SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

  • All rules 315
  • Vulnerability13
  • Bug76
  • Security Hotspot19
  • Code Smell207

  • Quick Fix 19
Filtered: 6 rules found
multi-threading
    Impact
      Clean code attribute
        1. "pthread_mutex_t" should be unlocked in the reverse order they were locked

           Bug
        2. "pthread_mutex_t" should be properly initialized and destroyed

           Bug
        3. "pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked

           Bug
        4. Blocking functions should not be called inside critical sections

           Code Smell
        5. Local variables and member data should not be volatile

           Code Smell
        6. Non-reentrant POSIX functions should be replaced with their reentrant versions

           Code Smell

        "pthread_mutex_t" should be properly initialized and destroyed

        intentionality - logical
        reliability
        Bug
        • symbolic-execution
        • multi-threading

        Failing to properly initialize or destroy a pthread mutex can lead to undefined behavior.

        Why is this an issue?

        How can I fix it?

        More Info

        Mutexes are synchronization primitives that allow managing concurrency.

        Their use requires following a well-defined life cycle:

        • Mutexes need to be initialized (using pthread_mutex_init) before being used. Once it is initialized, a mutex is in an unlocked state.
        • Mutexes need to be destroyed (using pthread_mutex_destroy) to free the associated internal resources. Only unlocked mutexes can be safely destroyed.

        Before initialization and after destruction, a mutex is in an uninitialized state.

        During a mutex' life cycle, the following patterns should be avoided as they result in undefined behavior:

        • trying to initialize an already initialized mutex
        • trying to destroy an initialized mutex that is in a locked state
        • trying to destroy an uninitialized mutex
        • trying to lock an uninitialized mutex
        • trying to unlock an uninitialized mutex

        In C++11 and higher, std::mutex is less error-prone and is supported by more platforms.

        In C++03, it is recommended to wrap mutex creation/destruction in an RAII class, as well as mutex lock/unlock. Those RAII classes will perform the right operations, even in the presence of exceptions.

        What is the potential impact?

        Failing to properly initialize or destroy a POSIX Thread Mutex leads to undefined behavior.

        For programs that exercise undefined behavior, the compiler is no longer bound by the language specification. The application may crash or, even worse, the application may appear to execute correctly while losing data or producing incorrect results. In a multi-threaded context, additionally, the application may experience spurious deadlocks or data races.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use