve rule MISRA2004-20_5 (JSF-017): do not print line number in violation message
CPP-43744	Improve algorithm which filters duplicated violations.
CPP-43748	Rule MISRA2004-17_6_a reports false positive when address of dereferenced iterator is returned from function
CPP-43831	Compilation error on safe stubs with Microsoft Windows Kit SDK 10.0.18362.0
CPP-43837	Parse failure reported when using -endian=big with Renesas RX C++ 2.5.X compiler
CPP-43869	Rule INIT-05 reports false positive on rvalue reference
CPP-43889	Parse failure reported: initial value of reference to non-const must be an lvalue
CPP-43892	Parse failure reported: parameter pack "Indexes" was referenced but not expanded
CPP-43893	Improve mapping for CERT EXP45-C (remove CERT_C-EXP45-a and CERT_C-EXP45-c)
CPP-43896	Improve unit testing execution for Renesas Rx
CPP-43971	Enable edg.implicit_noexcept_enabled configuration option for GCC and Clang compilers
CPP-43972	C/C++test fails to read "$NULL" value from a data source
CPP-43975	Rule CODSTA-149 (CERT_C-MSC17-a) reports false positive when fall through comment is preceded by preprocessor directive
CPP-43992	TempLic*txt files create and not cleaned up in temp folder
CPP-44001	VS IDE not responding when creating test case for CMFCSampleDlg::OnPaint()
CPP-44025	Rule CERT_C-INT36-a reports false positive when '0' is cast to void* type
CPP-44045	Rule OPT-06 reports false positive on local variable captured in lambda
CPP-44046	STATUS_ACCESS_VIOLATION: The thread attempts to read from or write to a virtual address for which it does not have access.
CPP-44055	VS Only first -localsettings parameter is handled by C/C++test (others are ignored)
CPP-44059	Report HTML - Tested functions in Test Cases have empty field
CPP-44088	Static Analysis (cwc) exits with code 3 on literal variadic templates
CPP-44225	Rule MISRA2004-12_8 (MISRAC2012-RULE_12_2-a) reports false positive when double cast of the operand is used in the shift expression
CPP-44271	Parse failure reported: expression must have a constant valuestatic constexpr bool value = has_named_enum_tag<T>(0);
CPP-44273	Renaming a test case actually renames the class name for that test
CPP-44274	Rule HICPP-17_2_1-a (AUTOSAR-A17_1_1-b) reports false positive on #include <string>
CPP-44538	Add support for missing IAR atomic builtins
CPP-44576	C++test 10.4.3 BETA - Command line analysis is not licensed
FA-4617	False positives from BD-PB-DEREF on checking array variable against being null
FA-4651	BD-RES-FREE False Positive on freeing memory that was already freed as a resource of another type (e.g. pthread mutex)
FA-4998	Bogus violation for BD-RES-FREE on arithmetic operations done on closed file descriptors.
FA-7097	BD-PB-PTRARR false positive on type mismatch
FA-7105	BD-PB-OVERFWR False Positive
FA-7191	BD-RES-INVFREE false positive when working with const expression
FA-7195	BD-CO-ITOUT - false positive for container cend() method
FA-7266	Incorrect Flow Analysis results: FA does not take into account values of the elements of the global array of consts.
FA-7291	False positives from BD-RES-INVFREE when closing resource referenced by the element of an array.
FA-7398	Flow Analysis Aggressive reports static analysis problems in C++test 10.4.2
FA-7410	False positive for BD-SECURITY-OVERFFMT when typedefs used
FA-7413	False positive of MISRA2012-RULE-19-1_c (BD-PB-OVERLAP)
FA-7441	CERT_C-ARR38-c (BD-PB-OVERFFMT) reports FP violation when specifying %*s inside string format
XT-36609	£ character in password prevents Parasoft tool from connecting to DTP
XT-36611	Publishing sim-link source code using 'min' option failed
XT-36843	Concurrent builds which use cpptestcli do not wait for timeout when trying to pull license
XT-36950	Update vulnerable libraries from XML Graphics Project
XT-37358	100% not being displayed in reports when achieving 100% test success

New Rules

Rule ID	header
AUTOSAR-A0_1_5-a	There shall be no unused named parameters in virtual functions
AUTOSAR-A12_1_3-a	User-defined constructors that initialize data members with the same constant values across all constructors should initialize using NSDMI instead
AUTOSAR-A12_1_6-a	Derived classes that do not need further explicit initialization and require all the constructors from the base class shall use inheriting constructors
AUTOSAR-A15_3_4-a	Avoid using catch-all exception handlers
AUTOSAR-A15_4_5-a	Checked exceptions that could be thrown from a function shall be specified in the comment directly before the function declaration
AUTOSAR-A15_5_2-c	The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used
AUTOSAR-A1_1_1-a	The 'register' storage class specifier shall not be used
AUTOSAR-A1_1_1-b	A copy assignment operator should be declared when a copy constructor is declared (and vice versa)
AUTOSAR-A1_1_1-c	Both copy constructor and copy assignment operator should be declared for classes with a nontrivial destructor
AUTOSAR-A1_1_1-d	The C library shall not be used
AUTOSAR-A1_1_1-e	Prefer lambdas over std::bind, std::bind1st and std::bind2nd
AUTOSAR-A1_1_1-f	The 'binder1st' and 'binder2nd' identifiers should not be used
AUTOSAR-A1_1_1-g	Prefer to use std::unique_ptr instead of std::auto_ptr
AUTOSAR-A1_1_1-h	The 'random_shuffle' identifier should not be used
AUTOSAR-A1_1_1-i	Do not use the increment operator (++) on an operand of type 'bool'
AUTOSAR-A1_1_1-j	The 'set_unexpected' identifier should not be used
AUTOSAR-A1_1_1-k	Do not use throw exception specifications
AUTOSAR-A27_0_4-a	Don't use unsafe C functions that do write to range-unchecked buffers
AUTOSAR-A27_0_4-b	Avoid using unsafe string functions that do not check bounds
AUTOSAR-A27_0_4-c	Do not use the 'char' buffer to store input from 'std::cin'
AUTOSAR-A27_0_4-d	C-style strings shall not be used
AUTOSAR-A2_10_4-a	The identifier name of a non-member object with static storage duration shall not be reused within a namespace
AUTOSAR-A2_10_4-b	The identifier name of a non-member static function shall not be reused within a namespace
AUTOSAR-A2_7_3-a	All declarations of types, data members, and functions should be preceded by a comment annotated with the '@brief' tag
AUTOSAR-A2_7_3-b	Function parameters and return type should be documented in a comment that precedes the function declaration
AUTOSAR-A3_3_2-a	Static and thread-local objects shall be constant-initialized
AUTOSAR-A5_1_6-a	Return type of a non-void return type lambda expression should be explicitly specified
AUTOSAR-A5_1_8-a	Lambda expressions should not be defined inside another lambda expression
AUTOSAR-A5_3_1-a	The operand of the 'typeid' operator shall not contain any expression that has side effects
AUTOSAR-A5_3_1-b	The operand of the 'typeid' operator shall not contain a function call that causes side effects
AUTOSAR-A6_2_1-a	Copy assignment operators should not have side effects that could affect copying the object
AUTOSAR-A6_2_1-b	Move assignment operators should not have side effects that could affect moving the object
AUTOSAR-A6_2_2-a	Expression statements shall not be explicit calls to constructors of temporary objects only
AUTOSAR-A7_1_5-a	Do not overuse 'auto' specifier
AUTOSAR-A8_2_1-a	Use a trailing return type syntax if the return type is preceded by the 'typename' keyword
AUTOSAR-A8_4_8-a	Output parameters shall not be used
AUTOSAR-A8_5_2-a	Braced-initialization {}, without equals sign, shall be used for variable initialization
AUTOSAR-A8_5_3-a	A variable of type auto shall not be initialized using '{}' or '={}' braced-initialization
AUTOSAR-M15_3_7-a	Where multiple handlers are provided in a single 'try-catch' statement or 'function-try-block', any ellipsis (catch-all) handler shall occur last
AUTOSAR-M18_0_3-b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
AUTOSAR-M18_0_3-c	The 'system()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
AUTOSAR-M18_0_3-d	The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
BD-RES-INSUFMEM	Allocate sufficient memory to hold an object of a given type
BD-SECURITY-XXEXRC	Disable resolving XML external entities (XXE) in libxerces-c
CERT_C-ERR04-b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
CERT_C-ERR04-c	The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used
CERT_C-ERR05-b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
CERT_C-ERR05-c	The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used
CERT_C-INT31-o	Avoid integer overflows
CERT_CPP-ERR50-n	The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used
CERT_CPP-EXP52-d	The operand of the 'typeid' operator shall not contain any expression that has side effects
CERT_CPP-EXP52-e	The operand of the 'typeid' operator shall not contain a function call that causes side effects
CODSTA-204	Functions declared as 'noreturn' shall have the 'void' return type
CODSTA-CPP-103	Output parameters shall not be used
CODSTA-CPP-104_b	The operand of the 'typeid' operator shall not contain a function call that causes side effects
CODSTA-CPP-104	The operand of the 'typeid' operator shall not contain any expression that has side effects
CODSTA-MCPP-07_b	The 'binder1st' and 'binder2nd' identifiers should not be used
CODSTA-MCPP-13_b	The 'std::forward' function shall be used to forward universal references
CODSTA-MCPP-32	Static and thread-local objects shall be constant-initialized
CODSTA-MCPP-37	Derived classes that do not need further explicit initialization and require all the constructors from the base class shall use inheriting constructors
CODSTA-MCPP-38	Braced-initialization {}, without equals sign, shall be used for variable initialization
CODSTA-MCPP-39	A variable of type auto shall not be initialized using '{}' or '={}' braced-initialization
CODSTA-MCPP-40	Do not overuse 'auto' specifier
CODSTA-MCPP-41	The 'random_shuffle' identifier should not be used
CODSTA-MCPP-42	Do not use the increment operator (++) on an operand of type 'bool'
CODSTA-MCPP-43	The 'set_unexpected' identifier should not be used
CODSTA-MCPP-44	Lambda expressions should not be defined inside another lambda expression
CODSTA-MCPP-45	Return type of a non-void return type lambda expression should be explicitly specified
CODSTA-MCPP-46	Include a parameter list in every lambda expression
COMMENT-04_b	Document functions in comments that precede function declarations
COMMENT-14_b	Function parameters and return type should be documented in a comment that precedes the function declaration
COMMENT-14	All declarations of types, data members, and functions should be preceded by a comment annotated with the '@brief' tag
CWE-119-a	Avoid accessing arrays out of bounds
CWE-119-b	Avoid accessing arrays and pointers out of bounds
CWE-119-c	Avoid buffer overflow due to defining incorrect format limits
CWE-119-d	Avoid overflow when reading from a buffer
CWE-119-e	Avoid overflow when writing to a buffer
CWE-119-f	Avoid tainted data in array indexes
CWE-119-g	Prevent buffer overflows from tainted data
CWE-119-h	Avoid buffer read overflow from tainted data
CWE-119-i	Avoid buffer write overflow from tainted data
CWE-119-j	Suspicious use of 'strcpy' without checking size of source buffer
CWE-125-a	Avoid accessing arrays out of bounds
CWE-125-b	Avoid accessing arrays and pointers out of bounds
CWE-125-c	Avoid overflow when reading from a buffer
CWE-125-d	Avoid buffer read overflow from tainted data
CWE-190-a	Avoid integer overflows
CWE-190-b	Avoid possible integer overflow in expressions in which the result is cast to a wider integer type
CWE-190-c	Avoid possible integer overflow in expressions in which the result is assigned to a variable of a wider integer type
CWE-190-d	Avoid possible integer overflow in expressions in which the result is compared to an expression of a wider integer type
CWE-190-e	Integer overflow or underflow in constant expression in '+', '-', '*' operator
CWE-190-f	Integer overflow or underflow in constant expression in '<<' operator
CWE-190-g	Evaluation of constant unsigned integer expressions should not lead to wrap-around
CWE-20-a	Avoid tainted data in array indexes
CWE-20-b	Protect against integer overflow/underflow from tainted data
CWE-20-c	Avoid passing unvalidated binary data to log methods
CWE-20-d	Protect against command injection
CWE-20-e	Avoid printing tainted data on the output console
CWE-20-f	Protect against environment injection
CWE-20-g	Exclude unsanitized user input from format strings
CWE-20-h	Protect against SQL injection
CWE-20-i	Protect against file name injection
CWE-20-j	Untrusted data is used as a loop boundary
CWE-200-a	Do not print potentially sensitive information, resulting from an application error into exception messages
CWE-22-a	Protect against file name injection
CWE-269-a	Observe correct revocation order while relinquishing privileges
CWE-269-b	Ensure that privilege relinquishment is successful
CWE-287-a	Do not use weak encryption functions
CWE-326-a	Do not use weak encryption functions
CWE-362-a	Usage of functions prone to race is not allowed
CWE-362-b	Avoid race conditions while accessing files
CWE-362-c	Use locks to prevent race conditions when modifying bit fields
CWE-362-d	Avoid race conditions when using fork and file descriptors
CWE-362-e	Do not use global variable with different locks set
CWE-400-a	Do not create variables on the stack above the defined limits
CWE-415-a	Do not use resources that have been freed
CWE-416-a	Do not use resources that have been freed
CWE-416-b	Do not point to a wrapped object that has been freed
CWE-416-c	Freed memory shouldn't be accessed under any circumstances
CWE-426-a	Use care to ensure that LoadLibrary() will load the correct library
CWE-476-a	Avoid null pointer dereferencing
CWE-476-b	Do not check for null after dereferencing
CWE-611-a	Disable resolving XML external entities (XXE) in libxerces-c
CWE-617-a	Do not use assertions
CWE-704-a	Conversions shall not be performed between a pointer to a function and any other type than pointer to function
CWE-704-b	Conversions shall not be performed between non compatible pointer to a function types
CWE-704-c	Conversions shall not be performed between a pointer to an incomplete type and any other type
CWE-704-d	A cast shall not be performed between a pointer to object type and a pointer to a different object type
CWE-704-e	A conversion should not be performed between a pointer to object type and an integer type other than 'uintptr_t' or 'intptr_t'
CWE-704-f	A conversion should not be performed from pointer to void into pointer to object
CWE-704-g	A cast shall not be performed between pointer to void and an arithmetic type
CWE-704-h	An implicit conversion shall not be performed between pointer to void and an arithmetic type
CWE-704-i	A cast shall not be performed between pointer to object and a non-integer arithmetic type
CWE-704-j	Implicit conversions from wider to narrower integral type which may result in a loss of information shall not be used
CWE-704-k	Implicit conversions from integral to floating type which may result in a loss of information shall not be used
CWE-704-l	Implicit conversions from integral constant to floating type which may result in a loss of information shall not be used
CWE-732-a	Call 'umask' before calling 'mkstemp'
CWE-732-b	Specify the access permission bits if a file is created using the 'open' or 'openat' system call
CWE-770-a	Ensure resources are freed
CWE-772-a	Ensure resources are freed
CWE-772-b	Define a virtual destructor in classes used as base classes which have virtual functions
CWE-78-a	Protect against command injection
CWE-787-a	Avoid accessing arrays out of bounds
CWE-787-b	Avoid accessing arrays and pointers out of bounds
CWE-787-c	Avoid buffer overflow due to defining incorrect format limits
CWE-787-d	Avoid overflow when writing to a buffer
CWE-787-e	Prevent buffer overflows from tainted data
CWE-787-f	Avoid buffer write overflow from tainted data
CWE-798-a	Do not hard code string literals
CWE-835-a	Avoid infinite loops
CWE-863-a	Do not use 'cuserid' function
CWE-89-a	Protect against SQL injection
EXCEPT-22	Checked exceptions that could be thrown from a function shall be specified in the comment directly before the function declaration
EXCEPT-23	Do not use throw exception specifications
EXCEPT-24	Where multiple handlers are provided in a single 'try-catch' statement or 'function-try-block', any ellipsis (catch-all) handler shall occur last
EXCEPT-25	Do not leave 'catch' blocks empty
EXCEPT-26	Avoid using catch-all exception handlers
GLOBAL-REUSEDQUALGLOBVAR	The identifier name of a non-member object with static storage duration shall not be reused within a namespace
GLOBAL-REUSEDQUALSTATFUN	The identifier name of a non-member static function shall not be reused within a namespace
HICPP-17_2_1-b	The error indicator 'errno' shall not be used
HICPP-5_1_6-e	The operand of the 'typeid' operator shall not contain any expression that has side effects
HICPP-5_1_6-f	The operand of the 'typeid' operator shall not contain a function call that causes side effects
INIT-17	User-defined constructors that initialize data members with the same constant values across all constructors should initialize using NSDMI instead
JSF-024_b	The library function 'exit' of <stdlib.h> shall not be used
JSF-024_c	The library function 'getenv' of <stdlib.h> shall not be used
JSF-024_d	The library function 'system' of <stdlib.h> shall not be used
JSF-134_b	Document functions in comments that precede function declarations
MISRA2004-20_11_b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRA2004-20_11_c	The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRA2004-20_11_d	The 'system()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRA2008-18_0_3_b	The library function 'exit' of <stdlib.h> shall not be used
MISRA2008-18_0_3_c	The library function 'getenv' of <stdlib.h> shall not be used
MISRA2008-18_0_3_d	The library function 'system' of <stdlib.h> shall not be used
MISRA2012-RULE-21_8_b	The library function 'exit' of <stdlib.h> shall not be used
MISRA2012-RULE-21_8_c	The library function 'getenv' of <stdlib.h> shall not be used
MISRA2012-RULE-21_8_d	The library function 'system' of <stdlib.h> shall not be used
MISRA2012-RULE-2_2_b	Avoid unused values
MISRAC2012-RULE_21_8-b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRAC2012-RULE_21_8-c	The 'system()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRAC2012-RULE_21_8-d	The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
MISRAC2012-RULE_2_2-b	Avoid unused values
MRM-56	Copy assignment operators should not have side effects that could affect copying the object
MRM-57	Move assignment operators should not have side effects that could affect moving the object
OPT-42	There shall be no unused named parameters in virtual functions
OWASP2017-A1-a	Avoid passing unvalidated binary data to log methods
OWASP2017-A1-b	Protect against command injection
OWASP2017-A1-c	Avoid printing tainted data on the output console
OWASP2017-A1-d	Protect against environment injection
OWASP2017-A1-e	Exclude unsanitized user input from format strings
OWASP2017-A1-f	Protect against SQL injection
OWASP2017-A10-a	All exceptions should be rethrown or logged with standard logger
OWASP2017-A2-a	Do not use weak encryption functions
OWASP2017-A3-a	Properly seed pseudorandom number generators
OWASP2017-A4-a	Disable resolving XML external entities (XXE) in libxerces-c
OWASP2017-A5-a	Protect against file name injection
OWASP2017-A5-b	Observe correct revocation order while relinquishing privileges
OWASP2017-A5-c	Ensure that privilege relinquishment is successful
OWASP2017-A6-a	Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class
OWASP2017-A6-b	Do not leave 'catch' blocks empty
OWASP2017-A6-c	Properly use errno value
PB-75_b	The 'exit()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
PB-75_c	The 'quick_exit()' and '_Exit()' functions from the 'stdlib.h' or 'cstdlib' library shall not be used
PB-76	C-style strings shall not be used
PB-77	Expression statements shall not be explicit calls to constructors of temporary objects only
SECURITY-48_b	The 'system()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
SECURITY-51	Do not use the 'char' buffer to store input from 'std::cin'
SECURITY-52	The 'getenv()' function from the 'stdlib.h' or 'cstdlib' library shall not be used
TEMPL-17	Use a trailing return type syntax if the return type is preceded by the 'typename' keyword

Updated Rules

We've updated following static analysis rules to improve analysis results:

Rule Category	Rule IDs
AUTOSAR C++14 Coding Guidelines	AUTOSAR-A0_1_4-a, AUTOSAR-A12_1_1-b, AUTOSAR-A12_8_4-a, AUTOSAR-A13_5_4-b, AUTOSAR-A15_4_1-a, AUTOSAR-A15_5_2-b, AUTOSAR-A18_0_1-a, AUTOSAR-A18_9_2-a, AUTOSAR-A27_0_1-d, AUTOSAR-A27_0_2-b, AUTOSAR-A2_8_1-a, AUTOSAR-A3_8_1-a, AUTOSAR-A3_8_1-b, AUTOSAR-A5_1_3-a, AUTOSAR-A5_2_5-c, AUTOSAR-A8_4_5-a, AUTOSAR-A8_4_6-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_3-b, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-c, AUTOSAR-M0_3_1-h, AUTOSAR-M0_3_1-j, AUTOSAR-M18_0_3-a, AUTOSAR-M2_13_2-a, AUTOSAR-M5_0_16-b, AUTOSAR-M5_0_18-a, AUTOSAR-M5_0_2-e, AUTOSAR-M5_3_4-c, AUTOSAR-M5_8_1-a, AUTOSAR-M7_5_1-a, AUTOSAR-M8_5_2-c
Flow Analysis	BD-CO-ITOUT, BD-PB-CC, BD-PB-CHECKRET, BD-PB-DEREF, BD-PB-NOTINIT, BD-PB-OVERFFMT, BD-PB-OVERFWR, BD-PB-OVERLAP, BD-PB-PTRARR, BD-PB-SIGHAN, BD-RES-FREE, BD-RES-INVFREE, BD-SECURITY-OVERFFMT, BD-TRS-MLOCK, BD-TRS-ORDER
SEI CERT C	CERT_C-API01-a, CERT_C-ARR38-b, CERT_C-ARR38-c, CERT_C-CON31-b, CERT_C-CON31-c, CERT_C-DCL10-a, CERT_C-DCL11-a, CERT_C-DCL11-b, CERT_C-DCL11-c, CERT_C-DCL11-d, CERT_C-DCL11-e, CERT_C-DCL11-f, CERT_C-DCL18-b, CERT_C-DCL30-a, CERT_C-ENV01-c, CERT_C-ERR04-a, CERT_C-ERR05-a, CERT_C-EXP33-a, CERT_C-EXP39-d, CERT_C-EXP44-b, CERT_C-FIO46-a, CERT_C-FIO47-a, CERT_C-FIO47-b, CERT_C-FIO47-c, CERT_C-FIO47-d, CERT_C-FIO47-e, CERT_C-FIO47-f, CERT_C-INT31-i, CERT_C-MEM00-d, CERT_C-MEM01-a, CERT_C-MEM30-a, CERT_C-MEM34-a, CERT_C-MSC13-a, CERT_C-MSC14-a, CERT_C-MSC15-a, CERT_C-MSC24-b, CERT_C-POS51-a, CERT_C-SIG30-a, CERT_C-SIG31-a, CERT_C-SIG34-a, CERT_C-STR31-b
SEI CERT C++	CERT_CPP-CON53-a, CERT_CPP-ERR50-l, CERT_CPP-EXP52-c, CERT_CPP-EXP53-a, CERT_CPP-EXP54-a, CERT_CPP-EXP54-b, CERT_CPP-MEM50-a, CERT_CPP-MSC54-a, CERT_CPP-STR50-c
Coding Conventions	CODSTA-102, CODSTA-103, CODSTA-116, CODSTA-13, CODSTA-163_b, CODSTA-22
Coding Conventions for C++	CODSTA-CPP-59, CODSTA-CPP-86
Coding Conventions for Modern C++	CODSTA-MCPP-10_a CODSTA-MCPP-13
Comments	COMMENT-04
Formatting	FORMAT-43
High Integrity C++	HICPP-12_4_2-a, HICPP-17_2_1-a, HICPP-17_3_2-a, HICPP-18_2_2-a, HICPP-18_3_2-a, HICPP-1_2_1-i, HICPP-1_3_1-a, HICPP-1_3_3-a, HICPP-1_3_5-a, HICPP-2_5_2-a, HICPP-3_4_1-a, HICPP-3_5_1-d, HICPP-4_2_2-a, HICPP-5_1_3-a, HICPP-5_1_5-a, HICPP-5_1_6-c, HICPP-7_1_7-a, HICPP-8_4_1-a, HICPP-8_4_1-b
Initialization	INIT-05, INIT-06
Joint Strike Fighter	JSF-024, JSF-060_b, JSF-071_b, JSF-077, JSF-085_a, JSF-111, JSF-117_b, JSF-134, JSF-139, JSF-143_a, JSF-149, JSF-164, JSF-166_c, JSF-171, JSF-181_a, JSF-203, JSF-204_a, JSF-204_b
MISRA C 1998	MISRA-027, MISRA-044, MISRA-051
MISRA C 2004	MISRA2004-12_1_e, MISRA2004-12_3_c, MISRA2004-12_8, MISRA2004-17_3, MISRA2004-17_6_a, MISRA2004-20_11, MISRA2004-7_1_a, MISRA2004-9_2_c
MISRA C++ 2008	MISRA2008-0_1_11, MISRA2008-0_1_3_a, MISRA2008-0_1_3_b, MISRA2008-0_3_1_d, MISRA2008-0_3_1_f, MISRA2008-0_3_1_h, MISRA2008-0_3_1_j, MISRA2008-18_0_1, MISRA2008-18_0_3, MISRA2008-2_13_2_a, MISRA2008-5_0_16_b, MISRA2008-5_0_18, MISRA2008-5_0_2_e, MISRA2008-5_3_4_c, MISRA2008-5_8_1, MISRA2008-7_5_1, MISRA2008-7_5_2_a, MISRA2008-8_5_2_c
MISRA C 2012	MISRAC2012-DIR_4_1-d, MISRAC2012-DIR_4_1-f, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_1-j, MISRAC2012-DIR_4_13-b, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_14-i, MISRAC2012-DIR_4_7-a, MISRAC2012-RULE_10_3-b, MISRAC2012-RULE_12_1-a, MISRAC2012-RULE_12_2-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_16_1-g, MISRAC2012-RULE_16_5-a, MISRAC2012-RULE_18_1-c, MISRAC2012-RULE_18_3-a, MISRAC2012-RULE_18_6-a, MISRAC2012-RULE_19_1-c, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-c, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_1_3-m, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_8-a, MISRAC2012-RULE_22_2-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_22_6-a, MISRAC2012-RULE_7_1-a, MISRAC2012-RULE_9_1-a
Memory and Resource Management	MRM-41
Naming Conventions	NAMING-32
Optimization	OPT-02, OPT-02, OPT-03, OPT-05, OPT-06, OPT-29, OPT-31
Possible Bugs	PB-11, PB-18, PB-22, PB-23, PB-45, PB-46, PB-47, PB-48, PB-49, PB-50, PB-73, PB-75
Security	SECURITY-14

Removed Rules

The following rules have been removed:

AUTOSAR-A13_5_4-a
AUTOSAR-A17_1_1-b
CERT_C-ENV33-b
CERT_C-EXP45-a
CERT_C-EXP45-c
CERT_C-FLP37-a
CERT_C-FLP37-b
CERT_C-INT36-a

Page tree

Updates in 10.4.3