Documentation

All code shall conform to ISO^® 9899:1990 "Programming languages - C", amended and corrected by ISO/IEC 9899/COR1:1995, ISO/IEC 9899/AMD1:1995, and ISO/IEC 9899/COR2:1996.

Assembly language shall be encapsulated and isolated.

Source code shall only use /* */ style comments.

The character sequence /* shall not be used within a comment.

All uses of the #pragma directive shall be documented and explained.

Only those escape sequences which are defined in the ISO C standard shall be used.

Trigraphs shall not be used.

Identifiers (internal and external) shall not rely on the significance of more than 31 characters.

Identifiers in an inner scope shall not use the same name as an identifier in an outer scope, and therefore hide that identifier.

A typedef name shall be a unique identifier.

A tag name shall be a unique identifier.

No object or function identifier with a static storage duration should be reused.

No identifier in one name space should have the same spelling as an identifier in another name space, with the exception of structure and union member names.

No identifier name should be reused.

The plain char type shall be used only for the storage and use of character values.

Signed and unsigned char type shall be used only for the storage and use of numeric values.

typedefs that indicate size and signedness should be used in place of the basic types.

Bit fields shall only be defined to be of type unsigned int or signed int.

Bit fields of type signed int shall be at least 2 bits long.

Octal constants (other than zero) and octal escape sequences shall not be used.

Functions shall have prototype declarations and the prototype shall be visible at both the function definition and call.

Whenever an object or function is declared or defined, its type shall be explicitly stated.

For each function parameter the type given in the declaration and definition shall be identical, and the return types shall also be identical.

If objects or functions are declared more than once their types shall be compatible.

There shall be no definitions of objects or functions in a header file.

Functions shall always be declared at file scope.

Objects shall be defined at block scope if they are only accessed from within a single function.

An external object or function shall be declared in one file and only one file.

An identifier with external linkage shall have exactly one external definition.

All declarations and definitions of objects or functions at file scope shall have internal linkage unless external linkage is required.

The static storage class specifier shall be used in definitions and  declarations of objects and functions that have internal linkage

When an array is declared with external linkage, its size shall be stated explicitly or defined implicitly by initialization.

Braces shall be used to indicate and match the structure in the nonzero initialization of arrays and structures.

In an enumerator list, the = construct shall not be used to explicitly initialize members other than the first, unless all items are explicitly initialized.

The value of an expression of integer type shall not be implicitly converted to a different underlying type if:

The value of an expression of floating type shall not be implicitly converted to a different type if

The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression.

The value of a complex expression of float type may only be cast to narrower floating type.

If the bitwise operator ~ and << are applied to an operand of underlying type unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand

The "U" suffix shall be applied to all constants of unsigned types.

Conversion shall not be performed between a pointer to a function and any type other than an integral type.

Conversion shall not be performed between a pointer to an object and any type other than an integral type, another pointer to a object type or a pointer to void.

A cast should not be performed between a pointer type and an integral type.

A cast should not be performed between a pointer to object type and a different pointer to object type.

A cast shall not be performed that removes any const or volatile qualification from the type addressed by a pointer

Limited dependence should be placed on C's operator precedence rules in expressions.

The sizeof operator should not be used on expressions that contain side effects.

The operands of a logical && or || shall be primary-expressions.

Operands of logical operators (&&, || and !) should be effectively Boolean. Expression that are effectively Boolean should not be used as operands to operators other than (&&, || or !).

Bitwise operators shall not be applied to operands whose underlying type is signed.

The unary minus operator shall not be applied to an expression whose underlying type is unsigned.

The comma operator shall not be used.

Evaluation of constant unsigned expression should not lead to wraparound.

The underlying bit representations of floating-point values shall not be used.

The increment (++) and decrement (--) operators should not be mixed with other operators in an expression

Assignment operators shall not be used in expressions that yield Boolean values.

Tests of a value against zero should be made explicit, unless the operand is effectively Boolean.

Floating-point expressions shall not be tested for equality or inequality.

The controlling expression of a for statement shall not contain any objects of floating type.

The three expressions of a for statement shall be concerned only with loop control.

Numeric variables being used within a for loop for iteration counting should not be modified in the body of the loop.

All non-null statements shall either

The goto statement shall not be used.

The continue statement shall not be used.

For any iteration statement, there shall be at most one break statement used for loop termination.

A function shall have a single point of exit at the end of the function.

The statement forming the body of a switch, while, do while or for statement shall be a compound statement.

An if (expression) construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement.

All if else if constructs should contain a final else clause.

Unreachable code is detected between switch statement and first case.

A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement

An unconditional break statement shall terminate every non-empty switch clause.

The final clause of a switch statement shall be the default clause.

A switch expression should not represent a value that is effectively Boolean.

Every switch statement shall have at least one case clause.

Functions shall not be defined with variable numbers of arguments.

Identifiers shall be given for all of the parameters in a function prototype declaration.

The identifiers used in the declaration and definition of a function shall be identical.

Functions with no parameters shall be declared with parameter type void.

The number of arguments passed to a function shall match the number of parameters.

All exit paths from a function with non-void return type shall have an explicit return statement with an expression.

A function identifier shall only be used with either a preceding &, or with a parenthesized parameter list, which may be empty.

Array indexing shall be the only allowed form of pointer arithmetic.

A type should not contain more than 2 levels of pointer indirection.

All structure or union types shall be complete at the end of a translation unit.

Unions shall not be used.

#include statements in a file shall only be preceded by other preprocessors directives or comments.

Nonstandard characters should not occur in header file names in #include directives.

The #include directive shall be followed by either a <filename> or "filename" sequence.

C macros shall only expand to a braced initializer, a constant, a parenthesized expression, a type qualifier, a storage class specifier, or a do-while-zero construct.

Macros shall not be #defined and #undefd within a block.

#undef shall not be used.

A function should be used in preference to a function like-macro.

A function-like macro shall not be invoked without all of its arguments.

Arguments to a function-like macro shall not contain tokens that look like preprocessing directives.

In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses unless it is used as the operand of # or ##.

All macro identifiers in preprocessor directives shall be defined before use, except in #ifdef and #ifndef preprocessor directives and the defined() operator.

There shall be at most one occurrence of the # or ## preprocessor operators in a single macro definition.

The # and ## preprocessor operators should not be used.

The defined preprocessor operator shall only be used in one of the two standard forms.

Precautions shall be taken in order to prevent the contents of a header file being included twice.

Preprocessing directives shall be syntactically meaningful even when excluded by the preprocessor.

All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if or #ifdef directive to which they are related.

Reserved identifiers, macros and functions in the standard library, shall not be defined, redefined or undefined.

The names of standard library macros, objects and functions shall not be reused.

Dynamic heap memory allocation shall not be used.

The error indicator errno shall not be used.

The macro offsetof, in library <stddef.h>, shall not be used.

The setjmp macro and the longjmp function shall not be used.

The signal handling facilities of <signal.h> shall not be used.

The input/output library <stdio.h> shall not be used in production code.

The library functions atof, atoi and atoll from library <stdlib.h> shall not be used.

The library functions abort, exit, getenv and system from library <stdlib.h> shall not be used.

The time handling functions of library <time.h> shall not be used.

The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation's translation limits.

Language extensions should not be used.

A project should not contain unused type declarations.

A project should not contain unused tag declarations.

A project should not contain unused macro declarations.

A function should not contain unused label declarations.

There should be no unused parameters in functions.

The character sequences /* and // shall not be used within a comment.

Line-splicing shall not be used in // comments.

Octal and hexadecimal escape sequences shall be terminated.

Trigraphs should not be used.

External identifiers shall be distinct.

Identifiers declared in the same scope and name space shall be distinct.

An identifier declared in an inner scope shall not hide an identifier declared in an outer scope.

Macro identifiers shall be distinct.

Identifiers shall be distinct from macro names.

A typedef name shall be a unique identifier.

A tag name shall be a unique identifier.

Identifiers that define objects or functions with external linkage shall be unique.

Identifiers that define objects or functions with internal linkage should be unique.

Bit-fields shall only be declared with an appropriate type.

Single-bit named bit fields shall not be of a signed type.

Octal constants shall not be used.

A "u" or "U" suffix shall be applied to all integer constants that are represented in an unsigned type.

The lowercase character "l" shall not be used in a literal suffix.

A string literal shall not be assigned to an object unless the object's type is "pointer to const-qualified char".

Types shall be explicitly specified.

Function types shall be in prototype form with named parameters.

All declarations of an object or function shall use the same names and type qualifiers.

A compatible declaration shall be visible when an object or function with external linkage is defined.

An external object or function shall be declared once in one and only one file.

An identifier with external linkage shall have exactly one external definition.

Functions and objects should not be defined with external linkage if they are referenced in only one translation unit.

The static storage class specifier shall be used in all declarations of objects and functions that have internal linkage.

An object should be defined at block scope if its identifier only appears in a single function.

An inline function shall be declared with the static storage class.

When an array with external linkage is declared, its size should be explicitly specified.

Within an enumerator list, the value of an implicitly-specified enumeration constant shall be unique.

The restrict type qualifier shall not be used.

The initializer for an aggregate or union shall be enclosed in braces.

Arrays shall not be partially initialized.

An element of an object shall not be initialized more than once.

Where designated initializers are used to initialize an array object the size of the array shall be specified explicitly.

Operands shall not be of an inappropriate essential type.

Expressions of essentially character type shall not be used inappropriately in addition and subtraction operations.

The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category.

Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category.

The value of an expression should not be cast to an inappropriate essential type.

The value of a composite expression shall not be assigned to an object with wider essential type.

If a composite expression is used as one operand of an operator in which the usual arithmetic conversions are performed then the other operand shall not have wider essential type.

The value of a composite expression shall not be cast to a different essential type category or a wider essential type.

Conversions shall not be performed between a pointer to a function and any other type.

Conversions shall not be performed between a pointer to an incomplete type and any other type.

A cast shall not be performed between a pointer to object type and a pointer to a different object type.

A conversion should not be performed between a pointer to object and an integer type.

A conversion should not be performed from pointer to void into pointer to object.

A cast shall not be performed between pointer to void and an arithmetic type.

A cast shall not be performed between pointer to object and a non-integer arithmetic type.

A cast shall not remove any const or volatile qualification from the type pointed to by a pointer.

The macro NULL shall be the only permitted form of integer null pointer constant.

The precedence of operators within expressions should be made explicit.

The comma operator should not be used.

Evaluation of constant expressions should not lead to unsigned integer wrap-around.

A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator.

The result of an assignment operator should not be used.

The operand of the sizeof operator shall not contain any expression which has potential side effects.

The controlling expression of an if statement and the controlling expression of an iteration-statement shall have essentially Boolean type.

The goto statement should not be used.

The goto statement shall jump to a label declared later in the same function.

Any label referenced by a goto statement shall be declared in the same block, or in any block enclosing the goto statement.

There should be no more than one break or goto statement used to terminate any iteration statement.

A function should have a single point of exit at the end

The body of an iteration-statement or a selection-statement shall be a compound statement.

All if … else if constructs shall be terminated with an else statement.

All switch statements shall be well-formed.

A switch label shall only be used when the most closely-enclosing compound statement is the body of a switch statement.

An unconditional break statement shall terminate every switch-clause.

Every switch statement shall have a default label.

A default label shall appear as either the first or the last switch label of a switch statement.

Every switch statement shall have at least two switch-clauses.

A switch-expression shall not have essentially Boolean type.

The features of <starg.h> shall not be used.

A function shall not be declared implicitly.

All exit paths from a function with non-void return type shall have an explicit return statement with an expression.

The declaration of an array parameter shall not contain the static keyword between the [ ].

The value returned by a function having non-void return type shall be used.

The +, -, += and -= operators should not be applied to an expression of pointer type.

Declarations should contain no more than two levels of pointer nesting.

Flexible array members shall not be declared.

Variable-length array types shall not be used.

The union keyword should not be used.

#include directives should only be preceded by preprocessor directives or comments.

The ', ", or \ characters and the /* or // character sequences shall not occur in a header file name.

The #include directive shall be followed by either a <filename> or \"filename\" sequence.

A macro shall not be defined with the same name as a keyword.

#undef should not be used.

Tokens that look like a preprocessing directive shall not occur within a macro argument.

Expressions resulting from the expansion of macro parameters shall be enclosed in parentheses.

The controlling expression of a #if or #elif preprocessing directive shall evaluate to 0 or 1.

All identifiers used in the controlling expression of #if or #elif preprocessing directives shall be #define'd before evaluation.

The # and ## preprocessor operators should not be used.

A macro parameter immediately following a # operator shall not immediately be followed by a ## operator.

A macro parameter used as an operand to the # or ## operators, which is itself subject to further macro replacement, shall only be used as an operand to these operators.

A line whose first token is # shall be a valid preprocessing directive.

All #else, #elif and #endif preprocessor directives shall reside in the same file as the #if, #ifdef or #ifndef directive to which they are related.

#define and #undef shall not be used on a reserved identifier or reserved macro name.

A reserved identifier or macro name shall not be declared.

The memory allocation and deallocation functions of <stdlib.h> shall not be used.

The standard header file <setjmp.h> shall not be used.

The standard header file <signal.h> shall not be used.

The Standard Library input/output functions shall not be used.

The atof, atoi, atol, and atoll functions of <stdlib.h> shall not be used.

The library functions abort, exit, getenv and system of <stdlib.h> shall not be used.

The library functions bsearch and qsort of <stdlib.h> shall not be used.

The Standard Library time and date functions shall not be used.

The standard header file <tgmath.h> shall not be used.

The exception handling features of <fenv.h> should not be used.