| Name | Checked | Synopsis |
|---|
|
2.2#1
|
 |
Comments shall not be nested. |
|
2.3#1
|
|
Identifiers reserved by Standard C must not be used. |
|
2.3#2
|
|
Identifiers shall not use more than the maximum number of characters required for unique identification as specified in the compliance matrix, described in section 1.7. |
|
2.5.2#1
|
|
Only ANSI defined escape sequences shall be used. |
|
2.5.4#1
|
|
String literals must have a formally defined value. |
|
6#1
|
|
Make implicit conversions explicit. |
|
6.2#1
|
|
Since conversion between signed and unsigned integral types involves implementation defined behaviour, signed and unsigned data items shall not be mixed within the same expression. |
|
6.2#2
|
|
Use unsigned only where necessary. |
|
6.3#1
|
|
Values shall not be implicitly converted to a narrower type. |
|
6.3#2
|
|
Floating values should not be converted to integral types except through use of standard library routines. |
|
6.3#3
|
|
Conversion of integral values to floating types should be avoided since loss of precision can occur. |
|
6.4#1
|
|
Mixed precision arithmetic should be avoided if possible. |
|
6.5#1
|
|
Mixed type arithmetic should be avoided. |
|
6.5#2
|
|
Array indices must be within bounds. |
|
6.6#1
|
|
Pointer to and from integer conversions shall not be used. |
|
6.9#1
|
|
Pointers must not be cast to have potentially stricter alignment. |
|
6.9#2
|
|
Pointers should not be type cast in general. |
|
7#1
|
|
Expressions which either mix operators from the set >, >=, <, <=, ==, !=, with operators from the set <<, >>, ^, &, |, &&, || or which use two or more distinct operators from the latter set shall be fully parenthesised and make no use of the C precedence rules. |
|
7#2
|
|
Expressions shall not contain multiple side-effects due either to the same identifier being modified more than once, or due to the same identifier being modified and accessed. |
|
7#3
|
|
Expressions containing multiple function references should be avoided due to the possibility of side-effects occurring in an undefined order. |
|
7.2#1
|
|
Void expressions have no value and must not be used in other expressions. |
|
7.2#2
|
|
Constant expressions must not lead to division by zero. |
|
7.2#3
|
|
The value of an incomplete 'union' must not be used. |
|
7.2#4
|
|
The value of an incomplete 'struct' must not be used. |
|
7.3.4#1
|
|
The increment and decrement operators should not be mixed with prefix forms in the same expression. |
|
7.4.5#1
|
|
Unary minus shall not be applied to an unsigned expression. |
|
7.4.8#1
|
|
sizeof shall not be applied to an expression with side-effects. |
|
7.4.8#2
|
|
Wherever possible, use sizeof entity; rather than sizeof (type); |
|
7.5#1
|
|
Expressions shall not be cast to the same type. |
|
7.5#2
|
|
Explicit casting from and to any other type from void * is forbidden. |
|
7.5#3
|
|
Avoid explicit casting where possible. |
|
7.8#1
|
|
The right operand of a shift operator in a constant expression must not be negative or imply too large a shift. |
|
7.8#2
|
|
The left operand of a shift operator must not be signed. |
|
7.8#3
|
|
Left shifts in constant expressions shall not be such as to truncate any bits from the result. |
|
7.9#1
|
|
The operands of relational operators should be parenthesised unless both are simple values, identifiers, or function calls. |
|
7.10#1
|
|
Floating point expressions shall not be compared using either the == or != operators. |
|
7.10#2
|
|
The operands of equality operators should be parenthesised unless both are simple values, identifiers, or function calls. |
|
7.14#1
|
|
The right-hand operand of the logical AND operator shall not contain any side-effects because it is conditionally executed. |
|
7.14#2
|
|
The operands of logical AND should be parenthesised unless both are simple values, identifiers, or function calls. |
|
7.15#1
|
|
The right-hand operand of the logical OR operator shall not contain any side-effects because it is conditionally executed. |
|
7.15#2
|
|
The operands of logical OR shall be parenthesised unless both are simple values, identifiers, or function calls. |
|
7.16#1
|
|
The second and third operands of the conditional operator shall not contain side-effects because they are conditionally executed. |
|
7.16#2
|
|
Use parentheses to improve readability of the conditional operator. |
|
7.16#3
|
|
The convenience of the conditional operator should be weighed against the clarity of the code. |
|
7.18#1
|
|
The comma operator must be used only within a for statement or within macros. |
|
7.18#2
|
|
In general, the comma operator should be avoided. |
|
7.19#1
|
|
Arithmetic operations on constant expressions must not lead to wrapround |
|
8#1
|
|
Any specifiers present should appear in the following order: typedef, storage-class-specifier, type-specifier. |
|
8.1#1
|
|
The address of an array declared with register is undefined and shall not be used. |
|
8.1#2
|
|
Since auto is almost always redundant it shall be omitted to avoid cluttering up declarations. |
|
8.1#3
|
|
register is a hint to the compiler. |
|
8.2#1
|
|
const and volatile, if present, should appear before other type-specifiers. |
|
8.3#1
|
|
Use of a tag must agree with its declaration |
|
8.3#2
|
|
The concept of union whereby different kinds of data can be manipulated in a single area of storage is allowed only as the solution to certain kinds of problem but caution is urged in its use. |
|
8.3#3
|
|
Bit fields must be of type int, signed or unsigned int only. |
|
8.3#4
|
|
Do not use bit fields. |
|
8.3#5
|
|
Signed bit-fields must not be of size 1. |
|
8.3#6
|
|
The use of typedef to declare a struct or union is strongly recommended. |
|
8.4#1
|
|
Only the first member of an enum may be explicitly initialised, if any, unless all items are explicitly initialised. |
|
8.4#2
|
|
enum should be used with caution. |
|
8.6.2#1
|
|
An array base type must not have function type. |
|
8.6.2#2
|
|
Arrays must not be constructed from incomplete types. |
|
8.6.3#1
|
|
Function prototype declarations and definitions of user-supplied functions shall be used |
|
8.6.3#2
|
|
Function return types shall be explicitly given. |
|
8.6.3#3
|
|
Pointers to functions should be declared and indirected using a typedef. |
|
8.7#1
|
|
The initialiser for a struct, union or array bound, must be enclosed in braces. |
|
8.7#2
|
|
Initialisers for a struct or union must have compatible type |
|
8.7#4
|
|
For nested initialisers, the braces should match the structure. |
|
8.9#1
|
|
An identifier declared as a typedef, must not be redeclared in an inner scope without a type specifier. |
|
8.9#2
|
|
An identifier declared as a typedef, must not be redeclared as a member of a struct or union without a type specifier. |
|
9.1#1
|
|
Statements must not be labelled. |
|
9.1#2
|
|
Only a conventional case .. default construct may follow a switch statement. |
|
9.1#3
|
|
A label should be on a separate line |
|
9.2#1
|
|
A statement must have a side-effect, i.e., it must do something. |
|
9.2#2
|
|
A null statement, if used, shall appear on a line by itself. |
|
9.4#1
|
|
Controlling expressions shall not contain assignments. |
|
9.4#2
|
|
To clarify the actual test performed in a selection statement, there should be an explicit comparison operator unless the compared object is of effectively 'Boolean' type. |
|
9.4.1#1
|
|
Multiple choice constructs programmed using if ... else if ... shall have a "catch-all" clause. |
|
9.4.1#2
|
|
The else and if should appear with the else indented to match the if above. |
|
9.4.1#5
|
|
An if statement must be followed by a {..} construct even when only one statement, (null (;) or otherwise) is used. |
|
9.4.1#6
|
|
An if statement must not lead to a degenerate comparison, for example the comparison of an unsigned quantity against a negative-valued constant. |
|
9.4.2#1
|
|
All switch statements shall have a default clause, even if that clause is empty. |
|
9.4.2#2
|
|
Each case clause and default clause shall be terminated by a break statement unless empty. |
|
9.4.2#3
|
|
The default clause should be the last entry in the switch statement. |
|
9.4.2#5
|
|
The switch expression shall not contain the ">", ">=", "<", "<=", "==", "!=", "&&", "||" or "!" operators. |
|
9.4.2#6
|
|
The switch expression shall contain at least one case label. |
|
9.5#1
|
|
To clarify the actual test performed in an iteration statement, there should be an explicit comparison operator. |
|
9.5.1#1
|
|
A while statement must be followed by a {..} construct. |
|
9.5.2#1
|
|
A for statement must be followed by a {..} construct even if only one statement is used. |
|
9.5.2#2
|
|
The use of floating point variables as loop variables is forbidden. |
|
9.5.2#3
|
|
A control variable shall not be altered by the body of a for statement. |
|
9.5.2#4
|
|
Only loop control variable expressions should appear in the for statement. |
|
9.5.2#5
|
|
Use a "for" loop construction for an infinite loop. |
|
9.6.1#1
|
|
The break statement should not be used to exit from an iteration statement, (for or while). |
|
9.6.2#1
|
|
The continue statement shall not be used. |
|
9.6.3#1
|
|
The address of an object of automatic storage shall not be returned. |
|
9.6.3#2
|
|
There should only be one return statement in a function returning non-void and this should appear at the bottom of the function. There should be no return statement in a function returning void. |
|
9.7#1
|
|
The goto statement is unstructured and shall not be used. |
|
10.1#1
|
|
Function return types must not use const or volatile. |
|
10.1#2
|
|
A parameter must not have void type. |
|
10.1#3
|
|
Identifiers must be given for all or none of the parameters in a function prototype declaration. |
|
10.1#4
|
|
A function return expression must be compatible with its implicitly or explicitly defined type. If a function has a non-void return type, then it must contain only com-patible return statements |
|
10.1#5
|
|
main() must have a defined type of int (void) or int (int, char *[]). |
|
10.1#6
|
|
Explicit use of exit is not recommended. |
|
10.1#7
|
|
No attempt must be made to use the result of a function returning void. |
|
10.1#8
|
|
No const qualified void function of any kind is allowed. |
|
10.1#9
|
|
Identifiers in function definition and declaration should be the same. |
|
10.2#1
|
|
A function declared locally must have no storage-class specifier other than 'extern'. |
|
10.2#2
|
|
Functions should not be declared locally. |
|
10.2#3
|
|
An external identifier declaration after a previous external declaration must not have a different type. |
|
10.2#4
|
|
All array types shall be complete by the end of the compilation unit |
|
11.1#1
|
|
Identifiers shall not be redeclared within nested scopes. |
|
11.2#1
|
|
Objects must not have incomplete type and no linkage |
|
11.2#2
|
|
Variables must not have both internal and external linkage. |
|
11.2#3
|
|
Variables must not have more than one definition with external linkage. |
|
11.2#4
|
|
Identifiers with internal linkage (static) must have complete type |
|
12#1
|
|
All identifiers used in preprocessor directives shall be defined. |
|
12#2
|
|
Avoid esoteric aspects of preprocessing such as token pasting, text after #else or #endif, or relying on macro argument substitution within string literals. |
|
12.1#1
|
|
Trigraphs shall not be used. |
|
12.1#2
|
|
Avoid writing two adjacent question marks anywhere within your source code. |
|
12.3#1
|
|
Always enclose any instances of macro parameters within parentheses. |
|
12.3#2
|
|
If a macro body contains any operator, enclose it within parentheses. |
|
12.3#3
|
|
Do not use macros to redefine keywords. |
|
12.3#4
|
|
Avoid defining macros with unbalanced brackets or parentheses. |
|
12.3#5
|
|
Macros should behave like symbolic constants or functions, (as function-like macros). |
|
12.3#6
|
|
Use const to provide typed constants in preference to #define where legal and appropriate to do so. |
|
12.3#7
|
|
Use functions in preference to function-like macros unless performance is a genuine issue. |
|
12.3#8
|
|
Defining a macro called defined or attempting to #undef it, is forbidden. |
|
12.3#9
|
|
Attempting to #define or #undef any of __LINE__, __FILE__, __DATE__, __TIME__, or __STDC__ is forbidden. |
|
12.3#10
|
|
A function-like macro must be supplied with its expected arguments. |
|
12.3#11
|
|
Macro arguments must not contain a sequence of tokens which look like a preprocessor directive. |
|
12.3.1#1
|
|
A macro shall not comprise both the "#" and "##" operators simultaneously. |
|
12.3.2#1
|
|
The result of the "##" operator shall be a legal pre-processing token. |
|
12.4#1
|
|
The #include directive must only be followed by a <...> or a "..." file sequence. |
|
12.4#2
|
|
Use of the ' " \ or /* characters in the #include file sequence <...> or "...", is forbidden. |
|
12.5#1
|
|
The defined macro must appear in the form 'defined(identifier)' or 'defined identifier'. |
|
12.6#1
|
|
The #line directive shall specify a line number in the range 1 to 32767. |
|
12.8#1
|
|
The #pragma directive shall not be used without sign-off according to local quality procedures. |
|
12.9#1
|
|
The null preprocessor directive # should not be used. |
|
13#1
|
|
Functions shall be restricted to have a maximum decision count prescribed in the appropriate compliance table as measured by a recommended tool unless there is specific sign-off according to local procedures to the effect that this does not prejudice the reliability of the code and does not inhibit satisfactory test coverage. |
|
13#2
|
|
Functions shall be restricted to have a maximum static path count prescribed in the appropriate compliance table as measured by a recommended tool unless there is specific sign-off according to local procedures to the effect that this does not prejudice the reliability of the code and does not inhibit satisfactory test coverage. |
|
13#3
|
|
Functions shall be restricted to have a maximum cyclomatic complexity. |
|
14#1
|
|
The dynamic memory allocation functions malloc, realloc and calloc shall not be used directly. |
|
14#2
|
|
The signal handling routine signal and the non-specific jump functions setjmp and longjmp shall not be used without specific sign-off according to local procedures. |
|
14#3
|
|
None of the following functions should be used directly if possible: ungetc, fopen, fgetpos, ftell, gets, remove, rename, bsearch, qsort, time, date, clock, isalnum, isalpha, iscntrl, islower, isprint, isupper, perror, strerror, calloc, malloc, realloc, exit, fmod. |
|
A.2.4#1
|
|
Only one identifier shall be declared on each source line. |
|
A.2.5#1
|
|
Only one statement shall appear on each source line. |
|
A.2.5#2
|
|
All control statements shall be fully brace enclosed. |
|
A.2.5#3
|
|
A consistent style of indentation should be adopted |
|
A.2.5#4
|
|
Braces should be indented to the same level as the control statement with which they are associated |
|
A.3.1#2
|
|
Every header file shall use #ifndef .. #endif to prevent its body being #included multiple times. |
|
A.5.1#1
|
|
C++ keywords must not be used as identifiers |
|
C#1
|
|
Make sure enums are not mixed with other types. |
|
C#2
|
|
The #error directive should be used with caution. |
|
C#3
|
|
Preprocessor directives should begin in column 1 and there should be no white space between the # and the directive keyword. |
