Astrée/RuleChecker Release 23.04

Global Data Flow view

Project Monitor view

Astrée
RuleChecker
GUI & server
Frontends & libraries
QSKs
Plain text

Added support for C++20.
Added support for MISRA C:2012 Amendment 3.
Updated the Clang/LLVM frontend to version 15.

New DAX version 1.15

Removed the top-level DAX tag <files/>. Files that do not require preprocessing must now be specified in preprocessor configurations with the additional tag <use-internal-preprocessor>no</use-internal-preprocessor>.
The tag <use-internal-preprocessor/> is no longer allowed directly inside of the <preprocess/> tag. It can now only be specified inside of individual preprocessor configurations, i.e. within <config/> tags.
Changed the specification of the comment mode. It is now specified in the new top-level tag <comment-mode>AAL|patterns</comment-mode>.
The attribute use-relative-paths=yes|no for items in the top-level tag <files/> is now deprecated.

Improved precision

Improved precision when casts from integers to floats are used in comparisons.
Improved precision of the congruence intervals domain.
Improved precision when checking for run-time errors in conditions, to prevent false alarms reported in previous releases.
Improved the precision of modulo with powers of two.
Improved precision when copying shared variables that are possibly zero-initialized.
More precise handling of bitwise & in conditions.
Improved the precision of __ASTREE_modify on arrays when the array index is an enumerator.
Improved the precision on non-linear expressions when sub-expressions can be handled by octagons.

Improved comments

Removed restrictions on the use of different mechanisms for commenting alarms.
- The comment mode setting in the Info view of the GUI and the corresponding DAX tag no longer restricts which comment mechanism (AAL or Patterns) is available. Instead it only specifies the preferred comment mechanism when commenting alarms in the Findings view.
- The “comment alarm(s)…” dialog accessible via the context menu in the Findings view now allows to select a particular comment mechanism, overriding the default specified by the comment mode when appropriate. This allows mixing AAL and Pattern comments in the same analysis project.
- AAL comments are now enforced for alarms about rule violations when Pattern comments are not appropriate for technical reasons.
Overhauled the comment patterns feature. Comment patterns are now:
- available for commenting alarms in the analysis config file
- more strictly avoided for commenting rule violations
- appliable to control_flow_anomaly alarms about non-returning functions

New options

no-partition-functions specifies a list of functions that are excluded from automatic partitioning.
warn-on-unsigned-integer-lshift-range for controlling warnings about overflows in unsigned left shifts.
precise-multiple-return-function applies automatic state-machine partitioning to functions with multiple returns. The option is only available in astree-cxx mode to enable a more precise analysis of such functions when using the clang-based C/C++ frontend.
New options for bounded analysis:
- analysis-timeout specifies a timeout after which the analyzer starts a soft shutdown, collecting partial, unsound results.
- shutdown-timeout allows specifying an additional timeout for the soft shutdown initiated by the option analysis-timeout.
Removed the option warn-on-integer-lshift-range. Existing analysis projects that enabled this option must now enable the two options warn-on-unsigned-integer-lshift-range and warn-on-signed-integer-lshift-range.

Improved directives

Improved the __ASTREE_partition_ranges directive to generate more appropriate partitions for small integer intervals.
Partitioning directives no longer cut the undefined cases when evaluating expressions with undefined behaviors. As a visible consequence, alarms may shift from partitioning directives to other statements of the program.
The directive __ASTREE_octagon_pack can now also be used in global scope, i.e. outside of function bodies.
Within functions, the directive __ASTREE_octagon_pack now also accepts variables of pointer type, used as arrays, and simple C expressions appearing as array indices in directive access paths. For example:
```
void f(int x, int *arr, int n) {
  __ASTREE_octagon_pack((x, arr[0:n - 1]));
  ..
}
```
The __ASTREE_modify and __ASTREE_initialize directives no longer accept arguments of the form ptr[] where ptr is a pointer. Such arguments should be replaced by ptr[lb..ub] where lb and ub are appropriate bounds for accessing ptr.
The __ASTREE_known_range directive now supports slice syntax when used with arrays and pointers, e.g. arr[0:2] or ptr[3:5].
Fixed an issue that could cause __ASTREE_octagon_pack and __ASTREE_boolean_pack to choose a variable from an out-of-scope function when addressing it using the var@function_name syntax.

Improved alarms

Alarms about invalid_pointer_arithmetics in array and field accesses now cut NULL and INVALID pointer values to prevent them from causing subsequent alarms.
Alarms about unbounded loops now only highlight the keyword of the loop instead of the complete loop.
Removed false alarms for shift_argument when the ABI value bits_of_byte is set to 16 bits.
Removed false alarms about field_overflow_upon_dereference for bit-fields.

Other improvements

Optimized analyzer for better performance on large, asynchronous code.
Uninstallation on Windows can now be made silent by providing the option /VERYSILENT to the installer.
Providing an analysis option that is not supported by the configured analysis mode (astree, astree-cxx, rulechecker) now triggers an error message.
It is now possible to start program slicing from declarations with an initializer that contains a function call.
Overhauled the implementation of the automatic partitioning heuristics. In rare cases the new behavior may differ from the old one, causing changes in precision and performance of affected analyses.
Improved the separate function heuristics.
Improved the display of context information (e.g. in alarm messages) for partitions produced by the __ASTREE_partition_expr directive.
The analyzer now distinguishes more clearly between arithmetic overflows with predictable result (on unsigned integers) and arithmetic overflows with unpredictable result (on signed integers). To this end, it now reports the latter as class A alarms using the new alarm key arithmetic_overflow_unpredictable.
Non-returning separately analyzed functions are now only reported at the call sites of such functions. The additional, redundant alarms at the function definitions, reported by previous versions, are now omitted.
The analyzer now distinguishes more clearly between arithmetic overflows on floats with predictable result (±∞ when keep-float-specials=yes) and with unpredictable result (floating-point exception raised when keep-float-specials=no). To this end, it now reports the latter as class A alarms using the new alarm key arithmetic_overflow_unpredictable.
Added new syntax [<lb>:<ub>] for specifying array slices in Astrée directives. In contrast to the [<lb>..<ub>] syntax for array slices, the new syntax works not only with plain constants for lb and ub, but also with arbitrary constant expressions or even variables, if supported by the directive.
Analyses on asynchronous code now report all processes that are created during the analysis, including additional information such as priorities and locks. The new information appears in the Output view and in the text report file in the new section “List of processes”.

Integration with TargetLink

Added support for TargetLink 2022-B.
When looking for the <model>_pcf.c file required for the analysis, the toolbox now takes into account the output folder configuration.

Integration with KEIL μVision

The toolbox no longer generates deprecated <coverage-ignore> DAX elements.

Rule-checking related sections in the log output and text report have been renamed to better reflect their contents.
The new diagnostic rule B.1.7 (legacy-alarm-annotation) informs about suppress or comment directives that, for reasons of backwards compatibility, are applied to alarms with new alarm keys introduced in later releases.
New scope option for rule check configurations that controls whether a configuration applies to all the contents of the selected files or only to code that appears inside or outside of designated code blocks, respectively. The new RuleChecker option designated-block-comment specifies the comment pattern that identifies designated code blocks.
Improved the reporting of active rule checks in the text report and the Output view. They now contain only one section that lists all active rule checks.
Improved performance of application-wide code metrics calculation.

Rule sets and checks for C

Added support for MISRA C:2012 Amendment 3.
Improved coverage of rule CERT.PRE.6. The rule is now fully checked.
Replaced the check object-definition-without-extern by the new check global-object-declaration in rule X.F.30.

Rule sets and checks for C++

Messages about rule violations now report the C++ template instantiation(s) in which the corresponding checks are violated.
New checks:
- dynamic_cast_in_constructor (M2008.12.1.1, AUTOSAR.12.1.1M)
- typeid_in_constructor (M2008.12.1.1, AUTOSAR.12.1.1M)
- cast-pointer-to-intptr and cast-pointer-void-to-intptr, split off from the checks cast-pointer-to-integer, cast-pointer-void-to-integer and associated with the same rules (M2008.5.2.9, AUTOSAR.5.2.9M)
- include-guard-pragma-once (CERT.PRE.6, M2008.16.2.3, AUTOSAR.16.2.3M, M202x-DRAFT.000207), split from the check include-guard-missing to warn about usage of #pragma once as include guard. To allow the usage of #pragma once for certain rules, you can now deselect the new check.
Split the check macro-function-like (AUTOSAR.16.0.1A, CERT.PRE.0, M.19.7, M2008.16.0.4, M2008.16.2.1, M2012.D.4.9) into the two checks macro-function-like and macro-function-like-strict. This enables configuring whether function-like macros with __LINE__, __FILE__, __func__, or the operators # or ## shall be regarded as rule violations or not.

Rule sets and checks specific to Astrée

New diagnostic check unknown-component (A.5.7) that warns about unknown component names used in the option component-pairs-under-observation.
If the memory block specified by an __ASTREE_absolute_address directive does not fit into the addressable memory, the directive is now ignored and a violation of the check invalid-directive is reported.

Enhancements, clarifications, refinements, and fixes

Both C and C++

Fixed errors that could occur during rule checking due to unresolved environment variables in the preprocessor configuration.
Removed false negatives for the check function_name_usage (M2008.8.4.4, AUTOSAR.8.4.4M) when function identifiers are not subject to pointer decay.
Removed false positives for the check parameter-name-match (AUTOSAR.8.4.2M, M.16.4, M2008.8.4.2, M2012.8.3, M202x-DRAFT.000149). The check no longer reports unnamed parameters as a conflict.
Declarations in files excluded from rule checks are no longer considered for the check parameter-name-match (AUTOSAR.8.4.2M, M.16.4, M2008.8.4.2, M2012.8.3, M202x-DRAFT.000149).
The new check precedence-pp warns about missing parentheses in expressions evaluated by the preprocessor. This removes false negatives for the rules AUTOSAR.5.0.2M, M.12.1, M2008.5.0.2, and M2012.12.1.
Rule violations are now consistently reported only in files that use the language(s) addressed by the corresponding rule set.
Extended the check parameter-name-match (AUTOSAR.8.4.2M, M.16.4, M2008.8.4.2, M2012.8.3, M202x-DRAFT.000149) to remove false negatives regarding different parameter names in different translation units when at least one translation unit is C++.

C code

Removed false positives for the check parameter-missing-const (CERT.DCL.0, CERT.DCL.13, M.16.7, M2012.8.13). It no longer warns about parameters passed to __astree_bzero, __astree_memcpy, or __ASTREE_trash.
Removed false positives for the check uninitialized-local-read (CERT.EXP.33, CWE.456, CWE.457, CWE.665, CWE.824, CWE.908, ISO17961.uninitref, M.9.1, M2012.9.1) when taking the address of an array that is part of a struct.
Removed false negatives for the following checks, which did not warn about conversions applied to arrays converted to pointer (cf. C11 §6.3.2.1):
- incompatible-object-pointer-conversion (A.1.11, CERT.MSC.40, M.1.1, M2012.D.2.1, M2012.1.1)
- pointer-qualifier-cast-const (CERT.EXP.5, CERT.EXP.40, M.11.5, M2012.11.8)
- pointer-qualifier-cast-volatile (M.11.5, M2012.11.8)
Removed false positives for the check return-reference-local (CERT.DCL.30, CERT.ARR.30, ISO17961.addrescape, M.17.6, M2012.18.6), which erroneously warned about values taken from objects of struct types, if a preceding assignment to another field of that struct stored a pointer to a local variable.
Removed false positives for the check evaluation-order (A.4.1, CERT.EXP.10, CERT.EXP.30, M.12.2, M2012.1.3, M2012.13.2) that could occur when implicitly taking the address of an array.
The check pointer-cast-alignment no longer warns about null pointer constants.
Removed false positives for the check return-implicit (CERT.MSC.37, M.16.8, M2012.17.4, X.F.41). It no longer warns about asm functions.
Refined the rule check return-value-type (X.F.39) to ignore conversions that only affect type qualifiers.
Improved the rule check multiple-instructions-per-line (X.F.1). It now ignores statements stemming from macro invocations.
Removed an issue that caused the analyzer to report an “Out of memory” error during rule checks.
Updated the coverage information for rule M2012.D.4.7, which is checked only partially even when Astrée is used.
Violations of the check parameter-name-match (M.16.4, M2012.8.3) are now reported at the parameter declaration and not the function name.
Removed false negatives for the check function-pointer-cast (M2012.11.1) which did not warn about casts changing qualifiers in parameter types.
Removed false negatives for the checks type-compatibility-link and type-compatibility (A.1.1, CERT.DCL.40, CERT.MSC.40, ISO17961.funcdecl, M.1.1, M.8.4, M2012.D.2.1, M2012.1.1) which in some cases did not report declarations with different use of volatile qualifiers in typedefs.
Violations of the checks include-characters, include-characters-backslash, and include-characters-sline (M.19.2, M2012.20.2) are no longer reported for code that is excluded by preprocessor directives (e.g. using #if 0 ... #endif).

C++ code

Fixed false negatives for the checks octal_escape_sequence (M2008.2.13.2, AUTOSAR.2.13.2M), float_suffix (M2008.2.13.4, AUTOSAR.2.13.4M), long_suffix (M2008.2.13.4, AUTOSAR.2.13.4M), digit_separator_placement (AUTOSAR.13.6.1A), and hexadecimal_lower_case_digit (AUTOSAR.2.13.5A) for literals used within macro expansions.
Fixed the detection of subexpressions and expression statements in the presence of temporaries. This removes:
- false positives for the checks conditional_as_sub_expression (AUTOSAR.5.16.1A) and unary_assign_separation (AUTOSAR.5.2.10M, M2008.5.2.10)
- false negatives for the checks constructor_call_statement (AUTOSAR.6.2.2A), function_return_unused (AUTOSAR.0.1.2A, M2008.0.1.7), and error_information_unused (AUTOSAR.0.3.2M, CERT-CPP.ERR.33C, M2008.0.3.2).
Fixed identification of forwarding references in the presence of parameter packs. This removes false positives and false negatives for the checks forward-parameter (AUTOSAR.8.4.6A), move-forwarding-reference (AUTOSAR.18.9.2A), forward-rvalue-reference (AUTOSAR.18.9.2A), and consume-parameter (AUTOSAR.8.4.5A).
Extended the calculation of metrics to more template functions. This removes false negatives for all threshold checks (ruleset T).
The check expensive-to-copy (AUTOSAR.8.4.7A) no longer warns about parameters of non-copy-constructible types.
The check array-argument-to-pointer-decay (AUTOSAR.5.2.12M, M2008.5.2.12) now also warns about non-identifier expressions of array type that are subject to pointer decay.
Adjusted the check precedence (M2008.5.0.2, AUTOSAR.5.0.2M) to follow the more precise descriptions used in M202x-DRAFT and M2012. In particular, expressions with different operators but of the same precedence no longer require explicit parentheses, e.g. a + b - c no longer violates this check.
The checks member-function-missing-const and member-function-missing-static (M2008.9.3.3, AUTOSAR.9.3.3M) no longer report violations for templated methods when the body uses dependent calls that cannot be resolved without instantiation. This removes false positives for these checks. For instantiations of templated methods, all violations are reported as before.
Removed false positives for the check functional-cast (M2008.5.2.4, M202x-DRAFT.000089) when the type is a deduced template specialization and the expression thus constitutes an object construction and not a functional cast.
Rule violations that concern explicit function template instantiations are now reported at the declaration of the corresponding template.
Removed false negatives for the check unused-local-variable (M2008.0.1.3, AUTOSAR.0.1.3M, M202x-DRAFT.000003) when C++17 structured bindings are used.
Removed false alarms for the check unused-local-variable (M2008.0.1.3, AUTOSAR.0.1.3M, M202x-DRAFT.000003) within the scope of not instantiated templates.
The check enum-usage-overloaded-operator no longer reports enum usage in operator() and operator,. This removes false positives with respect to a revised interpretation of AUTOSAR.4.5.1A.
The check enum-usage no longer reports enum usage in the operators ?: and ,. This removes false positives with respect to a revised interpretation of M2008.4.5.2 and AUTOSAR.4.5.1A.
Removed false positives for the check member-function-missing-static (M2008.9.3.3, AUTOSAR.9.3.3M) with virtual functions.
Removed false positives for the check undefined-extern (AUTOSAR.3.2.2M, AUTOSAR.3.2.4M, CERT-CPP.DCL.60, M2008.3.2.2, M2008.3.2.4) with constexpr static data members.
The base classes list of class and variable template specializations/instantiations is no longer ignored. This removes false negatives and false positives for all C++ checks.
Removed false positives for the check c-style-cast (AUTOSAR.5.2.2A, M2008.5.2.4). It no longer reports the use of non-type template arguments as cast.
Removed false positives for the check check_precedence (AUTOSAR.5.0.2M, M2008.5.0.2).
Removed false positives for the check logop-postfix-operand (M2008.5.2.1).

Server and server controller

Improved responsiveness of the server when importing large AAF files or creating revisions of large analysis projects.
Fixed an issue that caused the analysis server to crash when
- trying to import an AAF file from a later release
- connecting a client to a project with an unsupported analysis version using the command line option --id <analysis-id>
Fixed an issue that could trigger a “Cannot commit analysis state” error on analysis start after restarting a server with a different system user or after switching from a user space server to service without changing the data directory.
The server log file now uses the JSON line format.
Improved stability of the analysis server.
Improved performance of the network communication between server and client.
Fixed the encoding used for the XML output of the server-controller command-line interface.

Client GUI, batch mode, and report files

Files that do not require preprocessing are now specified in the Preprocessor view. The new flag “Use the built-in preprocessor” specifies for each preprocessor configuration whether or not the listed files require preprocessing by the internal preprocessor.
Removed the preprocessor option “Remove analysis files before importing preprocessed files” from the client GUI.
The tag <function> of the XML report file has been extended by the new optional attribute “tu=pX” to indicate that a function has internal linkage and is the instance in the translation unit represented by preprocessed file pX.
Importing options from a DAX file into an existing project now also overwrites options that are set to non-default values in the project (e.g. with their default value specified in the imported DAX file).
Improved error reporting on DAX import.
Improved the identifier search for identifiers in macro expansions, so that all such identifiers are now found at the locations at which they appear literally in the code.
The project monitor has been reworked to display additional information, e.g. used and available server memory and disk space.
Tooltips in editor windows now stay longer before disappearing.
Errors that occur during JSON compilation database import in batch mode are now reported via stderr.
The copy action in the annotations view now also copies the alarm location comments of AAL comment directives, if available.
The Global data flow view has been extended to show the kind of data race that a variable is involved in:
- no (not involved in a data race)
- rw (involved only in read-write data races)
- ww (involved only in write-write data races)
- rw+ww (involved in both read-write and write-write data races).
The tag <variable/> in XML report files has been extended by the new attributes has_read_write_datarace and has_write_write_datarace that indicate whether a variable is involved in a read-write or write-write data race.
Fixed an issue that on Windows prevented the context menu for alarm comments in the editor views from being displayed.
In the Control flow and Global Data flow views, the core a process runs on is now also displayed for non-AUTOSAR projects.
Changed order of the columns Application and Core in custom reports with data flow and/or control flow information.
Fixed location information for additional lines (as reported for some findings) in the XML report.
The new batch mode option --preprocess-only allows running only the preprocessing without running the subsequent analysis. The option is useful in conjunction with --export for creating AAF files in batch mode. These AAF files then contain the analysis setup plus all preprocessed and original source files. The actual analysis can be performed later, possibly on different machines, by importing the AAFs and triggering the analysis.
The Global Data Flow view now also displays the phase in which a variable is read or written by a process.

Frontends and preprocessor

Removed errors about missing source files caused by source directives mixed with nested comments and parentheses within the same comment.
Improved compatibility of the preprocessor with ClearCase drives.
The C frontend now supports the GCC builtin type __builtin_va_list and the following GCC builtin functions:
- __builtin_va_arg
- __builtin_va_copy
- __builtin_va_end
- __builtin_va_start
Fixed an issue that could cause the C++ frontend to crash when encountering recursively inheriting templates.
Fixed a corner case regarding the “Patterns to ignore” feature that could cause a function filter to remove code blocks following a #define directive in which the filter matched.
The C frontend now rejects initializing a struct/union/array by a scalar without braces.
The C frontend now by default uses internal linkage for functions with the asm specifier (asm macros).
The JSON compilation database importer now recognizes the compile option -include <file> and maps it to an auto-include in the generated preprocessor configuration.
Improved handling of _Atomic and _Thread_local in the C frontend.
The C frontend now supports the following GCC builtin functions:
- __atomic_compare_exchange_n
- __atomic_exchange_n
- __atomic_fetch_add
- __atomic_fetch_and
- __atomic_fetch_or
- __atomic_fetch_sub
- __atomic_fetch_xor
- __atomic_load_n
- __atomic_store_n
Fixed the parsing of the __ASTREE_comment directive in the C++ analysis mode to remove parse errors such as
frontend_clang: arguments to ASTREE directive cannot be parsed

Stub libraries, ABIs, OS and compiler configurations

Removed legacy stub code for the AUTOSAR modules NvM and Dem. Stubbing these modules is no longer necessary.
Fixed converting constructor of std::deque::const_iterator from std::deque::iterator in the more abstract STL stubs to remove false alarms about definite runtime errors.
Updated and improved the ARINC-653 OS stubs.
Rule violations in the generated part of the OSEK stubs are now automatically suppressed. Astrée directives that are generated into these files no longer appear in the list of “Further directives” in the reports.
Fixed type-generic macros in the tgmath.h header of the C stub library.
Invocations of the error() function in the OSEK/AUTOSAR stubs are now reported as definite run-time errors, stopping the analysis for the corresponding contexts. This generally results in more efficient and precise analyses. The old behavior, i.e. continuing with the analysis without reporting an error, can be restored by defining the preprocessor macro KEEP_OSEKSTUB_ERRORS in the preprocessor settings for the OSEK/AUTOSAR stubs.

Qualification Support Kits

MISRA C++:2008 is now completely covered by the RuleChecker QSK.
The driver program to run QSK packages has been renamed to qualify.

New test cases in the Astrée QSK

qk_alarm_arithmetic_overflow_unpredictable
qk_check_bad_macro_use
qk_check_function_prototype
qk_check_legacy_alarm_annotation
qk_check_local_object_name_max_length
qk_check_global_object_name_max_length
qk_check_realloc_zero
qk_check_static_function_declaration
qk_check_static_object_declaration
qk_check_static_object_name_max_length
qk_check_stdbool_redefine

qk_check_storage_class_placement
qk_check_unknown_component
qk_commandline_preprocess_only
qk_filter_expressions_alternatives
qk_option_analysis_timeout
qk_option_no_partition_functions
qk_option_shutdown_timeout
qk_option_warn_on_unsigned_integer_lshift_ranges
qk_rule_a_5_7
qk_rule_b_1_7
qk_rule_s_obj_0_3

The test cases qk_filter_expressions_directives, qk_filter_pragma_asm, qk_option_warn_on_integer_lshift_ranges, and qk_option_remove_analysis_files have been removed from the Astrée QSK.

Two test cases have been renamed:

qk_filter_expressions_alternatives_special_characters → qk_filter_expressions_special_characters
qk_filter_expressions_dot_star → qk_filter_expressions_dot_repetitions

Astrée QSK test cases extended to C++

qk_option_analysis_entry
qk_option_c_version
qk_option_code_lines
qk_option_continue_on_definite_rte
qk_option_cut_arithmetic_operations_on_null
qk_option_cut_integer_division_by_zero
qk_option_cxx_version

qk_option_generate_undeclared_absolute_addresses
qk_option_inline_semantics
qk_option_keep_float_specials
qk_option_metrics
qk_option_skip_analysis
qk_check_stdlib_limits
qk_option_equality

New test cases in the RuleChecker QSK

qk_check_alignas_zero
qk_check_alignment_specification_mismatch
qk_check_alignment_specification_mismatch_link
qk_check_bad_function_use
qk_check_bad_macro_use
qk_check_bad_pragma_use
qk_check_bad_type_use
qk_check_cast_pointer_to_intptr
qk_check_cast_pointer_void_to_intptr
qk_check_class_inconsistent_definitions
qk_check_dynamic_cast_in_constructor
qk_check_exception_specification_mismatch_link
qk_check_generic_association_qualified_type
qk_check_generic_association_type
qk_check_generic_function_namespace

qk_check_generic_operator_namespace
qk_check_generic_selection_default_position
qk_check_generic_selection_essential_type_mismatch
qk_check_generic_selection_ignores_parameters
qk_check_generic_selection_outside_macro
qk_check_generic_selection_pointer_conversion
qk_check_generic_selection_without_non_default
qk_check_hexadecimal_lower_case_digit
qk_check_inappropriate_float
qk_check_inappropriate_type_tgmath
qk_check_include_guard_pragma_once
qk_check_inconsistent_alignment_specification
qk_check_inconsistent_alignment_specification_link
qk_check_invalid_noreturn
qk_check_logop_postfix_operand

qk_check_macro_function_like_strict
qk_check_missing_noreturn
qk_check_multiple_alignas
qk_check_noreturn_void
qk_check_precedence_pp
qk_check_qualified_function_type
qk_check_realloc_zero
qk_check_register
qk_check_return_reference_parameter_const
qk_check_stdbool_redefine
qk_check_stdint_constant_macro_argument
qk_check_stdlib_use_alloc_strict
qk_check_storage_class_placement
qk_check_temporary_array_to_pointer_conversion
qk_check_tgmath_argument_type_compatible
qk_check_typeid_in_constructor

qk_check_undefined_extern_pure_virtual
qk_check_unhandled_throw_noexcept
qk_check_union_bitfield_member
qk_commandline_preprocess_only
qk_dax_rulechecks_scope
qk_externaldeclaration_one_function
qk_externaldeclaration_typedef
qk_filter_expressions_alternatives
qk_filter_expressions_begin_and_end_of_line
qk_filter_expressions_char_set
qk_filter_expressions_dot_repetitions
qk_filter_expressions_naming
qk_filter_expressions_special_characters
qk_filter_expressions_word_boundaries
qk_option_designated_block_comment

qk_filter_ignore
qk_filter_more_functions
qk_filter_one_function
qk_filter_replacement
qk_rule_autosar_0_1_1a
qk_rule_autosar_0_1_2m
qk_rule_autosar_0_1_3m
qk_rule_autosar_0_1_9m
qk_rule_autosar_0_3_2m
qk_rule_autosar_0_4_4a

qk_rule_autosar_14_5_3a
qk_rule_autosar_15_4_2a
qk_rule_autosar_15_5_3a
qk_rule_autosar_16_0_2m
qk_rule_autosar_16_1_1m
qk_rule_autosar_16_1_2m
qk_rule_autosar_16_2_1a
qk_rule_autosar_17_0_1a
qk_rule_autosar_18_0_2a
qk_rule_autosar_18_0_3m

qk_rule_autosar_18_2_1m
qk_rule_autosar_18_5_10a
qk_rule_autosar_18_5_1a
qk_rule_autosar_18_5_6a
qk_rule_autosar_2_10_1a
qk_rule_autosar_2_10_1m
qk_rule_autosar_2_13_2m
qk_rule_autosar_2_13_3m
qk_rule_autosar_2_13_4m
qk_rule_autosar_2_13_5a

qk_rule_autosar_2_5_1a
qk_rule_autosar_3_2_1m
qk_rule_autosar_3_2_2m
qk_rule_autosar_3_2_4m
qk_rule_autosar_3_3_2m
qk_rule_autosar_3_8_1a
qk_rule_autosar_3_9_1a
qk_rule_autosar_5_0_10m
qk_rule_autosar_5_0_2m
qk_rule_autosar_5_0_3a

qk_rule_autosar_5_2_10m
qk_rule_autosar_5_2_3a
qk_rule_autosar_5_2_6m
qk_rule_autosar_5_2_8m
qk_rule_autosar_5_3_2a
qk_rule_autosar_5_3_2m
qk_rule_autosar_5_6_1a
qk_rule_autosar_5_8_1m
qk_rule_autosar_6_4_3m
qk_rule_autosar_6_4_5m

qk_rule_autosar_6_5_2a
qk_rule_autosar_6_6_1m
qk_rule_autosar_7_1_4a
qk_rule_autosar_7_4_1m
qk_rule_autosar_7_5_1a
qk_rule_autosar_7_5_1m
qk_rule_autosar_7_6_1a
qk_rule_autosar_8_4_4m
qk_rule_autosar_8_5_2m
qk_rule_autosar_9_6_4m

qk_rule_cert_cpp_arr_30c
qk_rule_cert_cpp_dcl_30c
qk_rule_cert_cpp_dcl_40c
qk_rule_cert_cpp_dcl_51
qk_rule_cert_cpp_dcl_60
qk_rule_cert_cpp_env_33c
qk_rule_cert_cpp_err_33c
qk_rule_cert_cpp_err_50
qk_rule_cert_cpp_err_51
qk_rule_cert_cpp_err_55
qk_rule_cert_cpp_exp_34c
qk_rule_cert_cpp_exp_54
qk_rule_cert_cpp_exp_55
qk_rule_cert_cpp_int_33c
qk_rule_cert_cpp_mem_30c
qk_rule_cert_cpp_mem_31c
qk_rule_cert_cpp_mem_50
qk_rule_cert_cpp_mem_51
qk_rule_cert_cpp_mem_54
qk_rule_cert_cpp_msc_53
qk_rule_cert_cpp_oop_57

qk_rule_m_1_2
qk_rule_m2008_0_1_2
qk_rule_m2008_0_1_3
qk_rule_m2008_0_1_6
qk_rule_m2008_0_1_9
qk_rule_m2008_0_3_2
qk_rule_m2008_14_5_1
qk_rule_m2008_15_4_1
qk_rule_m2008_15_5_3
qk_rule_m2008_16_0_2
qk_rule_m2008_16_0_3
qk_rule_m2008_16_1_1
qk_rule_m2008_16_1_2
qk_rule_m2008_16_2_4
qk_rule_m2008_17_0_1
qk_rule_m2008_18_0_2
qk_rule_m2008_18_0_3
qk_rule_m2008_18_2_1
qk_rule_m2008_18_4_1
qk_rule_m2008_2_10_1
qk_rule_m2008_2_10_2

qk_rule_m2008_2_10_3
qk_rule_m2008_2_13_2
qk_rule_m2008_2_13_3
qk_rule_m2008_2_13_4
qk_rule_m2008_2_3_1
qk_rule_m2008_3_2_1
qk_rule_m2008_3_2_2
qk_rule_m2008_3_2_4
qk_rule_m2008_3_3_2
qk_rule_m2008_3_9_2
qk_rule_m2008_5_0_10
qk_rule_m2008_5_0_19
qk_rule_m2008_5_0_2
qk_rule_m2008_5_2_10
qk_rule_m2008_5_2_5
qk_rule_m2008_5_2_6
qk_rule_m2008_5_2_8
qk_rule_m2008_5_3_2
qk_rule_m2008_5_8_1
qk_rule_m2008_6_4_3
qk_rule_m2008_6_4_5

qk_rule_m2008_6_4_8
qk_rule_m2008_6_5_1
qk_rule_m2008_6_6_1
qk_rule_m2008_6_6_4
qk_rule_m2008_7_4_1
qk_rule_m2008_7_5_1
qk_rule_m2008_7_5_3
qk_rule_m2008_8_4_4
qk_rule_m2008_8_5_2
qk_rule_m2008_9_6_4
qk_rule_m2012a3_10_1
qk_rule_m2012a3_1_4

qk_rule_m2012a3_1_5
qk_rule_m2012a3_17_10
qk_rule_m2012a3_17_11
qk_rule_m2012a3_17_12
qk_rule_m2012a3_17_13
qk_rule_m2012a3_17_9
qk_rule_m2012a3_18_9
qk_rule_m2012a3_21_11
qk_rule_m2012a3_21_12
qk_rule_m2012a3_21_22
qk_rule_m2012a3_21_23
qk_rule_m2012a3_21_24

qk_rule_m2012a3_23_1
qk_rule_m2012a3_23_2
qk_rule_m2012a3_23_3
qk_rule_m2012a3_23_4
qk_rule_m2012a3_23_5
qk_rule_m2012a3_23_6
qk_rule_m2012a3_23_8
qk_rule_m2012a3_6_3
qk_rule_m2012a3_7_5
qk_rule_m2012a3_8_15
qk_rule_m2012a3_8_16
qk_rule_m2012a3_8_17

The test cases qk_aal_comment_pattern_basic and qk_option_remove_analysis_files have been removed from the RuleChecker QSK.

The test case include-guard-missing has been extended to C.

RuleChecker QSK test cases extended to C++

qk_check_bitfield_signed_size
qk_check_bitop_recast
qk_check_boolean_invariant_expression
qk_check_defined_generation
qk_check_defined_usage
qk_check_definition_duplicate
qk_check_error_information_unused
qk_check_function_name_usage
qk_check_function_pointer_cast
qk_check_goto_nesting
qk_check_identifier_hidden
qk_check_identifier_unique_typedef
qk_check_include_characters
qk_check_include_characters_sline
qk_check_initializer_complete_strict
qk_check_initializer_shape
qk_check_keyword_override
qk_check_long_suffix
qk_check_macro_argument_hash
qk_check_octal_escape_sequence
qk_check_offsetof

qk_check_pointer_qualifier_cast_const
qk_check_precedence
qk_check_precedence_pp
qk_check_reserved_identifier
qk_check_return_reference_local
qk_check_shift_width_constant
qk_check_static_function_declaration
qk_check_stdlib_limits
qk_check_stdlib_use_alloc
qk_check_stdlib_use_ato
qk_check_stdlib_use_getenv
qk_check_stdlib_use
qk_check_switch_clause_break_continue
qk_check_switch_clause_break_return
qk_check_trigraph
qk_check_unary_assign_separation
qk_check_undefined_extern
qk_check_underlying_minus
qk_check_undocumented_asm
qk_check_unused_label

Astrée and RuleChecker release 23.04