View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

MISRA.STDLIB.STDIO

Use of input/output library stdio.h in production code.

MISRA C 2012 Rule 21.6: The Standard Library input/output functions shall not be used

C90 [Unspecified 2–5, 16–18; Undefined 77–89; Implementation 53–68]

C99 [Unspecified 3–6, 34–37; Undefined 138–166, 186; Implementation J.3.12(14–32)]

Category: Required

Analysis: Decidable, Single Translation Unit

Applies to: C90, C99

Amplification

This rule applies to the functions that are specified as being provided by <stdio.h> and, in C99, their wide-character equivalents specified in Sections 7.24.2 and 7.24.3 of the C99 Standard as being provided by <wchar.h>.

None of these identifiers shall be used and no macro with one of these names shall be expanded.

Rationale

Streams and file I/O have unspecified, undefined and implementation-defined behaviours associated with them.

See also

Rule 22.1, Rule 22.3, Rule 22.4, Rule 22.5, Rule 22. 6

Amplification

MISRA-C 2004 Rule 20.9 (required): The input/output library ''<stdio.h>'' shall not be used in production code.

Use of input/output library stdio.h in production code.

This rule is also covered by MISRA.INCL.UNSAFE.

[Unspecified 2—5,16—18; Undefined 77—89; Implementation 53—68]

This includes file and I/O functions fgetpos, fopen, ftell, gets, perror, remove, rename and ungetc.

Streams and file I/O have a large number of unspecified, undefined and implementation-defined behaviours associated with them. It is assumed within this document that they will not normally be needed in production code in embedded systems.

If any of the features of stdio.h need to be used in production code, then the issues associated with the feature need to be understood.

MISRA-C++ 2008 Rule 27-0-1 (required): The stream input/output library '<cstdio>' shall not be used.

This rule is also covered by MISRA.INCL.UNSAFE.

Rationale

This includes file and I/O functions fgetpos, fopen, ftell, gets, perror, remove, rename, etc.

Streams and file I/O have a large number of unspecified, undefined and implementation-defined behaviours associated with them.

Example

#include <cstdio>        // Non-compliant

void fn ( )
{
   char_t array [ 10 ];

   gets ( array );       // Can lead to buffer over-run
}
Parent topic: MISRA-C++ 2008 checker reference
Parent topic: MISRA-C 2004 checker reference
Related reference

© Rogue Wave Software, Inc. All rights reserved. | Contact