Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Tags

Impact

Clean code attribute

"abort", "exit", "getenv" and "system" from <stdlib.h> should not be used
Bug
"atof", "atoi" and "atol" from <stdlib.h> should not be used
Bug
"<signal.h>" should not be used
Bug
Dynamic heap memory allocation should not be used
Bug
Lines starting with "#" should contain valid preprocessing directives
Bug
Macros used in preprocessor directives should be defined before use
Bug
Function-like macros should not be invoked without all of their arguments
Bug
"#include" directives should be followed by either <filename> or "filename" sequences
Bug
Non-standard characters should not occur in header file names in "#include" directives
Bug
The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
Function exit paths should have appropriate return values
Bug
The number of arguments passed to a function should match the number of parameters
Bug
Evaluation of the operand to the sizeof operator shall not contain side effects
Bug
Non-empty statements should change control flow or have at least one side-effect
Bug
Unary minus should not be applied to an unsigned expression
Bug
Bitwise operators should not be applied to signed operands
Bug
Boolean operations should not have numeric operands, and vice versa
Bug
Objects with integer type should not be converted to objects with pointer type
Bug
Pointer conversions should be restricted to a safe subset
Bug
Function pointers should not be converted to any other type
Bug
Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type
Bug
Variables should be initialized before use
Bug
String literals with different prefixes should not be concatenated
Bug
Only escape sequences defined in the ISO C standard should be used
Bug
Macro arguments should not contain preprocessing directives
Bug
Variables should not be accessed outside of their scope
Bug
"volatile" should not be used to qualify objects for which the meaning is not defined
Bug
Relational and subtraction operators should not be used with pointers to different arrays
Bug
Arguments evaluation order should not be relied on
Bug
"#pragma pack" should be used correctly
Bug
Enums should be consistent with the bit fields they initialize
Bug
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked
Bug
User-defined types should not be passed as variadic arguments
Bug
Functions with "noreturn" attribute should not return
Bug
"memcmp" should only be called with pointers to trivially copyable types with no padding
Bug
Array values should not be replaced unconditionally
Bug
Integral operations should not overflow
Bug
"case" ranges should not be empty
Bug
All branches in a conditional structure should not have exactly the same implementation
Bug
Parameter values should be appropriate
Bug
Declaration specifiers should not be redundant
Bug
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
Freed memory should not be used
Bug
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Zero should not be a possible denominator
Bug
"sizeof" should not be called on pointers
Bug
Unary prefix operators should not be repeated
Bug
Non-existent operators like "=+" should not be used
Bug
Values of different "enum" types should not be compared
Bug
The "sizeof" and "alignof" operator should not be used with operands of a "void" type
Bug
"nonnull" parameters and return values of "returns_nonnull" functions should not be null
Bug
Conditionally executed code should be reachable
Bug
The "<stdlib.h>" functions "bsearch" and "qsort" should not be used
Bug
Line-splicing should not be used in "//" comments
Bug
Printf-style format strings should not lead to unexpected behavior at runtime
Bug
Null pointers should not be dereferenced
Bug
Single-bit named bit fields should not be of a signed type
Bug
"for" loop counters should not have essentially floating type
Bug
Recursion should not be infinite
Bug
Values should not be uselessly incremented
Bug
Resources should be closed
Bug
Line continuation characters '\' should not be followed by trailing whitespace
Bug
"sizeof(sizeof(...))" should not be used
Bug
Related "if/else if" statements should not have the same condition
Bug
Pointers should not be cast to integral types
Bug
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Loops with at most one iteration should be refactored
Bug
Variables should not be self-assigned
Bug
Floating point numbers should not be tested for equality
Bug
Function parameters' initial values should not be ignored
Bug

"abort", "exit", "getenv" and "system" from <stdlib.h> should not be used

consistency - conventional

reliability

Bug

cert
misra-c++2008
misra-c2004
misra-c2012

Why is this an issue?

More Info

<stdlib.h>'s abort, exit, getenv, and system have implementation-defined behaviors, and should therefore be avoided.

Noncompliant code example

#include <stdlib.h>

void f( ) {
  exit(0); // Noncompliant
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted