Open Catalog of Code Guidelines for Correctness, Modernization, Security, Portability, and Optimization
About
This Open Catalog is a collaborative effort to consolidate expert knowledge on code guidelines for the correctness, modernization, security, portability, and optimization of code written in C, C++, and Fortran programming languages. The Catalog consists of a comprehensive set of checks (rules) that describe specific issues in the source code and provide guidance on corrective actions, along with extensive documentation, example codes and references to additional reading resources.
Benchmarks
The Open Catalog includes a suite of microbenchmarks designed to demonstrate:
- No performance degradation when implementing the correctness, modernization, security, and portability recommendations.
- Potential performance enhancements achievable through the optimization recommendations.
Checks
| ID | Title | Category | CWE | ISO/IEC 24772-8 | SEI CERT C | SEI CERT C++ | C | Fortran | C++ | AutoFix |
|---|---|---|---|---|---|---|---|---|---|---|
| PWR001 | Pass global variables as function arguments | correctness, modernization, security | CWE-1108 | DCL19-C | ✓ | ✓ | ✓ | |||
| PWR002 | Declare scalar variables in the smallest possible scope | correctness, modernization, security | CWE-1126 | DCL19-C | ✓ | ✓ | ||||
| PWR003 | Explicitly declare pure functions | modernization, security | 6.24, 6.32 | ✓ | ✓ | ✓ | ||||
| PWR004 | Declare OpenMP scoping for all variables | correctness, security | ✓ | ✓ | ✓ | |||||
| PWR005 | Disable default OpenMP scoping | correctness, security | ✓ | ✓ | ✓ | |||||
| PWR006 | Avoid privatization of read-only variables | optimization | ✓ | ✓ | ✓ | |||||
| PWR007 | Disable the implicit declaration of variables and procedures | correctness, modernization, security | CWE-628 | 6.17, 6.18, 6.19, 6.21, 6.54, 7.2 | DCL07-C, DCL31-C, EXP37-C | ✓ | ✓1 | |||
| PWR008 | Declare the intent for each procedure argument | correctness, modernization, security | CWE-374 | 6.32, 6.65 | DCL13-C | ✓ | ✓1 | |||
| PWR009 | Use OpenMP teams to offload work to GPU | optimization | ✓ | ✓ | ✓ | |||||
| PWR012 | Pass only required fields from derived type as arguments | modernization, optimization | ✓ | ✓ | ✓ | |||||
| PWR013 | Avoid copying unused variables to or from the GPU | optimization | ✓ | ✓ | ✓ | |||||
| PWR014 | Out-of-dimension-bounds matrix access | correctness, security | CWE-125, CWE-787 | 6.8, 6.9, 6.10 | ARR30-C | ✓ | ✓ | |||
| PWR015 | Avoid copying unnecessary array elements to or from the GPU | optimization | ✓ | ✓ | ✓ | |||||
| PWR016 | Use separate arrays instead of an Array-of-Structs | security, optimization | CWE-1043 | ✓ | ✓ | ✓ | ||||
| PWR017 | Using countable while loops instead of for loops may inhibit vectorization | security, optimization | CWE-1095 | ✓ | ✓ | |||||
| PWR018 | Call to recursive function within a loop inhibits vectorization | security, optimization | CWE-674 | 6.35, 6.43 | ✓ | ✓ | ✓ | |||
| PWR019 | Consider interchanging loops to favor vectorization by maximizing inner loop's trip count | optimization | ✓ | ✓ | ✓ | |||||
| PWR020 | Consider loop fission to enable vectorization | optimization | ✓ | ✓ | ✓ | |||||
| PWR021 | Consider loop fission with scalar to vector promotion to enable vectorization | optimization | ✓ | ✓ | ✓ | |||||
| PWR022 | Move invariant conditional out of the loop to facilitate vectorization | optimization | ✓ | ✓ | ✓ | |||||
| PWR023 | Add 'restrict' for pointer function arguments to hint the compiler that vectorization is safe | optimization | ✓ | ✓ | ||||||
| PWR024 | Loop can be rewritten in OpenMP canonical form | optimization | ✓ | ✓ | ||||||
| PWR025 | Consider annotating pure function with OpenMP 'declare simd' | optimization | ✓ | ✓ | ✓ | |||||
| PWR026 | Annotate function for OpenMP Offload | optimization | ✓ | ✓ | ✓ | |||||
| PWR027 | Annotate function for OpenACC Offload | optimization | ✓ | ✓ | ✓ | |||||
| PWR028 | Remove pointer increment preventing performance optimization | security, optimization | CWE-468 | EXP08-C | ✓ | ✓ | ||||
| PWR029 | Remove integer increment preventing performance optimization | optimization | ✓ | ✓ | ✓ | |||||
| PWR030 | Remove pointer assignment preventing performance optimization for perfectly nested loops | security, optimization | CWE-468 | EXP08-C | ✓ | ✓ | ✓ | |||
| PWR031 | Replace pow by multiplication, division and/or square root | optimization | ✓ | ✓ | ✓ | |||||
| PWR032 | Avoid calls to mathematical functions with higher precision than required | optimization | ✓ | ✓ | ||||||
| PWR034 | Avoid strided array access to improve performance | optimization | ✓ | ✓ | ✓ | |||||
| PWR035 | Avoid non-consecutive array access to improve performance | optimization | ✓ | ✓ | ✓ | |||||
| PWR036 | Avoid indirect array access to improve performance | optimization | ✓ | ✓ | ✓ | |||||
| PWR037 | Potential precision loss in call to mathematical function | correctness, security | CWE-197 | 6.2, 6.6 | FLP34-C | ✓ | ��✓ | |||
| PWR039 | Consider loop interchange to improve the locality of reference and enable vectorization | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR040 | Consider loop tiling to improve the locality of reference | optimization | ✓ | ✓ | ✓ | |||||
| PWR042 | Consider loop interchange by promoting the scalar reduction variable to an array | optimization | ✓ | ✓ | ✓ | |||||
| PWR043 | Consider loop interchange by replacing the scalar reduction value | optimization | ✓ | ✓ | ✓ | |||||
| PWR044 | Avoid unnecessary floating-point data conversions involving constants | optimization | ✓ | ✓ | ||||||
| PWR045 | Replace division with a multiplication with a reciprocal | optimization | ✓ | ✓ | ||||||
| PWR046 | Replace two divisions with a division and a multiplication | optimization | ✓ | ✓ | ✓ | |||||
| PWR048 | Replace multiplication/addition combo with an explicit call to fused multiply-add | optimization | ✓ | ✓ | ||||||
| PWR049 | Move iterator-dependent condition outside of the loop | optimization | ✓ | ✓ | ✓ | |||||
| PWR050 | Consider applying multithreading parallelism to forall loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR051 | Consider applying multithreading parallelism to scalar reduction loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR052 | Consider applying multithreading parallelism to sparse reduction loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR053 | Consider applying vectorization to forall loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR054 | Consider applying vectorization to scalar reduction loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR055 | Consider applying offloading parallelism to forall loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR056 | Consider applying offloading parallelism to scalar reduction loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR057 | Consider applying offloading parallelism to sparse reduction loop | optimization | ✓ | ✓ | ✓ | ✓1 | ||||
| PWR060 | Consider loop fission to separate gather memory access pattern | optimization | ✓ | ✓ | ✓ | |||||
| PWR062 | Consider loop interchange by removing accumulation on array value | optimization | ✓ | ✓ | ✓ | |||||
| PWR063 | Avoid using legacy Fortran constructs | correctness, modernization, security | CWE-477, CWE-1075, CWE-1119 | 6.27, 6.28, 6.31, 6.54, 6.58 | ✓ | |||||
| PWR068 | Encapsulate procedures within modules to avoid the risks of calling implicit interfaces | correctness, modernization, security | CWE-628 | 6.8, 6.9, 6.10, 6.11, 6.32, 6.34, 6.53 | DCL07-C, DCL31-C, EXP37-C | ✓ | ||||
| PWR069 | Use the keyword only to explicitly state what to import from a module | correctness, modernization, security | 6.21 | DCL23-C | ✓ | ✓1 | ||||
| PWR070 | Declare array dummy arguments as assumed-shape arrays | correctness, modernization, security, optimization | CWE-130 | 6.8, 6.9, 6.10 | API02-C | ✓ | ||||
| PWR071 | Prefer real(kind=kind_value) for declaring consistent floating types | modernization, portability, security | CWE-1102, CWE-1339 | 6.2, 6.4, 6.6 | FLP00-C | ✓ | ||||
| PWR072 | Explicitly declare the 'save' attribute or split the variable initialization to prevent unintended behavior | correctness, security | CWE-665 | 6.54 | ✓ | ✓1 | ||||
| PWR073 | Transform common block into a module for better data encapsulation | correctness, modernization, security | CWE-1083, CWE-1108 | 6.37, 6.53 | DCL19-C | ✓ | ||||
| PWR075 | Avoid using compiler-specific Fortran extensions | modernization, portability, security | CWE-474, CWE-1103 | 6.57 | MSC23-C | ✓ | ||||
| PWR079 | Avoid undefined behavior due to uninitialized variables | correctness, portability, security | CWE-758, CWE-908, CWE-909 | 6.13, 6.22, 6.56 | EXP33-C, EXP34-C, MSC15-C | EXP53-CPP | ✓ | ✓ | ✓ | |
| PWR080 | Conditionally initialized variables can lead to undefined behavior | correctness, portability, security | CWE-758, CWE-908, CWE-909 | 6.13, 6.22, 6.56 | EXP33-C, EXP34-C, MSC15-C | EXP53-CPP | ✓ | ✓ | ✓ | |
| PWR081 | Uninitialized output arguments can lead to undefined behavior | correctness, portability, security | CWE-758, CWE-908, CWE-909 | 6.13, 6.22, 6.56 | EXP33-C, EXP34-C, MSC15-C | ✓ | ||||
| PWR083 | Match the types of dummy and actual arguments in procedure calls | correctness, security | CWE-628 | 6.11, 6.32, 6.53 | EXP37-C | ✓ | ||||
| PWD002 | Unprotected multithreading reduction operation | correctness, security | CWE-366, CWE-820 | 6.61 | CON07-C, CON43-C | ✓ | ✓ | ✓ | ||
| PWD003 | Missing array range in data copy to the GPU | correctness, security | CWE-131, CWE-758 | 6.56 | MSC15-C | ✓ | ✓ | ✓ | ||
| PWD004 | Out-of-memory-bounds array access | correctness, security | CWE-125, CWE-787 | 6.8, 6.9, 6.10 | ARR30-C | ✓ | ✓ | ✓ | ||
| PWD005 | Array range copied to or from the GPU does not cover the used range | correctness, security | CWE-125, CWE-131, CWE-787 | 6.8, 6.9, 6.10 | ARR30-C | ✓ | ✓ | ✓ | ||
| PWD006 | Missing deep copy of non-contiguous data to the GPU | correctness, security | CWE-125, CWE-758, CWE-787, CWE-908 | 6.56 | ARR30-C, EXP33-C, MSC15-C | ✓ | ✓ | ✓ | ||
| PWD007 | Unprotected multithreading recurrence | correctness, security | CWE-366, CWE-820 | 6.61 | CON43-C | ✓ | ✓ | ✓ | ||
| PWD008 | Unprotected multithreading recurrence due to out-of-dimension-bounds array access | correctness, security | CWE-125, CWE-366, CWE-787, CWE-820 | 6.8, 6.9, 6.10, 6.56, 6.61 | ARR30-C, CON43-C, MSC15-C | ✓ | ✓ | ✓ | ||
| PWD009 | Incorrect privatization in parallel region | correctness, security | CWE-821 | ✓ | ✓ | ✓ | ||||
| PWD010 | Incorrect sharing in parallel region | correctness, security | CWE-366, CWE-821 | 6.61 | CON43-C | ✓ | ✓ | ✓ | ||
| PWD011 | Missing OpenMP lastprivate clause | correctness, security | CWE-821 | ✓ | ✓ | ✓ | ||||
| RMK010 | Strided memory accesses in the loop body may prevent vectorization | optimization | ✓ | ✓ | ✓ | |||||
| RMK012 | Conditional execution in the loop body may prevent vectorization | optimization | ✓ | ✓ | ✓ | |||||
| RMK013 | Low trip count unknown at compile time may prevent vectorization of the loop | optimization | ✓ | ✓ | ✓ | |||||
| RMK014 | Unpredictable memory accesses in the loop body may prevent vectorization | optimization | ✓ | ✓ | ✓ | |||||
| RMK015 | Tune compiler optimization flags to increase the speed of the code | optimization | ✓ | ✓ | ✓ | |||||
| RMK016 | Tune compiler optimization flags to avoid potential changes in floating point precision | correctness, security | CWE-189 | FLP01-C | ✓ | ✓ | ✓ |
CWE, ISO/IEC 24772-8, SEI CERT C, and SEI CERT C++: Map checks in the Open Catalog to major security standards to clarify their relevance to software security.
AutoFix: Denotes tools that support automatic correction of the corresponding check. Readers are encouraged to report additional tools with autofix capabilities for these checks. The tools are tagged in the table as detailed in the footnotes.
Contributing
We welcome and encourage contributions to the Open Catalog! Here's how you can get involved:
-
Join the discussion:
Got ideas, questions, or suggestions? Head over to our GitHub Discussions. It's the perfect place for open-ended conversations and brainstorming!
-
Report issues:
Found inaccuracies, unclear explanations, or other problems? Please open an Issue. Detailed reports help us quickly improve the quality of the project!
-
Submit pull requests:
Interested in solving any issues? Feel free to fork the repository, make your changes, and submit a Pull Request. We'd love to see your contributions!