Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Filtered: 104 rules found

misra-c++2023

Impact

Clean code attribute

A function call shall not violate the function's preconditions
Bug
Floating-point arithmetic should be used appropriately
Bug
The "goto" statement should not be used
Code Smell
An "integer-literal" of type "long long" shall not use a single "L" or "l" in any suffix
Code Smell
The literal value zero shall be the only value assigned to "errno"
Code Smell
There shall be no occurrence of "undefined" or "critical unspecified behaviour"
Bug
User-defined identifiers shall have an appropriate form
Code Smell
"Global variables" shall not be used
Code Smell
The "volatile" qualifier shall be used appropriately
Bug
The built-in unary "+" operator should not be used
Code Smell
"Integral promotion" and the "usual arithmetic conversions" shall not change the signedness or the "type category" of an operand
Code Smell
The operands of "bitwise operators" and "shift operators" shall be appropriate
Bug
The argument to a "mixed-use macro parameter" shall not be subject to further expansion
Code Smell
An "object pointer type" shall not be cast to an integral type other than "std::uintptr_t" or "std::intptr_t"
Code Smell
The library function "system" from "<cstdlib>" shall not be used
Vulnerability
The pointers returned by the C++ Standard Library functions "localeconv", "getenv", "setlocale" or "strerror" must only be used as if they have pointer to const-qualified type
Bug
Functions with "limited visibility" should be "used" at least once
Code Smell
Reads and writes on the same file stream shall be separated by a positioning operation
Bug
Line-splicing shall not be used in "//" comments
Bug
All variables should be initialized
Code Smell
Octal escape sequences, hexadecimal escape sequences and universal character names shall be terminated
Code Smell
Dynamic memory shall be managed automatically
Code Smell
Local variables shall not have static storage duration
Code Smell
The facilities provided by the standard "header file" "<csignal>" shall not be used
Code Smell
"Dynamic memory" should not be used
Code Smell
The macro "offsetof" shall not be used
Code Smell
The pointer returned by the C++ Standard Library functions "asctime", "ctime", "gmtime", "localtime", "localeconv", "getenv", "setlocale" or "strerror" must not be used following a subsequent call to the same function
Bug
The standard "header file" "<csetjmp>" shall not be used
Code Smell
The "#pragma" directive and the "_Pragma" operator should not be used
Code Smell
The "#" and "##" preprocessor operators should not be used
Code Smell
A macro parameter immediately following a "#" operator shall not be immediately followed by a "##" operator
Code Smell
The "#include" directive shall be followed by either a "<filename>" or ""filename"" sequence
Bug
The "'" or """ or "\" characters and the "/*" or "//" character sequences shall not occur in a "header file" name
Bug
Precautions shall be taken in order to prevent the contents of a "header file" being included more than once
Code Smell
All "#else", "#elif" and "#endif" preprocessor directives shall reside in the same file as the "#if", "#ifdef" or "#ifndef" directive to which they are related
Code Smell
The "defined" preprocessor operator shall be used appropriately
Bug
Program-terminating functions should not be used
Code Smell
A named bit-field with "signed integer type" shall not have a length of one bit
Bug
A bit-field shall have an appropriate type
Code Smell
Bit-fields should not be declared
Code Smell
Within an enumerator list, the value of an implicitly-specified "enumeration constant" shall be unique
Code Smell
The value of an object must not be read before it has been set
Bug
A conversion from function type to pointer-to-function type shall only occur in appropriate contexts
Code Smell
A function with non-"void" return type shall return a value on all paths
Bug
The parameters in all "declarations" or overrides of a function shall either be unnamed or have identical names
Code Smell
The features of "<cstdarg>" shall not be used
Code Smell
A "declaration" should not declare more than one variable or member variable
Code Smell
Functions shall not call themselves, either directly or indirectly
Code Smell
An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime
Code Smell
A function must not return a reference or a pointer to a local variable with automatic storage duration
Bug
The "asm" declaration shall not be used
Code Smell
The target type of a pointer or "lvalue" reference parameter should be const-qualified appropriately
Code Smell
The "goto" statement shall jump to a label declared later in the function body
Code Smell
A "goto" statement shall reference a label in a surrounding block
Code Smell
The structure of a "switch" statement shall be appropriate
Code Smell
All "if ... else if" constructs shall be terminated with an "else" statement
Code Smell
The body of an "iteration-statement" or a "selection-statement" shall be a "compound-statement"
Code Smell
The result of an assignment operator should not be "used"
Code Smell
An unsigned arithmetic operation with constant operands should not wrap
Bug
The comma operator should not be used
Code Smell
The right-hand operand of a logical "&&" or "||" operator should not contain "persistent side effects"
Bug
The built-in unary "-" operator should not be applied to an expression of unsigned type
Bug
A cast should not convert a pointer type to an integral type
Code Smell
An object with integral, enumerated, or pointer to "void" type shall not be cast to a pointer type
Code Smell
Casts shall not be performed between a pointer to function and any other type
Bug
A cast shall not remove any "const" or "volatile" qualification from the type accessed via a pointer or by reference
Code Smell
The "declaration" of an object should contain no more than two levels of pointer indirection
Code Smell
The built-in relational operators ">", ">=", "<" and "<=" shall not be applied to objects of pointer type, except where they point to elements of the same array
Bug
Subtraction between pointers shall only be applied to pointers that address elements of the same array
Bug
Pointer arithmetic shall not form an invalid pointer
Bug
Parentheses should be used to make the meaning of an expression appropriately explicit
Code Smell
Operations on a memory location shall be sequenced appropriately
Bug
The names of the "standard signed integer types" and "standard unsigned integer types" should not be used
Code Smell
The same type aliases shall be used in all "declarations" of the same "entity"
Code Smell
A function or object with external linkage should be "introduced" in a "header file"
Code Smell
The source code used to implement an "entity" shall appear only once
Bug
The "one-definition rule" shall not be violated
Bug
All "declarations" of a variable or function shall have the same type
Bug
Block scope "declarations" shall not be "visually ambiguous"
Code Smell
A "header file" shall not contain definitions of functions or objects that are non-inline and have external linkage
Code Smell
A line whose first token is "#" shall be a valid preprocessing directive
Bug
All identifiers used in the controlling expression of "#if" or "#elif" preprocessing directives shall be defined prior to evaluation
Bug
Parentheses shall be used to ensure macro arguments are expanded appropriately
Code Smell
Tokens that look like a preprocessing directive shall not occur within a macro argument
Bug
Function-like macros shall not be defined
Code Smell
"#undef" should only be used for macros defined previously in the same file
Code Smell
"#include" directives should only be preceded by preprocessor directives or comments
Code Smell
String literals with different encoding prefixes shall not be concatenated
Bug
The lowercase form of "L" shall not be used as the first character in a literal suffix
Code Smell
Unsigned "integer literals" shall be appropriately suffixed
Code Smell
Octal constants shall not be used
Code Smell
Within character literals and non raw-string literals, "\" shall only be used to form a defined escape sequence or universal character name
Bug
A variable declared in an "inner scope" shall not hide a variable declared in an "outer scope"
Code Smell
Sections of code should not be "commented out"
Code Smell
The character sequence "/*" shall not be used within a C-style comment
Code Smell
"Trigraph-like sequences" should not be used
Code Smell
An object or subobject must not be copied to an overlapping object
Bug
A named function parameter shall be "used" at least once
Code Smell
The value returned by a function shall be "used"
Code Smell
A value should not be "unnecessarily written" to a local object
Code Smell
Types with "limited visibility" should be "used" at least once
Code Smell
Variables with "limited visibility" should be "used" at least once
Code Smell
Controlling expressions should not be invariant
Bug
A function shall not contain "unreachable" statements
Bug

"Integral promotion" and the "usual arithmetic conversions" shall not change the signedness or the "type category" of an operand

intentionality - logical

maintainability

Code Smell

pitfall
misra-c++2023
misra-required

Why is this an issue?

More Info

This rule is part of MISRA C++:2023.

Usage of this content is governed by Sonar’s terms and conditions. Redistribution is prohibited.

Rule 7.0.5 - Integral promotion and the usual arithmetic conversions shall not change the signedness or the type category of an operand

[conv.prom]
[conv.fpprom]
[conv.integral]
[conv.double]
[conv.fpint]
[conv.rank]
[expr]

Category: Required

Analysis: Decidable,Single Translation Unit

Amplification

This rule applies to all expressions (including sub-expressions) of numeric type. It also applies within preprocessing directives, with the provision that expressions used in #if and #elif preprocessor directives always have the type intmax_t or uintmax_t.

For the usual arithmetic conversions, only the final type of an operand is considered. For example, in the expression u32 + u8, u8 is first converted to signed int through integral promotion before being converted to uint32_t; it is the final type of uint32_t that is considered by this rule.

This rule does not apply to the integral promotion of the operand to the increment or decrement operators.

Rationale

Integral promotion and the usual arithmetic conversions are usually value-preserving conversions, and it may therefore appear that they are always safe. However, the signedness of the converted type may, possibly surprisingly, not be the same as the signedness of the operand. For example, when an unsigned type is converted to a signed type, an operation may overflow and trigger undefined behaviour instead of wrapping.

The increment and decrement operators convert their results to the type of their operand. This may be a lossy, narrowing conversion, but the usefulness of these operators outweighs this risk.

Exception

A compile-time constant with signed integral type that has a non-negative value may be converted to an unsigned type through the usual arithmetic conversions.
A compile-time constant with integral type may be converted to a floating type.

Example

The following non-compliant examples do not directly pose a problem. However, using their results could lead to surprising or undefined behaviour.

u8a + u8b                             // Non-compliant - u8a and u8b -> signed int
u8a += u8b                            // Non-compliant - same as u8a + u8b
static_cast< uint32_t >( u8a ) + u8b  // Compliant - u8b -> unsigned int
u8a += static_cast< uint32_t >( u8b ) // Compliant - u8a -> unsigned int

s32 * s8                              // Compliant - s8 -> signed int
u32 / u8                              // Compliant - u8 -> unsigned int
s32 > u32                             // Non-compliant - s32 -> unsigned int
u32a - 1                              // Compliant by exception #1

b ? u8a : u8b                         // Compliant - no conversion
b ? u8a : u16a                        // Non-compliant - u8a -> signed int and
                                      //                 u16a -> signed int

array[ u8 ]                           // Rule does not apply - no conversion of u8
u8++                                  // Rule does not apply

f32 += u32                            // Non-compliant - u32 -> floating
f32 += 1                              // Compliant by exception #2
f32 += 0x100'0001                     // Compliant by exception #2 - precision lost

~u8                                   // Non-compliant - u8 -> signed int
~u32                                  // Compliant
-u8                                   // Non-compliant - u8 -> signed int
u8 << 2                               // Non-compliant - u8 -> signed int

constexpr int32_t fn( int32_t i )
{
  return i * i;
}

u8  + fn( 10 )                        // Compliant by exception #1
f32 + fn( 10 )                        // Compliant by exception #2

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted