core.DivideZeroCheck for division by zerovoid test(int z) { if (z == 0) int x = 1 / z; // warn }Robustness
core.NonNullParamCheckerCheck for null pointers passed as arguments to a function whose arguments are references or marked with the ‘nonnull’ attributeint f(int *p) __attribute__((nonnull)); void test(int *p) { if (!p) f(p); // warn }Robustness
core.NullDereferenceCheck for dereferences of null pointersvoid test(int *p) { if (p) return; int x = p[0]; // warn }Robustness
core.StackAddressEscapeCheck that addresses to stack memory do not escape the functionchar const *p; void test() { char const str[] = “string”; p = str; // warn }Robustness
core.uninitialized.ArraySubscriptCheck for uninitialized values used as array subscriptsvoid test() { int i, a[10]; int x = a[i]; // warn: array subscript is undefined }Robustness
cplusplus.NewDeleteCheck for double-free and use-after-free problems. Traces memory managed by new/delete.void f(int *p); void testUseMiddleArgAfterDelete(int *p) { delete p; f(p); // warn: use after free }Robustness
cplusplus.NewDeleteLeaksCheck for memory leaks. Traces memory managed by new/delete.void test() { int *p = new int; } // warnResource Utilization
cplusplus.SelfAssignmentChecks C++ copy and move assignment operators for self assignmentResource Utilization
optin.cplusplus.VirtualCallCheck virtual function calls during construction or destructionRobustness
osx.coreFoundation.CFRetainReleaseCheck for null arguments to CFRetain/CFRelease/CFMakeCollectablevoid test(CFTypeRef p) { if (!p) CFRetain(p); // warn }Robustness
osx.coreFoundation.containers.OutOfBoundsChecks for index out-of-bounds when using ‘CFArray’ APIvoid test() { CFArrayRef A = CFArrayCreate(0, 0, 0, &kCFTypeArrayCallBacks); CFArrayGetValueAtIndex(A, 0); // warn }Robustness
osx.coreFoundation.containers.PointerSizedValuesWarns if ‘CFArray’, ‘CFDictionary’, ‘CFSet’ are created with non-pointer-size valuesvoid test() { int x[] = { 1 }; CFArrayRef A = CFArrayCreate(0, (const void **)x, 1, &kCFTypeArrayCallBacks); // warn }Robustness
osx.NumberObjectConversionCheck for erroneous conversions of objects representing numbers into numbersNSNumber *photoCount = [albumDescriptor objectForKey:@”PhotoCount”]; // Warning: Comparing a pointer value of type ‘NSNumber *’ // to a scalar integer value if (photoCount > 0) { [self displayPhotos]; }Robustness
security.FloatLoopCounterWarn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)void test() { for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn }Robustness
security.insecureAPI.UncheckedReturnWarn on uses of functions whose return values must be always checkedvoid test() { setuid(1); // warn }Maintainability
unix.MallocCheck for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free().void test() { int *p = malloc(1); free(p); free(p); // warn: attempt to free released memory }Robustness
unix.MismatchedDeallocatorCheck for mismatched deallocators.// C, C++ void test() { int *p = (int *)malloc(sizeof(int)); delete p; // warn }Robustness
alpha.valist.UninitializedExperimental: Check for usages of uninitialized (or already released) va_lists.Robustness
alpha.valist.UnterminatedExperimental: Check for va_lists which are not released by a va_end call.Robustness