Polyspace Code Verification

Coding Standards Report for Project: polyspace

Report Author: ctreille
Polyspace Code Verification: Coding Standards Report for Project: polyspace
by Report Author: ctreille

Published 01-Jul-2020 17:48:07

Verification Author(s): Polyspace
Polyspace Version(s): Polyspace Code Prover 10.3 (R2020b Prerelease)
Project Version(s): 1.0

Result Folder(s):
C:\qualkits_R2020b\do\codeprover\tests\code-prover-results\reporting\template-codingstandards\OR-414-6-codingstandards_2
Table of Contents
Chapter 1. JSF AV Coding Standard ............................................................................................................................................................................................................. 1
JSF AV Coding Standard Summary - Violations by File .................................................................................................................................................................... 1
JSF AV Coding Standard Summary - Violations by Rule ................................................................................................................................................................... 2
JSF AV Coding Standard Summary for all Files ................................................................................................................................................................................. 3
JSF AV Coding Standard Summary for Enabled Rules ..................................................................................................................................................................... 3
JSF AV Coding Standard Violations ..................................................................................................................................................................................................... 9
Chapter 2. Appendix 1 - Configuration Settings .....................................................................................................................................................................................16
Polyspace Settings ............................................................................................................................................................................................................................. 16
Analysis Assumptions ............................................................................................................................................................................................................... 16
Coding Standard Configuration .......................................................................................................................................................................................................17
Chapter 3. Appendix 2 - Definitions .......................................................................................................................................................................................................... 27
............................................................................................................................................................................................................................................................... 27

i
Chapter 1. JSF AV Coding Standard
JSF AV Coding Standard Summary - Violations by File

1
JSF AV Coding Standard Summary - Violations by Rule

2
JSF AV Coding Standard Summary for all Files
File Total
C:\qualkits_R2020b\do\codeprover\tests\reporting\template-codingstandards\OR-414-6-codingstandards_2.cpp 76
Total 76

JSF AV Coding Standard Summary for Enabled Rules

Rule Description Mode Total
1 Any one function (or method) will contain no more than 200 logical source lines of code (L-SLOCs). will 0
3 All functions shall have a cyclomatic complexity number of 20 or less. shall 0
8 All code shall conform to ISO/IEC 14882:2002(E) standard C++. shall 0
9 Only those characters specified in the C++ basic source character set will be used. will 0
11 Trigraphs will not be used. will 5
12 The following digraphs will not be used: "<%", "%>", "<:", ":>", %:, %:%:. will 0
13 Multi-byte characters and wide string literals will not be used. will 0
14 Literal suffixes shall use uppercase rather than lowercase letters. shall 0
15 Provision shall be made for run-time checking (defensive programming). shall 0
17 The error indicator errno shall not be used. shall 0
18 The macro offsetof, in library <stddef.h>, shall not be used. shall 0
19 <locale.h> and the setlocale function shall not be used. shall 0
20 The setjmp macro and the longjmp function shall not be used. shall 0
21 The signal handling facilities of <signal.h> shall not be used. shall 0
22 The input/output library <stdio.h> shall not be used. shall 0
23 The library functions atof, atoi and atol from library <stdlib.h> shall not be used. shall 0
24 The library functions abort, exit, getenv and system from library <stdlib.h> shall not be used. shall 0
25 The time handling functions of library <time.h> shall not be used. shall 0
26 Only the following pre-processor directives shall be used: #ifndef, #define, #endif, #include. shall 0
27 #ifndef, #define and #endif will be used to prevent multiple inclusions of the same header file. Other techniques to prevent the will 0
multiple inclusions of header files will not be used.
Total 76

3
Rule Description Mode Total
28 The #ifndef and #endif pre-processor directives will only be used as defined in AV Rule 27 to prevent multiple inclusions of the s will 0
ame header file.
29.1 The #define pre-processor directive shall not be used to create inline macros. shall 1
29.2 Inline functions shall be used instead of inline macros. shall 1
30 The #define pre-processor directive shall not be used to define constant values. Instead, the const qualifier shall be applied to va shall 0
riable declarations to specify constant values.
31 The #define pre-processor directive will only be used as part of the technique to prevent multiple inclusions of the same header f will 1
ile.
32 The #include pre-processor directive will only be used to include header (*.h) files. will 0
33 The #include directive shall use the <filename.h> notation to include header files. shall 0
35 A header file will contain a mechanism that prevents multiple inclusions of itself. will 0
39 Header files (*.h) will not contain non-const variable definitions or function definitions. will 0
40 Every implementation file shall include the header files that uniquely define the inline functions, types, and templates used. shall 2
41 Source lines will be kept to a length of 120 characters or less. will 0
42 Each expression-statement will be on a separate line. will 0
43 Tabs should be avoided. should 0
44 All indentations will be at least two spaces and be consistent within the same source file. will 9
46 User-specified identifiers (internal and external) will not rely on significance of more than 64 characters. will 0
47 Identifiers will not begin with the underscore character '_'. will 0
48 Identifiers will not differ by: will 0
- only a mixture of case
- the presence/absence of the underscore character
- the interchange of the letter 'O' with the number '0' or the letter 'D'
- the interchange of the letter 'I' with the number '1' or the letter 'l'
- the interchange of the letter 'S' with the number '5'
- the interchange of the letter 'Z' with the number 2
- the interchange of the letter 'n' with the letter 'h'.
50 The first word of the name of a class, structure, namespace, enumeration, or type created with typedef will begin with an upper will 2
case letter. All others letters will be lowercase.
51 All letters contained in function and variables names will be composed entirely of lowercase letters. will 0
52 Identifiers for constant and enumerator values shall be lowercase. shall 1
53 Header files will always have file name extension of ".h". will 0
53.1 The following character sequences shall not appear in header file names: ', \, *, //, or ". shall 0
Total 76

4
Rule Description Mode Total
54 Implementation files will always have a file name extension of ".cpp". will 0
57 The public, protected, and private sections of a class will be declared in that order. will 0
58 When declaring and defining functions with more than two parameters, the leading parenthesis and the first argument will be will 0
written on the same line as the function name. Each additional argument will be written on a separate line.
59 The statements forming the body of an if, else if, else, while, do ... while or for statement shall always be enclosed in braces, even shall 2
if the braces form an empty block.
60 Braces ("{}") which enclose a block will be placed in the same column, on separate lines directly before and after the block. will 9
61 Braces ("{}") which enclose a block will have nothing else on the line except comments. will 8
62 The dereference operator '*' and the address-of operator '&' will be directly connected with the type-specifier. will 1
63 Spaces will not be used around '.' or '->', nor between unary operators and operands. will 0
67 Public and protected data should only be used in structs - not classes. should 0
68 Unneeded implicitly generated member functions shall be explicitly disallowed. shall 0
71.1 A class's virtual functions shall not be invoked from its destructor or any of its constructors. shall 0
74 Initialization of nonstatic class members will be performed through the member initialization list. will 0
75 Members of the initialization list shall be listed in the order in which they are declared in the class. shall 0
76 A copy constructor and an assignment operator shall be declared for classes that contain pointers to data items or nontrivial des shall 0
tructors.
77.1 The definition of a member function shall not contain default arguments that produce a signature identical to that of the implici shall 0
tly-declared copy constructor for the corresponding class/structure.
78 All base classes with a virtual function shall define a virtual destructor. shall 0
79 All resources acquired by a class shall be released by the class's destructor. shall 0
81 The assignment operator shall handle self-assignment correctly. shall 0
82 An assignment operator shall return a reference to *this. shall 0
83 An assignment operator shall assign all data members and bases that affect the class invariant (a data element representing a ca shall 0
che, for example, would not need to be copied).
88 Multiple inheritance shall only be allowed in the following restricted form: n interfaces plus m private implementations, plus at shall 0
most one protected implementation.
88.1 A stateful virtual base shall be explicitly declared in each derived class that accesses it. shall 0
89 A base class shall not be both virtual and non-virtual in the same hierarchy. shall 0
94 An inherited nonvirtual function shall not be redefined in a derived class. shall 0
95 An inherited default parameter shall never be redefined. shall 0
96 Arrays shall not be treated polymorphically. shall 0
Total 76

5
Rule Description Mode Total
97 Arrays shall not be used in interfaces. shall 0
97.1 Neither operand of an equality operator (== or !=) shall be a pointer to a virtual member function. shall 0
98 Every nonlocal name, except main(), should be placed in some namespace. should 4
99 Namespaces will not be nested more than two levels deep. will 0
104 A template specialization shall be declared before its use. shall 0
107 Functions shall always be declared at file scope. shall 0
108 Functions with variable numbers of arguments shall not be used. shall 0
109 A function definition should not be placed in a class specification unless the function is intended to be inlined. should 0
110 Functions with more than 7 arguments will not be used. will 0
111 A function shall not return a pointer or reference to a non-static local object. shall 0
113 Functions will have a single exit point. will 1
114 All exit points of value-returning functions shall be through return statements. shall 0
116 Small, concrete-type arguments (two or three words in size) should be passed by value if changes made to formal parameters sh should 0
ould not be reflected in the calling function.
119 Functions shall not call themselves, either directly or indirectly (i.e. recursion shall not be allowed). shall 1
121 Only functions with 1 or 2 statements should be considered candidates for inline functions. should 0
122 Trivial accessor and mutator functions should be inlined. should 0
126 Only valid C++ style comments (//) shall be used. shall 5
127 Code that is not used (commented out) shall be deleted. shall 0
133 Every source file will be documented with an introductory comment that provides information on the file name, its contents, an will 1
d any program-required information.
135 Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and therefore hide that identifier. shall 0
136 Declarations should be at the smallest feasible scope. should 2
137 All declarations at file scope should be static where possible. should 0
138 Identifiers shall not simultaneously have both internal and external linkage in the same translation unit. shall 0
139 External objects will not be declared in more than one file. will 0
140 The register storage class specifier shall not be used. shall 0
141 A class, structure, or enumeration will not be declared in the definition of its type. will 0
142 All variables shall be initialized before use. shall 0
144 Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and structures. shall 0
Total 76

6
Rule Description Mode Total
145 In an enumerator list, the '=' construct shall not be used to explicitly initialize members other than the first, unless all items are shall 0
explicitly initialized.
147 The underlying bit representations of floating point numbers shall not be used in any way by the programmer. shall 0
148 Enumeration types shall be used instead of integer types (and constants) to select from a limited series of choices. shall 0
149 Octal constants (other than zero) shall not be used. shall 0
150 Hexadecimal constants will be represented using all uppercase letters. will 0
151 Numeric values in code will not be used; symbolic values will be used instead. will 3
151.1 A string literal shall not be modified. shall 2
152 Multiple variable declarations shall not be allowed on the same line. shall 0
153 Unions shall not be used. shall 1
154 Bit-fields shall have explicitly unsigned integral or enumeration types only. shall 0
156 All the members of a structure (or class) shall be named and shall only be accessed via their names. shall 0
157 The right hand operand of a && or || operator shall not contain side effects. shall 0
158 The operands of a logical && or || shall be parenthesized if the operands contain binary operators. shall 0
159 Operators ||, &&, and unary & shall not be overloaded. shall 0
160 An assignment expression shall be used only as the expression in an expression statement. shall 0
162 Signed and unsigned values shall not be mixed in arithmetic or comparison operations. shall 0
163 Unsigned arithmetic shall not be used. shall 0
164 The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the left-hand operand (in shall 0
clusive).
164.1 The left-hand operand of a right-shift operator shall not have a negative value. shall 0
165 The unary minus operator shall not be applied to an unsigned expression. shall 0
166 The sizeof operator will not be used on expressions that contain side effects. will 0
168 The comma operator shall not be used. shall 0
169 Pointers to pointers should be avoided when possible. should 0
170 More than 2 levels of pointer indirection shall not be used. shall 0
171 Relational operators shall not be applied to pointer types except where both operands are of the same type and point to: the sam shall 0
e object, the same function, members of the same object, or elements of the same array (including one past the end of the same a
rray).
173 The address of an object with automatic storage shall not be assigned to an object which persists after the object has ceased to e shall 0
xist.
Total 76

7
Rule Description Mode Total
174 The null pointer shall not be de-referenced. shall 0
175 A pointer shall not be compared to NULL or be assigned NULL; use plain 0 instead. shall 0
176 A typedef will be used to simplify program syntax when declaring function pointers. will 0
177 User-defined conversion functions should be avoided. should 0
178 Down casting shall only be allowed through one of the following mechanism: shall 0
- Virtual functions that act like dynamic casts (most likely useful in relatively simple cases).
- Use of the visitor (or similar) pattern (most likely useful in complicated cases).
179 A pointer to a virtual base class shall not be converted to a pointer to a derived class. shall 0
180 Implicit conversions that may result in a loss of information shall not be used. shall 0
181 Redundant explicit casts will not be used. will 0
182 Type casting from any type to or from pointers shall not be used. shall 0
184 Floating point numbers shall not be converted to integers unless such a conversion is a specified algorithmic requirement or is shall 0
necessary for a hardware interface.
185 C++ style casts (const_cast, reinterpret_cast, and static_cast) shall be used instead of the traditional C-style casts. shall 0
186 There shall be no unreachable code. shall 0
187 All non-null statements shall potentially have a side-effect. shall 0
188 Labels will not be used, except in switch statements. will 0
189 The goto statement shall not be used. shall 0
190 The continue statement shall not be used. shall 0
191 The break statement shall not be used (except to terminate the cases of a switch statement). shall 0
192 All if, else if constructs will contain either a final else clause or a comment indicating why a final else clause is not necessary. will 0
193 Every non-empty case clause in a switch statement shall be terminated with a break statement. shall 0
194 All switch statements that do not intend to test for every enumeration value shall contain a final default clause. shall 0
195 A switch expression will not represent a Boolean value. will 0
196 Every switch statement will have at least two cases and a potential default. will 0
197 Floating point variables shall not be used as loop counters. shall 0
198 The initialization expression in a for loop will perform no actions other than to initialize the value of a single for loop parameter will 0
.
199 The increment expression in a for loop will perform no action other than to change a single loop parameter to the next value for will 0
the loop.
200 Null initialize or increment expressions in for loops will not be used; a while loop will be used instead. will 0
Total 76

8
Rule Description Mode Total
201 Numeric variables being used within a for loop for iteration counting shall not be modified in the body of the loop. shall 0
202 Floating point variables shall not be tested for exact equality or inequality. shall 0
203 Evaluation of expressions shall not lead to overflow/underflow. shall 0
204 A single operation with side-effects shall only be used in the following contexts: shall 1
- by itself
- the right-hand side of an assignment
- a condition
- the only argument expression with a side-effect in a function call
- condition of a loop
- switch condition
- single part of a chained operation.
204.1 The value of an expression shall be the same under any order of evaluation that the standard permits. shall 0
205 The volatile keyword shall not be used unless directly interfacing with hardware. shall 1
206 Allocation/deallocation from/to the free store (heap) shall not occur after initialization. shall 0
208 C++ exceptions shall not be used. shall 0
209 The basic types of int, short, long, float and double shall not be used, but specific-length equivalents should be typedef'd accordi shall 12
ngly for each compiler, and these type names used in the code.
213 No dependence shall be placed on C++'s operator precedence rules, below arithmetic operators, in expressions. shall 0
215 Pointer arithmetic will not be used. will 0
Total 76

JSF AV Coding Standard Violations

Table 1.1. C:\qualkits_R2020b\do\codeprover\tests\reporting\template-codingstandards\OR-414-6-codingstandards_2.cpp
ID Rule Message Function Line Col Jus Severity Status Comment
1 126 Only valid C++ style comments (//) shall be used. File Scope 1 0 No Unset Unreviewed
9 133 Every source file will be documented with an introductor File Scope 1 0 No Unset Unreviewed
y comment that provides information on the file name, its
contents, and any program-required information.
8 31 The #define pre-processor directive will only be used as p File Scope 4 0 No Unset Unreviewed
art of the technique to prevent multiple inclusions of the s
ame header file.
#define should only be used for include guards.

9
ID Rule Message Function Line Col Jus Severity Status Comment
7 52 Identifiers for constant and enumerator values shall be lo File Scope 4 8 No Unset Unreviewed
wercase.
Identifier for macro shall be uppercase.
14 29.1 The #define pre-processor directive shall not be used to cr File Scope 4 16 No Unset Unreviewed
eate inline macros.
51 209 The basic types of int, short, long, float and double shall n File Scope 6 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
18 209 The basic types of int, short, long, float and double shall n File Scope 7 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
22 98 Every nonlocal name, except main(), should be placed in s File Scope 7 4 No Unset Unreviewed
ome namespace.
37 61 Braces ("{}") which enclose a block will have nothing else foo1() 7 14 No Unset Unreviewed
on the line except comments.
66 44 All indentations will be at least two spaces and be consiste foo1() 8 4 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
35 40 Every implementation file shall include the header files th File Scope 8 11 No Unset Unreviewed
at uniquely define the inline functions, types, and templat
es used.
46 50 The first word of the name of a class, structure, namespac File Scope 8 11 No Unset Unreviewed
e, enumeration, or type created with typedef will begin wi
th an uppercase letter. All others letters will be lowercase.
The first word of the name of a structure will begin with a
n uppercase letter.
All others letters will be lowercase.
25 40 Every implementation file shall include the header files th File Scope 10 10 No Unset Unreviewed
at uniquely define the inline functions, types, and templat
es used.
34 50 The first word of the name of a class, structure, namespac File Scope 10 10 No Unset Unreviewed
e, enumeration, or type created with typedef will begin wi
th an uppercase letter. All others letters will be lowercase.
The first word of the name of a union will begin with an u
ppercase letter.
All others letters will be lowercase.
36 153 Unions shall not be used. File Scope 10 10 No Unset Unreviewed

10
ID Rule Message Function Line Col Jus Severity Status Comment
21 60 Braces ("{}") which enclose a block will be placed in the sa foo1() 13 0 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
73 209 The basic types of int, short, long, float and double shall n File Scope 15 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
70 98 Every nonlocal name, except main(), should be placed in s File Scope 15 4 No Unset Unreviewed
ome namespace.
38 61 Braces ("{}") which enclose a block will have nothing else foo() 15 14 No Unset Unreviewed
on the line except comments.
16 44 All indentations will be at least two spaces and be consiste foo() 16 4 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
41 60 Braces ("{}") which enclose a block will be placed in the sa foo() 17 0 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
53 209 The basic types of int, short, long, float and double shall n File Scope 19 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
40 98 Every nonlocal name, except main(), should be placed in s File Scope 19 4 No Unset Unreviewed
ome namespace.
74 61 Braces ("{}") which enclose a block will have nothing else bar() 19 14 No Unset Unreviewed
on the line except comments.
20 205 The volatile keyword shall not be used unless directly inte bar() 20 4 No Unset Unreviewed
rfacing with hardware.
47 44 All indentations will be at least two spaces and be consiste bar() 20 4 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
49 209 The basic types of int, short, long, float and double shall n bar() 20 13 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
57 59 The statements forming the body of an if, else if, else, whil bar() 22 8 No Unset Unreviewed
e, do ... while or for statement shall always be enclosed in
braces, even if the braces form an empty block.
The statement forming the body of an if statement shall al
ways be enclosed in braces.

11
ID Rule Message Function Line Col Jus Severity Status Comment
61 113 Functions will have a single exit point. bar() 22 8 No Unset Unreviewed
24 59 The statements forming the body of an if, else if, else, whil bar() 24 6 No Unset Unreviewed
e, do ... while or for statement shall always be enclosed in
braces, even if the braces form an empty block.
The statement forming the body of an else statement shal
l always be enclosed in braces.
42 119 Functions shall not call themselves, either directly or indi bar() 24 16 No Unset Unreviewed
rectly (i.e. recursion shall not be allowed).
Function 'bar' shall not call directly itself.
72 204 A single operation with side-effects shall only be used in t bar() 24 16 No Unset Unreviewed
he following contexts:
- by itself
- the right-hand side of an assignment
- a condition
- the only argument expression with a side-effect in a fun
ction call
- condition of a loop
- switch condition
- single part of a chained operation.
44 60 Braces ("{}") which enclose a block will be placed in the sa bar() 25 0 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
30 98 Every nonlocal name, except main(), should be placed in s File Scope 27 5 No Unset Unreviewed
ome namespace.
43 61 Braces ("{}") which enclose a block will have nothing else func() 27 16 No Unset Unreviewed
on the line except comments.
48 44 All indentations will be at least two spaces and be consiste func() 28 4 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
50 60 Braces ("{}") which enclose a block will be placed in the sa func() 30 0 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
26 209 The basic types of int, short, long, float and double shall n File Scope 33 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
23 209 The basic types of int, short, long, float and double shall n File Scope 33 9 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.

12
ID Rule Message Function Line Col Jus Severity Status Comment
31 209 The basic types of int, short, long, float and double shall n File Scope 35 0 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
19 209 The basic types of int, short, long, float and double shall n File Scope 35 9 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
56 61 Braces ("{}") which enclose a block will have nothing else main() 35 31 No Unset Unreviewed
on the line except comments.
5 126 Only valid C++ style comments (//) shall be used. File Scope 37 4 No Unset Unreviewed
32 209 The basic types of int, short, long, float and double shall n main() 38 4 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
62 44 All indentations will be at least two spaces and be consiste main() 38 4 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
28 209 The basic types of int, short, long, float and double shall n main() 39 4 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
33 136 Declarations should be at the smallest feasible scope. main() 39 8 No Unset Unreviewed
69 209 The basic types of int, short, long, float and double shall n main() 40 4 No Unset Unreviewed
ot be used, but specific-length equivalents should be typed
ef'd accordingly for each compiler, and these type names
used in the code.
39 62 The dereference operator '*' and the address-of operator ' main() 40 9 No Unset Unreviewed
&' will be directly connected with the type-specifier.
27 136 Declarations should be at the smallest feasible scope. main() 41 10 No Unset Unreviewed
29 151 Numeric values in code will not be used; symbolic values main() 45 13 No Unset Unreviewed
will be used instead.
45 61 Braces ("{}") which enclose a block will have nothing else main() 45 16 No Unset Unreviewed
on the line except comments.
58 44 All indentations will be at least two spaces and be consiste main() 46 8 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
52 151.1 A string literal shall not be modified. main() 46 12 No Unset Unreviewed

13
ID Rule Message Function Line Col Jus Severity Status Comment
11 11 Trigraphs will not be used. File Scope 46 60 No Unset Unreviewed
55 151.1 A string literal shall not be modified. main() 47 12 No Unset Unreviewed
13 11 Trigraphs will not be used. File Scope 47 35 No Unset Unreviewed
10 11 Trigraphs will not be used. File Scope 47 47 No Unset Unreviewed
60 60 Braces ("{}") which enclose a block will be placed in the sa main() 48 4 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
64 61 Braces ("{}") which enclose a block will have nothing else main() 48 6 No Unset Unreviewed
on the line except comments.
59 44 All indentations will be at least two spaces and be consiste main() 49 8 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
67 151 Numeric values in code will not be used; symbolic values main() 49 16 No Unset Unreviewed
will be used instead.
2 11 Trigraphs will not be used. File Scope 49 19 No Unset Unreviewed
63 44 All indentations will be at least two spaces and be consiste main() 50 16 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
76 151 Numeric values in code will not be used; symbolic values main() 50 21 No Unset Unreviewed
will be used instead.
68 60 Braces ("{}") which enclose a block will be placed in the sa main() 51 4 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
65 61 Braces ("{}") which enclose a block will have nothing else main() 51 6 No Unset Unreviewed
on the line except comments.
71 44 All indentations will be at least two spaces and be consiste main() 52 8 No Unset Unreviewed
nt within the same source file.
Indentation is smaller than two spaces.
15 11 Trigraphs will not be used. File Scope 53 8 No Unset Unreviewed
75 60 Braces ("{}") which enclose a block will be placed in the sa main() 53 8 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
54 60 Braces ("{}") which enclose a block will be placed in the sa main() 54 4 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
3 126 Only valid C++ style comments (//) shall be used. File Scope 58 4 No Unset Unreviewed
4 29.2 Inline functions shall be used instead of inline macros. File Scope 59 4 No Unset Unreviewed

14
ID Rule Message Function Line Col Jus Severity Status Comment
12 126 Only valid C++ style comments (//) shall be used. File Scope 62 4 No Unset Unreviewed
17 60 Braces ("{}") which enclose a block will be placed in the sa main() 67 0 No Unset Unreviewed
me column, on separate lines directly before and after the
block.
6 126 Only valid C++ style comments (//) shall be used. File Scope 70 0 No Unset Unreviewed

15
Chapter 2. Appendix 1 - Configuration Settings
Polyspace Settings
Option Value
-author Polyspace
-compiler generic
-date 01/07/2020
-I C:\qualkits_R2020b\do\codeprover\tests\options-api\lib
-jsf-coding-rules all-rules
-lang CPP
-O2 -O2
-prog polyspace
-results-dir C:\qualkits_R2020b\do\codeprover\tests\code-prover-results\reporting\template-codingstandards\OR-414-6-codingstandards_2
-target i386
-to pass2
-verif-version 1.0

Analysis Assumptions
Assumption Issuer
External arrays of unspecified size can be safely accessed at any index Product
Nonfinite floats (infinities and NaNs) are not considered Product
Computations involving unsigned integers do not overflow Product
Results of floating-point arithmetic are rounded following the IEE754 rule: round to nearest, ties to even Product
Structure fields are not volatile unless the entire structure is volatile-qualified Product
Stack pointers can be safely dereferenced even outside the pointed variable's scope Product
External pointers cannot be null. They point to allocated data of sufficient size for safe dereference Product
Absolute addresses can be safely dereferenced Product

16
Coding Standard Configuration
Table 2.1. JSF AV Coding Standard Configuration
Rule Description Mode Comment Enabled
1 Any one function (or method) will contain no more than 200 logical source lines of code (L-SLOCs). will - yes
2 There shall not be any self-modifying code. shall Not enforceable no
3 All functions shall have a cyclomatic complexity number of 20 or less. shall - yes
4 To break a "should" rule, the following approval must be received by the developer: approval from the sof should Not implemented no
tware engineering lead.
5 To break a "will" or a "shall" rule, the following approvals must be received by the developer: approval fro shall Not implemented no
m the software engineering lead; approval from the software product manager.
6 Each deviation from a "shall" rule shall be documented in the file that contains the deviation. Deviations f shall Not implemented no
rom this rule shall not be allowed, AV Rule 5 notwithstanding.
7 Approval will not be required for a deviation from a "shall" or "will" rule that complies with an exception will Not implemented no
specified by that rule.
8 All code shall conform to ISO/IEC 14882:2002(E) standard C++. shall - yes
9 Only those characters specified in the C++ basic source character set will be used. will - yes
10 Values of character types will be restricted to a defined and documented subset of ISO 10646-1. will Not enforceable no
11 Trigraphs will not be used. will - yes
12 The following digraphs will not be used: "<%", "%>", "<:", ":>", %:, %:%:. will - yes
13 Multi-byte characters and wide string literals will not be used. will - yes
14 Literal suffixes shall use uppercase rather than lowercase letters. shall - yes
15 Provision shall be made for run-time checking (defensive programming). shall - yes
16 Only DO-178B level A certifiable or SEAL 1 C/C++ libraries shall be used with safety-critical (i.e. SEAL 1) co shall Not enforceable no
de.
17 The error indicator errno shall not be used. shall - yes
18 The macro offsetof, in library <stddef.h>, shall not be used. shall - yes
19 <locale.h> and the setlocale function shall not be used. shall - yes
20 The setjmp macro and the longjmp function shall not be used. shall - yes
21 The signal handling facilities of <signal.h> shall not be used. shall - yes
22 The input/output library <stdio.h> shall not be used. shall - yes

17
Rule Description Mode Comment Enabled
23 The library functions atof, atoi and atol from library <stdlib.h> shall not be used. shall - yes
24 The library functions abort, exit, getenv and system from library <stdlib.h> shall not be used. shall - yes
25 The time handling functions of library <time.h> shall not be used. shall - yes
26 Only the following pre-processor directives shall be used: #ifndef, #define, #endif, #include. shall - yes
27 #ifndef, #define and #endif will be used to prevent multiple inclusions of the same header file. Other tech will - yes
niques to prevent the multiple inclusions of header files will not be used.
28 The #ifndef and #endif pre-processor directives will only be used as defined in AV Rule 27 to prevent mult will - yes
iple inclusions of the same header file.
29.1 The #define pre-processor directive shall not be used to create inline macros. shall - yes
29.2 Inline functions shall be used instead of inline macros. shall - yes
30 The #define pre-processor directive shall not be used to define constant values. Instead, the const qualifier shall - yes
shall be applied to variable declarations to specify constant values.
31 The #define pre-processor directive will only be used as part of the technique to prevent multiple inclusio will - yes
ns of the same header file.
32 The #include pre-processor directive will only be used to include header (*.h) files. will - yes
33 The #include directive shall use the <filename.h> notation to include header files. shall - yes
34 Header files should contain logically related declarations only. should Not implemented no
35 A header file will contain a mechanism that prevents multiple inclusions of itself. will - yes
36 Compilation dependencies should be minimized when possible. should Not implemented no
37 Header (include) files should include only those header files that are required for them to successfully co should Not implemented no
mpile.
38 Declarations of classes that are only accessed via pointers (*) or references (&) should be supplied by forw should Not implemented no
ard headers that contain only forward declarations.
39 Header files (*.h) will not contain non-const variable definitions or function definitions. will - yes
40 Every implementation file shall include the header files that uniquely define the inline functions, types, a shall - yes
nd templates used.
41 Source lines will be kept to a length of 120 characters or less. will - yes
42 Each expression-statement will be on a separate line. will - yes
43 Tabs should be avoided. should - yes
44 All indentations will be at least two spaces and be consistent within the same source file. will - yes
45 All words in an identifier will be separated by the '_' character. will Not enforceable no
46 User-specified identifiers (internal and external) will not rely on significance of more than 64 characters. will - yes
47 Identifiers will not begin with the underscore character '_'. will - yes

18
Rule Description Mode Comment Enabled
48 Identifiers will not differ by: will - yes
- only a mixture of case
- the presence/absence of the underscore character
- the interchange of the letter 'O' with the number '0' or the letter 'D'
- the interchange of the letter 'I' with the number '1' or the letter 'l'
- the interchange of the letter 'S' with the number '5'
- the interchange of the letter 'Z' with the number 2
- the interchange of the letter 'n' with the letter 'h'.
49 All acronyms in an identifier will be composed of uppercase letters. will Not enforceable no
50 The first word of the name of a class, structure, namespace, enumeration, or type created with typedef wil will - yes
l begin with an uppercase letter. All others letters will be lowercase.
51 All letters contained in function and variables names will be composed entirely of lowercase letters. will - yes
52 Identifiers for constant and enumerator values shall be lowercase. shall - yes
53 Header files will always have file name extension of ".h". will - yes
53.1 The following character sequences shall not appear in header file names: ', \, *, //, or ". shall - yes
54 Implementation files will always have a file name extension of ".cpp". will - yes
55 The name of a header file should reflect the logical entity for which it provides declarations. should Not implemented no
56 The name of an implementation file should reflect the logical entity for which it provides definitions and should Not implemented no
have a ".cpp" extension.
57 The public, protected, and private sections of a class will be declared in that order. will - yes
58 When declaring and defining functions with more than two parameters, the leading parenthesis and the fi will - yes
rst argument will be written on the same line as the function name. Each additional argument will be writ
ten on a separate line.
59 The statements forming the body of an if, else if, else, while, do ... while or for statement shall always be e shall - yes
nclosed in braces, even if the braces form an empty block.
60 Braces ("{}") which enclose a block will be placed in the same column, on separate lines directly before an will - yes
d after the block.
61 Braces ("{}") which enclose a block will have nothing else on the line except comments. will - yes
62 The dereference operator '*' and the address-of operator '&' will be directly connected with the type-specif will - yes
ier.
63 Spaces will not be used around '.' or '->', nor between unary operators and operands. will - yes
64 A class interface should be complete and minimal. should Not implemented no
65 A structure should be used to model an entity that does not require an invariant. should Not implemented no
66 A class should be used to model an entity that maintains an invariant. should Not implemented no
67 Public and protected data should only be used in structs - not classes. should - yes

19
Rule Description Mode Comment Enabled
68 Unneeded implicitly generated member functions shall be explicitly disallowed. shall - yes
69 A member function that does not affect the state of an object (its instance variables) will be declared const will Not implemented no
.
70 A class will have friends only when a function or object requires access to the private elements of the clas will Not enforceable no
s, but is unable to be a member of the class for logical or efficiency reasons.
70.1 An object shall not be improperly used before its lifetime begins or after its lifetime ends. shall Not enforceable no
71 Calls to an externally visible operation of an object, other than its constructors, shall not be allowed until t shall Not implemented no
he object has been fully initialized.
71.1 A class's virtual functions shall not be invoked from its destructor or any of its constructors. shall - yes
72 The invariant for a class should be: should Not implemented no
- a part of the postcondition of every class constructor
- a part of the precondition of the class destructor (if any)
- a part of the precondition and postcondition of every other publicly accessible operation.
73 Unnecessary default constructors shall not be defined. shall Not enforceable no
74 Initialization of nonstatic class members will be performed through the member initialization list. will - yes
75 Members of the initialization list shall be listed in the order in which they are declared in the class. shall - yes
76 A copy constructor and an assignment operator shall be declared for classes that contain pointers to data i shall - yes
tems or nontrivial destructors.
77 A copy constructor shall copy all data members and bases that affect the class invariant. shall Not implemented no
77.1 The definition of a member function shall not contain default arguments that produce a signature identic shall - yes
al to that of the implicitly-declared copy constructor for the corresponding class/structure.
78 All base classes with a virtual function shall define a virtual destructor. shall - yes
79 All resources acquired by a class shall be released by the class's destructor. shall - yes
80 The default copy and assignment operators will be used for classes when those operators offer reasonable will Not enforceable no
semantics.
81 The assignment operator shall handle self-assignment correctly. shall - yes
82 An assignment operator shall return a reference to *this. shall - yes
83 An assignment operator shall assign all data members and bases that affect the class invariant (a data ele shall - yes
ment representing a cache, for example, would not need to be copied).
84 Operator overloading will be used sparingly and in a conventional manner. will Not enforceable no
85 When two operators are opposites (such as == and !=), both will be defined and one will be defined in ter will Not implemented no
ms of the other.
86 Concrete types should be used to represent simple independent concepts. should Not implemented no
87 Hierarchies should be based on abstract classes. should Not implemented no

20
Rule Description Mode Comment Enabled
88 Multiple inheritance shall only be allowed in the following restricted form: n interfaces plus m private im shall - yes
plementations, plus at most one protected implementation.
88.1 A stateful virtual base shall be explicitly declared in each derived class that accesses it. shall - yes
89 A base class shall not be both virtual and non-virtual in the same hierarchy. shall - yes
90 Heavily used interfaces should be minimal, general and abstract. should Not implemented no
91 Public inheritance will be used to implement "is-a" relationships. will Not enforceable no
92 A subtype (publicly derived classes) will conform to the following guidelines with respect to all classes inv will Not enforceable no
olved in the polymorphic assignment of different subclass instances to the same variable or parameter du
ring the execution of the system: Preconditions of derived methods must be at least as weak as the precon
ditions of the methods they override. Postconditions of derived methods must be at least as strong as the p
ostconditions of the methods they override.
93 "has-a" or "is-implemented-in-terms-of" relationships will be modeled through membership or non-public will Not enforceable no
inheritance.
94 An inherited nonvirtual function shall not be redefined in a derived class. shall - yes
95 An inherited default parameter shall never be redefined. shall - yes
96 Arrays shall not be treated polymorphically. shall - yes
97 Arrays shall not be used in interfaces. shall - yes
97.1 Neither operand of an equality operator (== or !=) shall be a pointer to a virtual member function. shall - yes
98 Every nonlocal name, except main(), should be placed in some namespace. should - yes
99 Namespaces will not be nested more than two levels deep. will - yes
100 Elements from a namespace should be selected as follows: using declaration or explicit qualification for fe should Not implemented no
w (approximately five) names, using directive for many names.
101 Templates shall be reviewed as follows: with respect to the template in isolation considering assumptions shall Not enforceable no
or requirements placed on its arguments. with respect to all functions instantiated by actual arguments.
102 Template tests shall be created to cover all actual template instantiations. shall Not enforceable no
103 Constraint checks should be applied to template arguments. should Not enforceable no
104 A template specialization shall be declared before its use. shall - yes
105 A template definition's dependence on its instantiation contexts should be minimized. should Not implemented no
106 Specializations for pointer types should be made where appropriate. should Not implemented no
107 Functions shall always be declared at file scope. shall - yes
108 Functions with variable numbers of arguments shall not be used. shall - yes
109 A function definition should not be placed in a class specification unless the function is intended to be inli should - yes
ned.
110 Functions with more than 7 arguments will not be used. will - yes

21
Rule Description Mode Comment Enabled
111 A function shall not return a pointer or reference to a non-static local object. shall - yes
112 Function return values should not obscure resource ownership. shall Not implemented no
113 Functions will have a single exit point. will - yes
114 All exit points of value-returning functions shall be through return statements. shall - yes
115 If a function returns error information, then that error information will be tested. will Not enforceable no
116 Small, concrete-type arguments (two or three words in size) should be passed by value if changes made to should - yes
formal parameters should not be reflected in the calling function.
117 Arguments should be passed by reference if NULL values are not possible. should Not implemented no
117.1 An object should be passed as const T& if the function should not change the value of the object. should Not implemented no
117.2 An object should be passed as T& if the function may change the value of the object. should Not implemented no
118 Arguments should be passed via pointers if NULL values are possible. should Not implemented no
118.1 An object should be passed as const T* if its value should not be modified. should Not implemented no
118.2 An object should be passed as T* if its value may be modified. should Not implemented no
119 Functions shall not call themselves, either directly or indirectly (i.e. recursion shall not be allowed). shall - yes
120 Overloaded operations or methods should form families that use the same semantics, share the same nam should Not implemented no
e, have the same purpose, and that are differentiated by formal parameters.
121 Only functions with 1 or 2 statements should be considered candidates for inline functions. should - yes
122 Trivial accessor and mutator functions should be inlined. should - yes
123 The number of accessor and mutator functions should be minimized. should Not implemented no
124 Trivial forwarding functions should be inlined. should Not implemented no
125 Unnecessary temporary objects should be avoided. should Not implemented no
126 Only valid C++ style comments (//) shall be used. shall - yes
127 Code that is not used (commented out) shall be deleted. shall - yes
128 Comments that document actions or sources (e.g. jsfMaps, figures, paragraphs, etc.) outside of the file bein will Not enforceable no
g documented will not be allowed.
129 Comments in header files should describe the externally visible behavior of the functions or classes being should Not implemented no
documented.
130 The purpose of every line of execujsfMap code should be explained by a comment, although one comment should Not enforceable no
may describe more than one line of code.
131 One should avoid stating in comments what is better stated in code. should Not enforceable no
132 Each variable declaration, typedef, enumeration value, and structure member will be commented. will Not enforceable no
133 Every source file will be documented with an introductory comment that provides information on the file will - yes
name, its contents, and any program-required information.

22
Rule Description Mode Comment Enabled
134 Assumptions (limitations) made by functions should be documented in the function's preamble. should Not implemented no
135 Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and therefore shall - yes
hide that identifier.
136 Declarations should be at the smallest feasible scope. should - yes
137 All declarations at file scope should be static where possible. should - yes
138 Identifiers shall not simultaneously have both internal and external linkage in the same translation unit. shall - yes
139 External objects will not be declared in more than one file. will - yes
140 The register storage class specifier shall not be used. shall - yes
141 A class, structure, or enumeration will not be declared in the definition of its type. will - yes
142 All variables shall be initialized before use. shall - yes
143 Variables will not be introduced until they can be initialized with meaningful values. will Not enforceable no
144 Braces shall be used to indicate and match the structure in the non-zero initialization of arrays and struct shall - yes
ures.
145 In an enumerator list, the '=' construct shall not be used to explicitly initialize members other than the firs shall - yes
t, unless all items are explicitly initialized.
146 Floating point implementations shall comply with a defined floating point standard. shall Not enforceable no
147 The underlying bit representations of floating point numbers shall not be used in any way by the program shall - yes
mer.
148 Enumeration types shall be used instead of integer types (and constants) to select from a limited series of shall - yes
choices.
149 Octal constants (other than zero) shall not be used. shall - yes
150 Hexadecimal constants will be represented using all uppercase letters. will - yes
151 Numeric values in code will not be used; symbolic values will be used instead. will - yes
151.1 A string literal shall not be modified. shall - yes
152 Multiple variable declarations shall not be allowed on the same line. shall - yes
153 Unions shall not be used. shall - yes
154 Bit-fields shall have explicitly unsigned integral or enumeration types only. shall - yes
155 Bit-fields will not be used to pack data into a word for the sole purpose of saving space. will Not enforceable no
156 All the members of a structure (or class) shall be named and shall only be accessed via their names. shall - yes
157 The right hand operand of a && or || operator shall not contain side effects. shall - yes
158 The operands of a logical && or || shall be parenthesized if the operands contain binary operators. shall - yes
159 Operators ||, &&, and unary & shall not be overloaded. shall - yes

23
Rule Description Mode Comment Enabled
160 An assignment expression shall be used only as the expression in an expression statement. shall - yes
162 Signed and unsigned values shall not be mixed in arithmetic or comparison operations. shall - yes
163 Unsigned arithmetic shall not be used. shall - yes
164 The right hand operand of a shift operator shall lie between zero and one less than the width in bits of the shall - yes
left-hand operand (inclusive).
164.1 The left-hand operand of a right-shift operator shall not have a negative value. shall - yes
165 The unary minus operator shall not be applied to an unsigned expression. shall - yes
166 The sizeof operator will not be used on expressions that contain side effects. will - yes
167 The implementation of integer division in the chosen compiler shall be determined, documented and take shall Not enforceable no
n into account.
168 The comma operator shall not be used. shall - yes
169 Pointers to pointers should be avoided when possible. should - yes
170 More than 2 levels of pointer indirection shall not be used. shall - yes
171 Relational operators shall not be applied to pointer types except where both operands are of the same typ shall - yes
e and point to: the same object, the same function, members of the same object, or elements of the same a
rray (including one past the end of the same array).
173 The address of an object with automatic storage shall not be assigned to an object which persists after the shall - yes
object has ceased to exist.
174 The null pointer shall not be de-referenced. shall - yes
175 A pointer shall not be compared to NULL or be assigned NULL; use plain 0 instead. shall - yes
176 A typedef will be used to simplify program syntax when declaring function pointers. will - yes
177 User-defined conversion functions should be avoided. should - yes
178 Down casting shall only be allowed through one of the following mechanism: shall - yes
- Virtual functions that act like dynamic casts (most likely useful in relatively simple cases).
- Use of the visitor (or similar) pattern (most likely useful in complicated cases).
179 A pointer to a virtual base class shall not be converted to a pointer to a derived class. shall - yes
180 Implicit conversions that may result in a loss of information shall not be used. shall - yes
181 Redundant explicit casts will not be used. will - yes
182 Type casting from any type to or from pointers shall not be used. shall - yes
183 Every possible measure should be taken to avoid type casting. should Not implemented no
184 Floating point numbers shall not be converted to integers unless such a conversion is a specified algorith shall - yes
mic requirement or is necessary for a hardware interface.
185 C++ style casts (const_cast, reinterpret_cast, and static_cast) shall be used instead of the traditional C-style shall - yes
casts.

24
Rule Description Mode Comment Enabled
186 There shall be no unreachable code. shall - yes
187 All non-null statements shall potentially have a side-effect. shall - yes
188 Labels will not be used, except in switch statements. will - yes
189 The goto statement shall not be used. shall - yes
190 The continue statement shall not be used. shall - yes
191 The break statement shall not be used (except to terminate the cases of a switch statement). shall - yes
192 All if, else if constructs will contain either a final else clause or a comment indicating why a final else clau will - yes
se is not necessary.
193 Every non-empty case clause in a switch statement shall be terminated with a break statement. shall - yes
194 All switch statements that do not intend to test for every enumeration value shall contain a final default cl shall - yes
ause.
195 A switch expression will not represent a Boolean value. will - yes
196 Every switch statement will have at least two cases and a potential default. will - yes
197 Floating point variables shall not be used as loop counters. shall - yes
198 The initialization expression in a for loop will perform no actions other than to initialize the value of a sin will - yes
gle for loop parameter.
199 The increment expression in a for loop will perform no action other than to change a single loop paramet will - yes
er to the next value for the loop.
200 Null initialize or increment expressions in for loops will not be used; a while loop will be used instead. will - yes
201 Numeric variables being used within a for loop for iteration counting shall not be modified in the body of shall - yes
the loop.
202 Floating point variables shall not be tested for exact equality or inequality. shall - yes
203 Evaluation of expressions shall not lead to overflow/underflow. shall - yes
204 A single operation with side-effects shall only be used in the following contexts: shall - yes
- by itself
- the right-hand side of an assignment
- a condition
- the only argument expression with a side-effect in a function call
- condition of a loop
- switch condition
- single part of a chained operation.
204.1 The value of an expression shall be the same under any order of evaluation that the standard permits. shall - yes
205 The volatile keyword shall not be used unless directly interfacing with hardware. shall - yes
206 Allocation/deallocation from/to the free store (heap) shall not occur after initialization. shall - yes
207 Unencapsulated global data will be avoided. will Not enforceable no

25
Rule Description Mode Comment Enabled
208 C++ exceptions shall not be used. shall - yes
209 The basic types of int, short, long, float and double shall not be used, but specific-length equivalents shoul shall - yes
d be typedef'd accordingly for each compiler, and these type names used in the code.
210 Algorithms shall not make assumptions concerning how data is represented in memory. shall Not enforceable no
210.1 Algorithms shall not make assumptions concerning the order of allocation of nonstatic data members sep shall Not enforceable no
arated by an access specifier.
211 Algorithms shall not assume that shorts, ints, longs, floats, doubles or long doubles begin at particular add shall Not enforceable no
resses.
212 Underflow or overflow functioning shall not be depended on in any special way. shall Not enforceable no
213 No dependence shall be placed on C++'s operator precedence rules, below arithmetic operators, in express shall - yes
ions.
214 Assuming that non-local static objects, in separate translation units, are initialized in a special order shall shall Not enforceable no
not be done.
215 Pointer arithmetic will not be used. will - yes
216 Programmers should not attempt to prematurely optimize code. should Not implemented no
217 Compile-time and link-time errors should be preferred over run-time errors. should Not implemented no
218 Compiler warning levels will be set in compliance with project policies. will Not enforceable no
219 All tests applied to a base class interface shall be applied to all derived class interfaces as well. If the deriv shall Not enforceable no
ed class poses stronger postconditions/invariants, then the new postconditions /invariants shall be substit
uted in the derived class tests.
220 Structural coverage algorithms shall be applied against flattened classes. shall Not enforceable no
221 Structural coverage of a class within an inheritance hierarchy containing virtual functions shall include te shall Not enforceable no
sting every possible resolution for each set of identical polymorphic references.

26
Chapter 3. Appendix 2 - Definitions

Table 3.1. Abbreviations

Abbreviation Definition
Col Column
Jus Justified
SQO Software Quality Objectives
NA Not Available

27