DATASHEET
HKMC C++ Rule Enforcement
Hyundai Motor Group - Secure C++ Coding Guide for Automotive Embedded System
Version 4.1
ENFORCEMENT FOR KW 2023.4
Total | ||
|---|---|---|
a | Total Number of Rules | 80 |
b | Total Number of ‘Not Statically Enforceable’ Rules (Assisted/Unassisted) | 0 |
c | Total Number of Enforceable Rules (a-b) | 80 |
d | Total Number of Enforced Rules | 55 |
e | Total Number of Unenforced Rules | 25 |
f | Enforce Rules Percentage (d/c) | 69% |
g | Unenforced Rules Percentage (e/c) | 31% |
Rule ID | Description | Enforced |
|---|---|---|
3 Code Error | ||
3.1 Declarations and Initialization | ||
P-DCL-001 | Do not define a C-style variadic function | Yes |
P-DCL-002 | Do not declare or define a reserved identifier | Yes |
P-DCL-003 | Do not qualify a reference type with const or volatile | Yes |
P-DCL-004 | Do not write syntactically ambiguous declarations | Yes |
P-DCL-005 | Overload allocation and deallocation functions as a pair in the same scope | Yes |
P-DCL-006 | Attention of data leaks when passing class objects across trust boundaries | Yes |
P-DCL-007 | Do not reenter of function during initialization of static objects | Yes |
P-DCL-008 | Prevent termination due to exceptions in destructors or deallocation functions | Yes |
P-DCL-009 | Do not modify the standard namespaces | Yes |
P-DCL-010 | Do not define an unnamed namespace in a header file | Yes |
P-DCL-011 | Compliance of ODR (One-Definition Rule) | Yes |
3.2 Integers, Characters and Strings | ||
P-INT-001 | Do not cast to an out-of-range enumeration value | No |
P-STR-001 | Guarantee that storage for strings has sufficient space for character data and the null terminator | Yes |
P-STR-002 | Do not create a std::string with a null pointer | Yes |
P-STR-003 | Do not use invalid references, pointers, and iterators when referencing to basic_string | Yes |
P-STR-004 | Range check required when accessing string | Yes |
3.3 Expressions | ||
P-EXP-001 | Attention to the order of evaluation that causes the side effects | Yes |
P-EXP-002 | Do not delete an array through a pointer of the incorrect type | Yes |
P-EXP-003 | Attention to use expressions that do not evaluate(calculate) operands | Yes |
P-EXP-004 | Do not reference memory before initialized | Yes |
P-EXP-005 | Do not access an object of its lifetime | Yes |
P-EXP-006 | Do not access a CV variable through a CV (const or volatile) unqualified variable | Yes |
P-EXP-007 | Calling va_start requires passing an object of the appropriate type | No |
P-EXP-008 | Use offsetof() on valid types and members | No |
P-EXP-009 | Assurance that a lambda object is shorter than lifecycle of reference captured objects | No |
P-EXP-010 | Do not access the bits that are not part of the object’s value | No |
P-EXP-011 | Do not rely on the value of moved from object | No |
3.4 Containers | ||
P-CTR-001 | Guarantee that container indices and iterators are within the valid range | Yes |
P-CTR-002 | Do not use valid references, pointer, and iterators to reference element of a container | Yes |
P-CTR-003 | Overflow protection required when copying data | No |
P-CTR-004 | Use valid iterator ranges | Yes |
P-CTR-005 | Do not subtract iterators that do not refer to the same container | No |
P-CTR-006 | Do not use an additive operator on an iterator if the result would overflow | No |
P-CTR-007 | Do not use pointer arithmetic on polymorphic objects | No |
3.5 Exception Handling | ||
P-ERR-001 | Do not abruptly terminate the program | Yes |
P-ERR-002 | Need to handle all exceptions | Yes |
P-ERR-003 | Do not use setjmp() or longjmp() | Yes |
P-ERR-004 | Do not reference base classes or class data members in a constructor or destructor function-try-block handler | Yes |
P-ERR-005 | Exception handling in order from lowest class to highest class | Yes |
P-ERR-006 | Specify the exception exactly | No |
P-ERR-007 | Guarantee exception safety | No |
P-ERR-008 | Prevent to leak resources when handling exceptions | Yes |
P-ERR-009 | Handle all exceptions before main() begins executing | No |
P-ERR-010 | Catch exceptions by lvalue reference | Yes |
P-ERR-011 | Detect errors when converting a string to a number | Yes |
P-ERR-012 | Undetected exception handling | No |
P-ERR-013 | Catch declaration for common exceptions | No |
P-ERR-014 | Throw declarations for general exceptions | No |
4 Code Quality | ||
4.1 Memory Managements | ||
P-MEM-001 | Do not reference to deallocated memory | Yes |
P-MEM-002 | Properly deallocate dynamically allocated resources | Yes |
P-MEM-003 | Detect and handle memory allocation errors | Yes |
P-MEM-004 | Explicitly construct and destruct objects when manaing object lifecycle | No |
P-MEM-005 | Provide placement new with properly aligned pointers to sufficient storage capacity | No |
P-MEM-006 | Do not store an already-owned pointer value in an unrelated smart pointer | No |
P-MEM-007 | Memory release missing after lifetime | Yes |
4.2 Object Oriented Programming | ||
P-OOP-001 | Do not invoke virtual functions from constructors or destructors | Yes |
P-OOP-002 | Do not slice derived objects | No |
P-OOP-003 | Do not delete a polymorphic object without a virtual destructor | Yes |
P-OOP-004 | Write constructor member initializers in the fixed order | Yes |
P-OOP-005 | Correctly handle self-copy assignment | Yes |
P-OOP-006 | Do not use pointer-to-member operators to access nonexistent members | Yes |
P-OOP-007 | Prefer special member functions and overloaded operators over the C standard library | Yes |
P-OOP-008 | Do not modify the source object in copy operators | Yes |
P-OOP-009 | Public static field do not mark as final | Yes |
P-OOP-010 | Important data element public declaration | Yes |
P-OOP-011 | Access critical private variables through public methods | Yes |
4.3 Input and Output | ||
P-FIO-001 | Do not alternately input and output operations without calling intermediate positioning functions from the file stream | No |
P-FIO-002 | Close file pointers that are no longer needed | Yes |
4.4 Concurrency | ||
P-CON-001 | Do not destroy a mutex while it is locked | Yes |
P-CON-002 | Unlocking mutex on exception | No |
P-CON-003 | Prevent data races when accessing bit-fields from multiple threads | No |
P-CON-004 | Prevent deadlock by locking mutex in predefined order | No |
P-CON-005 | Wrap function that can wake up falsely in a loop | Yes |
P-CON-006 | Protect thread safety and liveness when using condition variables | Yes |
P-CON-007 | Do not lock a non-recursive mutex that is already owned within the calling thread | No |
5 Others Function | ||
5.1 Using Random Number Generator | ||
P-MSC-001 | Do not use std::rand() for generating pseudo random number | Yes |
P-MSC-002 | Proper seeding for random number generator | Yes |
5.2 Return Value | ||
P-MSC-003 | Value returning function require returning values from all exit paths | Yes |
P-MSC-004 | Do not return from function declared [[noreturn]] | Yes |
P-MSC-005 | Return of stack variable address | Yes |