From 2a3f496665c100ef4aa8089073d2dc787972efb9 Mon Sep 17 00:00:00 2001 From: tamara Date: Fri, 9 Jan 2026 12:10:05 +0100 Subject: [PATCH] Add SEI CERT Cpp mappings --- README.md | 180 +++++++++++++++++++++++++++--------------------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/README.md b/README.md index 35f9f91..82082de 100644 --- a/README.md +++ b/README.md @@ -29,96 +29,96 @@ designed to demonstrate: ## Checks -| ID | Title | Category | CWE | ISO/IEC 24772-8 | SEI CERT C | C | Fortran | C++ | AutoFix | -|:------------------------ |:-----------------------------------------------------------------------------------------------------------:|:--------------------------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-:|:-------:|:---:|:-------:| -| [PWR001](Checks/PWR001/) | Pass global variables as function arguments | correctness, modernization, security | [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | ✓ | ✓ | ✓ | | -| [PWR002](Checks/PWR002/) | Declare scalar variables in the smallest possible scope | correctness, security | [CWE-1126](https://cwe.mitre.org/data/definitions/1126.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | ✓ | | ✓ | | -| [PWR003](Checks/PWR003/) | Explicitly declare pure functions | modernization, security, optimization | | [6.24](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf) | | ✓ | ✓ | ✓ | | -| [PWR004](Checks/PWR004/) | Declare OpenMP scoping for all variables | correctness | | | | ✓ | ✓ | ✓ | | -| [PWR005](Checks/PWR005/) | Disable default OpenMP scoping | correctness | | | | ✓ | ✓ | ✓ | | -| [PWR006](Checks/PWR006/) | Avoid privatization of read-only variables | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR007](Checks/PWR007/) | Disable the implicit declaration of variables and procedures | correctness, modernization, security | [CWE-628](https://cwe.mitre.org/data/definitions/628.html) | [6.17](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.18](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.19](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.21](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf), [7.2](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL07-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators), [DCL31-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them), [EXP37-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments) | | ✓ | | ✓[^1] | -| [PWR008](Checks/PWR008/) | Declare the intent for each procedure argument | correctness, modernization, security | [CWE-374](https://cwe.mitre.org/data/definitions/374.html) | [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.65](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL13-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const) | | ✓ | | ✓[^1] | -| [PWR009](Checks/PWR009/) | Use OpenMP teams to offload work to GPU | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR010](Checks/PWR010/) | Avoid column-major array access in C/C++ | optimization | | | | ✓ | | ✓ | | -| [PWR012](Checks/PWR012/) | Pass only required fields from derived type as arguments | modernization, optimization | | | | ✓ | ✓ | ✓ | | -| [PWR013](Checks/PWR013/) | Avoid copying unused variables to or from the GPU | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR014](Checks/PWR014/) | Out-of-dimension-bounds matrix access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | ✓ | | ✓ | | -| [PWR015](Checks/PWR015/) | Avoid copying unnecessary array elements to or from the GPU | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR016](Checks/PWR016/) | Use separate arrays instead of an Array-of-Structs | security, optimization | [CWE-1043](https://cwe.mitre.org/data/definitions/1043.html) | | | ✓ | ✓ | ✓ | | -| [PWR017](Checks/PWR017/) | Using countable while loops instead of for loops may inhibit vectorization | security, optimization | [CWE-1095](https://cwe.mitre.org/data/definitions/1095.html) | | | ✓ | | ✓ | | -| [PWR018](Checks/PWR018/) | Call to recursive function within a loop inhibits vectorization | security, optimization | [CWE-674](https://cwe.mitre.org/data/definitions/674.html) | [6.35](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.43](https://j3-fortran.org/doc/year/23/23-241.pdf) | | ✓ | ✓ | ✓ | | -| [PWR019](Checks/PWR019/) | Consider interchanging loops to favor vectorization by maximizing inner loop's trip count | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR020](Checks/PWR020/) | Consider loop fission to enable vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR021](Checks/PWR021/) | Consider loop fission with scalar to vector promotion to enable vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR022](Checks/PWR022/) | Move invariant conditional out of the loop to facilitate vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR023](Checks/PWR023/) | Add 'restrict' for pointer function arguments to hint the compiler that vectorization is safe | optimization | | | | ✓ | | ✓ | | -| [PWR024](Checks/PWR024/) | Loop can be rewritten in OpenMP canonical form | optimization | | | | ✓ | | ✓ | | -| [PWR025](Checks/PWR025/) | Consider annotating pure function with OpenMP 'declare simd' | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR026](Checks/PWR026/) | Annotate function for OpenMP Offload | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR027](Checks/PWR027/) | Annotate function for OpenACC Offload | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR028](Checks/PWR028/) | Remove pointer increment preventing performance optimization | security, optimization | [CWE-468](https://cwe.mitre.org/data/definitions/468.html) | | [EXP08-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP08-C.+Ensure+pointer+arithmetic+is+used+correctly) | ✓ | | ✓ | | -| [PWR029](Checks/PWR029/) | Remove integer increment preventing performance optimization | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR030](Checks/PWR030/) | Remove pointer assignment preventing performance optimization for perfectly nested loops | security, optimization | [CWE-468](https://cwe.mitre.org/data/definitions/468.html) | | [EXP08-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP08-C.+Ensure+pointer+arithmetic+is+used+correctly) | ✓ | ✓ | ✓ | | -| [PWR031](Checks/PWR031/) | Replace pow by multiplication, division and/or square root | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR032](Checks/PWR032/) | Avoid calls to mathematical functions with higher precision than required | optimization | | | | ✓ | | ✓ | | -| [PWR033](Checks/PWR033/) | Move invariant conditional out of the loop to avoid redundant computations | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR034](Checks/PWR034/) | Avoid strided array access to improve performance | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR035](Checks/PWR035/) | Avoid non-consecutive array access to improve performance | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR036](Checks/PWR036/) | Avoid indirect array access to improve performance | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR037](Checks/PWR037/) | Potential precision loss in call to mathematical function | correctness, security | [CWE-197](https://cwe.mitre.org/data/definitions/197.html) | [6.2](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.6](https://j3-fortran.org/doc/year/23/23-241.pdf) | [FLP34-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP34-C.+Ensure+that+floating-point+conversions+are+within+range+of+the+new+type) | ✓ | | ✓ | | -| [PWR039](Checks/PWR039/) | Consider loop interchange to improve the locality of reference and enable vectorization | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR040](Checks/PWR040/) | Consider loop tiling to improve the locality of reference | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR042](Checks/PWR042/) | Consider loop interchange by promoting the scalar reduction variable to an array | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR043](Checks/PWR043/) | Consider loop interchange by replacing the scalar reduction value | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR044](Checks/PWR044/) | Avoid unnecessary floating-point data conversions involving constants | optimization | | | | ✓ | | ✓ | | -| [PWR045](Checks/PWR045/) | Replace division with a multiplication with a reciprocal | optimization | | | | ✓ | | ✓ | | -| [PWR046](Checks/PWR046/) | Replace two divisions with a division and a multiplication | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR048](Checks/PWR048/) | Replace multiplication/addition combo with an explicit call to fused multiply-add | optimization | | | | ✓ | | ✓ | | -| [PWR049](Checks/PWR049/) | Move iterator-dependent condition outside of the loop | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR050](Checks/PWR050/) | Consider applying multithreading parallelism to forall loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR051](Checks/PWR051/) | Consider applying multithreading parallelism to scalar reduction loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR052](Checks/PWR052/) | Consider applying multithreading parallelism to sparse reduction loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR053](Checks/PWR053/) | Consider applying vectorization to forall loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR054](Checks/PWR054/) | Consider applying vectorization to scalar reduction loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR055](Checks/PWR055/) | Consider applying offloading parallelism to forall loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR056](Checks/PWR056/) | Consider applying offloading parallelism to scalar reduction loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR057](Checks/PWR057/) | Consider applying offloading parallelism to sparse reduction loop | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [PWR060](Checks/PWR060/) | Consider loop fission to separate gather memory access pattern | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR062](Checks/PWR062/) | Consider loop interchange by removing accumulation on array value | optimization | | | | ✓ | ✓ | ✓ | | -| [PWR063](Checks/PWR063/) | Avoid using legacy Fortran constructs | correctness, modernization, security | [CWE-477](https://cwe.mitre.org/data/definitions/477.html), [CWE-1075](https://cwe.mitre.org/data/definitions/1075.html), [CWE-1119](https://cwe.mitre.org/data/definitions/1119.html) | [6.27](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.28](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.31](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.58](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | | | -| [PWR068](Checks/PWR068/) | Encapsulate procedures within modules to avoid the risks of calling implicit interfaces | correctness, modernization, security | [CWE-628](https://cwe.mitre.org/data/definitions/628.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.11](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.34](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.53](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL07-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators), [DCL31-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them), [EXP37-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments) | | ✓ | | | -| [PWR069](Checks/PWR069/) | Use the keyword only to explicitly state what to import from a module | correctness, modernization, security | | [6.21](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL23-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL23-C.+Guarantee+that+mutually+visible+identifiers+are+unique) | | ✓ | | ✓[^1] | -| [PWR070](Checks/PWR070/) | Declare array dummy arguments as assumed-shape arrays | correctness, modernization, security, optimization | [CWE-130](https://cwe.mitre.org/data/definitions/130.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [API02-C](https://wiki.sei.cmu.edu/confluence/display/c/API02-C.+Functions+that+read+or+write+to+or+from+an+array+should+take+an+argument+to+specify+the+source+or+target+size) | | ✓ | | | -| [PWR071](Checks/PWR071/) | Prefer real(kind=kind_value) for declaring consistent floating types | modernization, portability, security | [CWE-1102](https://cwe.mitre.org/data/definitions/1102.html), [CWE-1339](https://cwe.mitre.org/data/definitions/1339.html) | [6.2](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.4](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.6](https://j3-fortran.org/doc/year/23/23-241.pdf) | [FLP00-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP00-C.+Understand+the+limitations+of+floating-point+numbers) | | ✓ | | | -| [PWR072](Checks/PWR072/) | Explicitly declare the 'save' attribute or split the variable initialization to prevent unintended behavior | correctness, security | [CWE-665](https://cwe.mitre.org/data/definitions/665.html) | [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | | ✓[^1] | -| [PWR073](Checks/PWR073/) | Transform common block into a module for better data encapsulation | correctness, modernization, security | [CWE-1083](https://cwe.mitre.org/data/definitions/1083.html), [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | [6.37](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.53](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | | | -| [PWR075](Checks/PWR075/) | Avoid using compiler-specific Fortran extensions | modernization, portability, security | [CWE-474](https://cwe.mitre.org/data/definitions/474.html), [CWE-1103](https://cwe.mitre.org/data/definitions/1103.html) | [6.57](https://j3-fortran.org/doc/year/23/23-241.pdf) | [MSC23-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC23-C.+Beware+of+vendor-specific+library+and+language+differences) | | ✓ | | | -| [PWR079](Checks/PWR079/) | Avoid undefined behavior due to uninitialized variables | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | ✓ | ✓ | ✓ | | -| [PWR080](Checks/PWR080/) | Conditionally initialized variables can lead to undefined behavior | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | ✓ | ✓ | ✓ | | -| [PWR081](Checks/PWR081/) | Uninitialized output arguments can lead to undefined behavior | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | | ✓ | | | -| [PWD002](Checks/PWD002/) | Unprotected multithreading reduction operation | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON07-C](https://wiki.sei.cmu.edu/confluence/display/c/CON07-C.+Ensure+that+compound+operations+on+shared+variables+are+atomic), [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | ✓ | ✓ | ✓ | | -| [PWD003](Checks/PWD003/) | Missing array range in data copy to the GPU | correctness, security | [CWE-131](https://cwe.mitre.org/data/definitions/131.html), [CWE-758](https://cwe.mitre.org/data/definitions/758.html) | [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | ✓ | ✓ | ✓ | | -| [PWD004](Checks/PWD004/) | Out-of-memory-bounds array access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | ✓ | ✓ | ✓ | | -| [PWD005](Checks/PWD005/) | Array range copied to or from the GPU does not cover the used range | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-131](https://cwe.mitre.org/data/definitions/131.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | ✓ | ✓ | ✓ | | -| [PWD006](Checks/PWD006/) | Missing deep copy of non-contiguous data to the GPU | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html) | [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts), [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | ✓ | ✓ | ✓ | | -| [PWD007](Checks/PWD007/) | Unprotected multithreading recurrence | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | ✓ | ✓ | ✓ | | -| [PWD008](Checks/PWD008/) | Unprotected multithreading recurrence due to out-of-dimension-bounds array access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts), [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | ✓ | ✓ | ✓ | | -| [PWD009](Checks/PWD009/) | Incorrect privatization in parallel region | correctness, security | [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | | | ✓ | ✓ | ✓ | | -| [PWD010](Checks/PWD010/) | Incorrect sharing in parallel region | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | ✓ | ✓ | ✓ | | -| [PWD011](Checks/PWD011/) | Missing OpenMP lastprivate clause | correctness, security | [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | | | ✓ | ✓ | ✓ | | -| [RMK001](Checks/RMK001/) | Loop nesting that might benefit from hybrid parallelization using multithreading and SIMD | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [RMK002](Checks/RMK002/) | Loop nesting that might benefit from hybrid parallelization using offloading and SIMD | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK003](Checks/RMK003/) | Potentially privatizable temporary variable | optimization | | | | ✓ | | ✓ | | -| [RMK007](Checks/RMK007/) | Vectorization opportunity within a multithreaded region | optimization | | | | ✓ | ✓ | ✓ | ✓[^1] | -| [RMK008](Checks/RMK008/) | Vectorization opportunity within an offloaded region | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK009](Checks/RMK009/) | Outline loop to increase compiler and tooling code coverage | optimization | | | | ✓ | | ✓ | | -| [RMK010](Checks/RMK010/) | Strided memory accesses in the loop body may prevent vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK012](Checks/RMK012/) | Conditional execution in the loop body may prevent vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK013](Checks/RMK013/) | Low trip count unknown at compile time may prevent vectorization of the loop | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK014](Checks/RMK014/) | Unpredictable memory accesses in the loop body may prevent vectorization | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK015](Checks/RMK015/) | Tune compiler optimization flags to increase the speed of the code | optimization | | | | ✓ | ✓ | ✓ | | -| [RMK016](Checks/RMK016/) | Tune compiler optimization flags to avoid potential changes in floating point precision | correctness, security | [CWE-189](https://cwe.mitre.org/data/definitions/189.html) | | [FLP01-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP01-C.+Take+care+in+rearranging+floating-point+expressions) | ✓ | ✓ | ✓ | | +| ID | Title | Category | CWE | ISO/IEC 24772-8 | SEI CERT C |SEI CERT C++ | C | Fortran | C++ | AutoFix | +|:------------------------ |:-----------------------------------------------------------------------------------------------------------:|:--------------------------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:----------------------------------------------------------------------------------------------------------------------------:|:-:|:-------:|:---:|:-------:| +| [PWR001](Checks/PWR001/) | Pass global variables as function arguments | correctness, modernization, security | [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | ✓ | ✓ | | +| [PWR002](Checks/PWR002/) | Declare scalar variables in the smallest possible scope | correctness, security | [CWE-1126](https://cwe.mitre.org/data/definitions/1126.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | | ✓ | | +| [PWR003](Checks/PWR003/) | Explicitly declare pure functions | modernization, security, optimization | | [6.24](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | ✓ | ✓ | | +| [PWR004](Checks/PWR004/) | Declare OpenMP scoping for all variables | correctness | | | | | ✓ | ✓ | ✓ | | +| [PWR005](Checks/PWR005/) | Disable default OpenMP scoping | correctness | | | | | ✓ | ✓ | ✓ | | +| [PWR006](Checks/PWR006/) | Avoid privatization of read-only variables | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR007](Checks/PWR007/) | Disable the implicit declaration of variables and procedures | correctness, modernization, security | [CWE-628](https://cwe.mitre.org/data/definitions/628.html) | [6.17](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.18](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.19](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.21](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf), [7.2](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL07-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators), [DCL31-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them), [EXP37-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments) | | | ✓ | | ✓[^1] | +| [PWR008](Checks/PWR008/) | Declare the intent for each procedure argument | correctness, modernization, security | [CWE-374](https://cwe.mitre.org/data/definitions/374.html) | [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.65](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL13-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const) | | | ✓ | | ✓[^1] | +| [PWR009](Checks/PWR009/) | Use OpenMP teams to offload work to GPU | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR010](Checks/PWR010/) | Avoid column-major array access in C/C++ | optimization | | | | | ✓ | | ✓ | | +| [PWR012](Checks/PWR012/) | Pass only required fields from derived type as arguments | modernization, optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR013](Checks/PWR013/) | Avoid copying unused variables to or from the GPU | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR014](Checks/PWR014/) | Out-of-dimension-bounds matrix access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | | ✓ | | ✓ | | +| [PWR015](Checks/PWR015/) | Avoid copying unnecessary array elements to or from the GPU | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR016](Checks/PWR016/) | Use separate arrays instead of an Array-of-Structs | security, optimization | [CWE-1043](https://cwe.mitre.org/data/definitions/1043.html) | | | | ✓ | ✓ | ✓ | | +| [PWR017](Checks/PWR017/) | Using countable while loops instead of for loops may inhibit vectorization | security, optimization | [CWE-1095](https://cwe.mitre.org/data/definitions/1095.html) | | | | ✓ | | ✓ | | +| [PWR018](Checks/PWR018/) | Call to recursive function within a loop inhibits vectorization | security, optimization | [CWE-674](https://cwe.mitre.org/data/definitions/674.html) | [6.35](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.43](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | ✓ | ✓ | | +| [PWR019](Checks/PWR019/) | Consider interchanging loops to favor vectorization by maximizing inner loop's trip count | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR020](Checks/PWR020/) | Consider loop fission to enable vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR021](Checks/PWR021/) | Consider loop fission with scalar to vector promotion to enable vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR022](Checks/PWR022/) | Move invariant conditional out of the loop to facilitate vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR023](Checks/PWR023/) | Add 'restrict' for pointer function arguments to hint the compiler that vectorization is safe | optimization | | | | | ✓ | | ✓ | | +| [PWR024](Checks/PWR024/) | Loop can be rewritten in OpenMP canonical form | optimization | | | | | ✓ | | ✓ | | +| [PWR025](Checks/PWR025/) | Consider annotating pure function with OpenMP 'declare simd' | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR026](Checks/PWR026/) | Annotate function for OpenMP Offload | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR027](Checks/PWR027/) | Annotate function for OpenACC Offload | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR028](Checks/PWR028/) | Remove pointer increment preventing performance optimization | security, optimization | [CWE-468](https://cwe.mitre.org/data/definitions/468.html) | | [EXP08-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP08-C.+Ensure+pointer+arithmetic+is+used+correctly) | | ✓ | | ✓ | | +| [PWR029](Checks/PWR029/) | Remove integer increment preventing performance optimization | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR030](Checks/PWR030/) | Remove pointer assignment preventing performance optimization for perfectly nested loops | security, optimization | [CWE-468](https://cwe.mitre.org/data/definitions/468.html) | | [EXP08-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP08-C.+Ensure+pointer+arithmetic+is+used+correctly) | | ✓ | ✓ | ✓ | | +| [PWR031](Checks/PWR031/) | Replace pow by multiplication, division and/or square root | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR032](Checks/PWR032/) | Avoid calls to mathematical functions with higher precision than required | optimization | | | | | ✓ | | ✓ | | +| [PWR033](Checks/PWR033/) | Move invariant conditional out of the loop to avoid redundant computations | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR034](Checks/PWR034/) | Avoid strided array access to improve performance | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR035](Checks/PWR035/) | Avoid non-consecutive array access to improve performance | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR036](Checks/PWR036/) | Avoid indirect array access to improve performance | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR037](Checks/PWR037/) | Potential precision loss in call to mathematical function | correctness, security | [CWE-197](https://cwe.mitre.org/data/definitions/197.html) | [6.2](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.6](https://j3-fortran.org/doc/year/23/23-241.pdf) | [FLP34-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP34-C.+Ensure+that+floating-point+conversions+are+within+range+of+the+new+type) | | ✓ | | ✓ | | +| [PWR039](Checks/PWR039/) | Consider loop interchange to improve the locality of reference and enable vectorization | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR040](Checks/PWR040/) | Consider loop tiling to improve the locality of reference | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR042](Checks/PWR042/) | Consider loop interchange by promoting the scalar reduction variable to an array | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR043](Checks/PWR043/) | Consider loop interchange by replacing the scalar reduction value | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR044](Checks/PWR044/) | Avoid unnecessary floating-point data conversions involving constants | optimization | | | | | ✓ | | ✓ | | +| [PWR045](Checks/PWR045/) | Replace division with a multiplication with a reciprocal | optimization | | | | | ✓ | | ✓ | | +| [PWR046](Checks/PWR046/) | Replace two divisions with a division and a multiplication | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR048](Checks/PWR048/) | Replace multiplication/addition combo with an explicit call to fused multiply-add | optimization | | | | | ✓ | | ✓ | | +| [PWR049](Checks/PWR049/) | Move iterator-dependent condition outside of the loop | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR050](Checks/PWR050/) | Consider applying multithreading parallelism to forall loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR051](Checks/PWR051/) | Consider applying multithreading parallelism to scalar reduction loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR052](Checks/PWR052/) | Consider applying multithreading parallelism to sparse reduction loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR053](Checks/PWR053/) | Consider applying vectorization to forall loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR054](Checks/PWR054/) | Consider applying vectorization to scalar reduction loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR055](Checks/PWR055/) | Consider applying offloading parallelism to forall loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR056](Checks/PWR056/) | Consider applying offloading parallelism to scalar reduction loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR057](Checks/PWR057/) | Consider applying offloading parallelism to sparse reduction loop | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [PWR060](Checks/PWR060/) | Consider loop fission to separate gather memory access pattern | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR062](Checks/PWR062/) | Consider loop interchange by removing accumulation on array value | optimization | | | | | ✓ | ✓ | ✓ | | +| [PWR063](Checks/PWR063/) | Avoid using legacy Fortran constructs | correctness, modernization, security | [CWE-477](https://cwe.mitre.org/data/definitions/477.html), [CWE-1075](https://cwe.mitre.org/data/definitions/1075.html), [CWE-1119](https://cwe.mitre.org/data/definitions/1119.html) | [6.27](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.28](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.31](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.58](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | | ✓ | | | +| [PWR068](Checks/PWR068/) | Encapsulate procedures within modules to avoid the risks of calling implicit interfaces | correctness, modernization, security | [CWE-628](https://cwe.mitre.org/data/definitions/628.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.11](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.34](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.53](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL07-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators), [DCL31-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them), [EXP37-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments) | | | ✓ | | | +| [PWR069](Checks/PWR069/) | Use the keyword only to explicitly state what to import from a module | correctness, modernization, security | | [6.21](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL23-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL23-C.+Guarantee+that+mutually+visible+identifiers+are+unique) | | | ✓ | | ✓[^1] | +| [PWR070](Checks/PWR070/) | Declare array dummy arguments as assumed-shape arrays | correctness, modernization, security, optimization | [CWE-130](https://cwe.mitre.org/data/definitions/130.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [API02-C](https://wiki.sei.cmu.edu/confluence/display/c/API02-C.+Functions+that+read+or+write+to+or+from+an+array+should+take+an+argument+to+specify+the+source+or+target+size) | | | ✓ | | | +| [PWR071](Checks/PWR071/) | Prefer real(kind=kind_value) for declaring consistent floating types | modernization, portability, security | [CWE-1102](https://cwe.mitre.org/data/definitions/1102.html), [CWE-1339](https://cwe.mitre.org/data/definitions/1339.html) | [6.2](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.4](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.6](https://j3-fortran.org/doc/year/23/23-241.pdf) | [FLP00-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP00-C.+Understand+the+limitations+of+floating-point+numbers) | | | ✓ | | | +| [PWR072](Checks/PWR072/) | Explicitly declare the 'save' attribute or split the variable initialization to prevent unintended behavior | correctness, security | [CWE-665](https://cwe.mitre.org/data/definitions/665.html) | [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | | ✓ | | ✓[^1] | +| [PWR073](Checks/PWR073/) | Transform common block into a module for better data encapsulation | correctness, modernization, security | [CWE-1083](https://cwe.mitre.org/data/definitions/1083.html), [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | [6.37](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.53](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | | ✓ | | | +| [PWR075](Checks/PWR075/) | Avoid using compiler-specific Fortran extensions | modernization, portability, security | [CWE-474](https://cwe.mitre.org/data/definitions/474.html), [CWE-1103](https://cwe.mitre.org/data/definitions/1103.html) | [6.57](https://j3-fortran.org/doc/year/23/23-241.pdf) | [MSC23-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC23-C.+Beware+of+vendor-specific+library+and+language+differences) | | | ✓ | | | +| [PWR079](Checks/PWR079/) | Avoid undefined behavior due to uninitialized variables | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | [EXP53-CPP](https://wiki.sei.cmu.edu/confluence/spaces/cplusplus/pages/88046609/EXP53-CPP.+Do+not+read+uninitialized+memory) | ✓ | ✓ | ✓ | | +| [PWR080](Checks/PWR080/) | Conditionally initialized variables can lead to undefined behavior | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | [EXP53-CPP](https://wiki.sei.cmu.edu/confluence/spaces/cplusplus/pages/88046609/EXP53-CPP.+Do+not+read+uninitialized+memory) | ✓ | ✓ | ✓ | | +| [PWR081](Checks/PWR081/) | Uninitialized output arguments can lead to undefined behavior | correctness, portability, security | [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html), [CWE-909](https://cwe.mitre.org/data/definitions/909.html) | [6.13](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.22](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [EXP34-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP34-C.+Do+not+dereference+null+pointers), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | | | ✓ | | | +| [PWD002](Checks/PWD002/) | Unprotected multithreading reduction operation | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON07-C](https://wiki.sei.cmu.edu/confluence/display/c/CON07-C.+Ensure+that+compound+operations+on+shared+variables+are+atomic), [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | | ✓ | ✓ | ✓ | | +| [PWD003](Checks/PWD003/) | Missing array range in data copy to the GPU | correctness, security | [CWE-131](https://cwe.mitre.org/data/definitions/131.html), [CWE-758](https://cwe.mitre.org/data/definitions/758.html) | [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | | ✓ | ✓ | ✓ | | +| [PWD004](Checks/PWD004/) | Out-of-memory-bounds array access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | | ✓ | ✓ | ✓ | | +| [PWD005](Checks/PWD005/) | Array range copied to or from the GPU does not cover the used range | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-131](https://cwe.mitre.org/data/definitions/131.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts) | | ✓ | ✓ | ✓ | | +| [PWD006](Checks/PWD006/) | Missing deep copy of non-contiguous data to the GPU | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-758](https://cwe.mitre.org/data/definitions/758.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html), [CWE-908](https://cwe.mitre.org/data/definitions/908.html) | [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts), [EXP33-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP33-C.+Do+not+read+uninitialized+memory), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | | ✓ | ✓ | ✓ | | +| [PWD007](Checks/PWD007/) | Unprotected multithreading recurrence | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | | ✓ | ✓ | ✓ | | +| [PWD008](Checks/PWD008/) | Unprotected multithreading recurrence due to out-of-dimension-bounds array access | correctness, security | [CWE-125](https://cwe.mitre.org/data/definitions/125.html), [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-787](https://cwe.mitre.org/data/definitions/787.html), [CWE-820](https://cwe.mitre.org/data/definitions/820.html) | [6.8](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.9](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.10](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.56](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [ARR30-C](https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts), [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code), [MSC15-C](https://wiki.sei.cmu.edu/confluence/display/c/MSC15-C.+Do+not+depend+on+undefined+behavior) | | ✓ | ✓ | ✓ | | +| [PWD009](Checks/PWD009/) | Incorrect privatization in parallel region | correctness, security | [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | | | | ✓ | ✓ | ✓ | | +| [PWD010](Checks/PWD010/) | Incorrect sharing in parallel region | correctness, security | [CWE-366](https://cwe.mitre.org/data/definitions/366.html), [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | [6.61](https://j3-fortran.org/doc/year/23/23-241.pdf) | [CON43-C](https://wiki.sei.cmu.edu/confluence/display/c/CON43-C.+Do+not+allow+data+races+in+multithreaded+code) | | ✓ | ✓ | ✓ | | +| [PWD011](Checks/PWD011/) | Missing OpenMP lastprivate clause | correctness, security | [CWE-821](https://cwe.mitre.org/data/definitions/821.html) | | | | ✓ | ✓ | ✓ | | +| [RMK001](Checks/RMK001/) | Loop nesting that might benefit from hybrid parallelization using multithreading and SIMD | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [RMK002](Checks/RMK002/) | Loop nesting that might benefit from hybrid parallelization using offloading and SIMD | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK003](Checks/RMK003/) | Potentially privatizable temporary variable | optimization | | | | | ✓ | | ✓ | | +| [RMK007](Checks/RMK007/) | Vectorization opportunity within a multithreaded region | optimization | | | | | ✓ | ✓ | ✓ | ✓[^1] | +| [RMK008](Checks/RMK008/) | Vectorization opportunity within an offloaded region | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK009](Checks/RMK009/) | Outline loop to increase compiler and tooling code coverage | optimization | | | | | ✓ | | ✓ | | +| [RMK010](Checks/RMK010/) | Strided memory accesses in the loop body may prevent vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK012](Checks/RMK012/) | Conditional execution in the loop body may prevent vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK013](Checks/RMK013/) | Low trip count unknown at compile time may prevent vectorization of the loop | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK014](Checks/RMK014/) | Unpredictable memory accesses in the loop body may prevent vectorization | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK015](Checks/RMK015/) | Tune compiler optimization flags to increase the speed of the code | optimization | | | | | ✓ | ✓ | ✓ | | +| [RMK016](Checks/RMK016/) | Tune compiler optimization flags to avoid potential changes in floating point precision | correctness, security | [CWE-189](https://cwe.mitre.org/data/definitions/189.html) | | [FLP01-C](https://wiki.sei.cmu.edu/confluence/display/c/FLP01-C.+Take+care+in+rearranging+floating-point+expressions) | | ✓ | ✓ | ✓ | | **CWE**, **ISO/IEC 24772-8**, and **SEI CERT C**: Map checks in the Open Catalog to major security standards to clarify their relevance to software security