SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

  • All rules 315
  • Vulnerability13
  • Bug76
  • Security Hotspot19
  • Code Smell207

  • Quick Fix 19
 
Tags
    Impact
      Clean code attribute
        1. "goto" should jump to labels declared later in the same function

           Code Smell
        2. Pointer and reference parameters should be "const" if the corresponding object is not modified

           Code Smell
        3. "<time.h>" should not be used

           Code Smell
        4. "<stdio.h>" should not be used in production code

           Code Smell
        5. "offsetof" macro should not be used

           Code Smell
        6. "errno" should not be used

           Code Smell
        7. "setjmp" and "longjmp" should not be used

           Code Smell
        8. Reserved identifiers should not be defined or declared

           Code Smell
        9. Only standard forms of the "defined" directive should be used

           Code Smell
        10. Preprocessor operators "#" and "##" should not be used

           Code Smell
        11. There shall be at most one occurrence of the # or ## operators in a single macro definition

           Code Smell
        12. In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##

           Code Smell
        13. Function-like macros should not be used

           Code Smell
        14. "#undef" should be used with caution

           Code Smell
        15. Macros should not be #define'd or #undef'd within a block

           Code Smell
        16. #include directives in a file should only be preceded by other preprocessor directives or comments

           Code Smell
        17. Unions should not be used

           Code Smell
        18. Structure and union types should be complete at the end of a translation unit

           Code Smell
        19. Object declarations should contain no more than 2 levels of pointer indirection

           Code Smell
        20. Function names should be used either as a call with a parameter list or with the "&" operator

           Code Smell
        21. Functions without parameters should be declared with parameter type "void"

           Code Smell
        22. Parameters in a function prototype should be named

           Code Smell
        23. Recursion should not be used

           Code Smell
        24. Loops should not have more than one "break" or "goto" statement

           Code Smell
        25. Functions should not be defined with a variable number of arguments

           Code Smell
        26. Switch statement conditions should not have essentially boolean type

           Code Smell
        27. Switch labels should not be nested inside non-switch blocks

           Code Smell
        28. The right-hand operands of && and || should not contain side effects

           Code Smell
        29. "continue" should not be used

           Code Smell
        30. "goto" statement should not be used

           Code Smell
        31. Unused type declarations should be removed

           Code Smell
        32. The three expressions of a "for" statement should only be concerned with loop control

           Code Smell
        33. Tests of non-Boolean values against zero should be explicit

           Code Smell
        34. Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression

           Code Smell
        35. Comma operator should not be used

           Code Smell
        36. "enum" values should not be used as operands to built-in operators other than [ ], =, ==, !=, unary &, and the relational operators <, <=, >, >=

           Code Smell
        37. "bool" expressions should not be used as operands to built-in operators other than =, &&, ||, !, ==, !=, unary &, and the conditional operator

           Code Smell
        38. Operands of "&&" and "||" should be primary (C) or postfix (C++) expressions

           Code Smell
        39. Limited dependence should be placed on operator precedence

           Code Smell
        40. A cast shall not remove any const or volatile qualification from the type of a pointer or reference

           Code Smell
        41. Constants of unsigned type should have a "U" suffix

           Code Smell
        42. The value of a complex expression should only be cast to a type that is narrower and of the same signedness as the underlying type of the expression

           Code Smell
        43. Signed and unsigned types should not be mixed in expressions

           Code Smell
        44. "enum" members with implicit values should not collide with other enumerators

           Code Smell
        45. Braces should be used to indicate and match the structure in the non-zero initialization of arrays and structures

           Code Smell
        46. Array declarations should include an explicit size specification

           Code Smell
        47. If a function has internal linkage then all re-declarations shall include the static storage class specifer

           Code Smell
        48. Functions should not be declared at block scope

           Code Smell
        49. Object and function types should be explicitly stated in their declarations and definitions

           Code Smell
        50. Functions should be declared explicitly

           Code Smell
        51. Literal suffix "L" for long integers shall be upper case

           Code Smell
        52. Bit fields should be declared with appropriate types

           Code Smell
        53. typedefs that indicate size and signedness should be used in place of the basic types

           Code Smell
        54. Appropriate char types should be used for character and integer values

           Code Smell
        55. Identifiers should not be longer than 31 characters

           Code Smell
        56. Digraphs should not be used

           Code Smell
        57. Trigraphs should not be used

           Code Smell
        58. All uses of the #pragma directive should be documented

           Code Smell
        59. Source code should only use /* ... */ style comments

           Code Smell
        60. Assembly language should be encapsulated and isolated

           Code Smell
        61. The first element of an array should not be accessed implicitly

           Code Smell
        62. A single L in a literal suffix should only be used for long values

           Code Smell
        63. Names of well-known C standard library macros and functions should not be used as identifiers

           Code Smell
        64. All the elements of an aggregate should be provided with an initial value

           Code Smell
        65. Multicharacter literals should not be used

           Code Smell
        66. Loop variables should be declared in the minimal possible scope

           Code Smell
        67. Macros should not be used as replacements for "typedef" and "using"

           Code Smell
        68. Track comments matching a regular expression

           Code Smell
        69. Functions that are not used in a project should be removed

           Code Smell
        70. Size of bit fields should not exceed the size of their types

           Code Smell
        71. Only valid arguments should be passed to UNIX/POSIX functions

           Code Smell
        72. Only valid arguments should be passed to stream functions

           Code Smell
        73. "^" should not be confused with exponentiation

           Code Smell
        74. Pointer and reference local variables should be "const" if the corresponding object is not modified

           Code Smell
        75. Blocking functions should not be called inside critical sections

           Code Smell
        76. Return value of "setuid" family of functions should always be checked

           Code Smell
        77. GNU attributes should be used correctly

           Code Smell
        78. Format strings should comply with ISO standards

           Code Smell
        79. Size of variable length arrays should be greater than zero

           Code Smell
        80. Argument of "printf" should be a format string

           Code Smell
        81. "mktemp" family of functions templates should have at least six trailing "X"s

           Code Smell
        82. Unevaluated operands should not have side effects

           Code Smell
        83. Size argument of memory functions should be consistent

           Code Smell
        84. Return value of "nodiscard" functions should not be ignored

           Code Smell
        85. Implicit casts should not lower precision

           Code Smell
        86. Appropriate size arguments should be passed to "strncat" and "strlcpy"

           Code Smell
        87. Functions which do not return should be declared as "noreturn"

           Code Smell
        88. Keywords shall not be used as macros identifiers

           Code Smell
        89. Logical operators should not be confused with bitwise operators

           Code Smell
        90. Dereferenced null pointers should not be bound to references

           Code Smell
        91. "else" statements should be clearly matched with an "if"

           Code Smell
        92. Header guards should be followed by a matching "#define" macro

           Code Smell
        93. "default" clauses should be first or last

           Code Smell
        94. Include directives should not rely on non-portable search strategy

           Code Smell
        95. A conditionally executed single line should be denoted by indentation

           Code Smell
        96. Conditionals should start on new lines

           Code Smell
        97. "case" ranges should cover multiple values

           Code Smell
        98. "#include" paths should be portable

           Code Smell
        99. "#import" should not be used

           Code Smell
        100. Cognitive Complexity of functions should not be too high

           Code Smell
        101. Macros should not be redefined

           Code Smell
        102. "#include_next" should not be used

           Code Smell
        103. Array indices should be placed between brackets

           Code Smell
        104. String literals should not be concatenated implicitly

           Code Smell
        105. GNU extensions should not be used

           Code Smell
        106. Local variables and member data should not be volatile

           Code Smell
        107. Types and variables should be declared in separate statements

           Code Smell
        108. "switch" statements should cover all cases

           Code Smell
        109. Redundant pointer operator sequences should be removed

           Code Smell
        110. Empty "case" clauses that fall through to the "default" should be omitted

           Code Smell
        111. Format strings should be used correctly

           Code Smell
        112. Conditional operators should not be nested

           Code Smell
        113. Forward declarations should not be redundant

           Code Smell
        114. Label names should comply with a naming convention

           Code Smell
        115. Bit fields should not be used

           Code Smell
        116. Declarations should not be empty

           Code Smell
        117. Multiline blocks should be enclosed in curly braces

           Code Smell
        118. Increment should not be used to set boolean variables to 'true'

           Code Smell
        119. Control characters should not be used in literals

           Code Smell
        120. Enumeration values should comply with a naming convention

           Code Smell
        121. Enumeration names should comply with a naming convention

           Code Smell
        122. Octal and hexadecimal escape sequences should be terminated

           Code Smell
        123. Flexible array members should not be declared

           Code Smell
        124. Track parsing failures

           Code Smell
        125. User-specified functions should not be called

           Code Smell
        126. Parameters should be passed in the correct order

           Code Smell
        127. Comment styles "//" and "/* ... */" should not be mixed within a file

           Code Smell
        128. Preprocessor directives should not be indented

           Code Smell
        129. Track instances of the "#error" preprocessor directive being reached

           Code Smell
        130. Non-reentrant POSIX functions should be replaced with their reentrant versions

           Code Smell
        131. Obsolete POSIX functions should not be used

           Code Smell
        132. "goto" statements should not be used to jump into blocks

           Code Smell
        133. Redundant casts should not be used

           Code Smell
        134. "union" names should comply with a naming convention

           Code Smell
        135. Code annotated as deprecated should not be used

           Code Smell
        136. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        137. Unused assignments should be removed

           Code Smell
        138. "restrict" should not be used

           Code Smell
        139. "static" should not be used for the size of an array parameter

           Code Smell
        140. "switch" statements should not be nested

           Code Smell
        141. Structures should not have too many fields

           Code Smell
        142. The ternary operator should not be used

           Code Smell
        143. Constants should come first in equality tests

           Code Smell
        144. The sign of an unsigned variable should not be tested

           Code Smell
        145. "#pragma warning (default: ...)" should not be used

           Code Smell
        146. Pre-defined macros should not be defined, redefined or undefined

           Code Smell
        147. Keywords introduced in later specifications should not be used as identifiers

           Code Smell
        148. Type specifiers should be listed in a standard order

           Code Smell
        149. Track "TODO" and "FIXME" comments that do not contain a reference to a person

           Code Smell
        150. The prefix increment/decrement form should be used

           Code Smell
        151. Multiple variables should not be declared on the same line

           Code Smell
        152. "struct" names should comply with a naming convention

           Code Smell
        153. File names should comply with a naming convention

           Code Smell
        154. Macro names should comply with a naming convention

           Code Smell
        155. Cyclomatic Complexity of functions should not be too high

           Code Smell
        156. Unused local variables should be removed

           Code Smell
        157. "switch" statements should not have too many "case" clauses

           Code Smell
        158. Track lack of copyright and license headers

           Code Smell
        159. Comments should not be located at the end of lines of code

           Code Smell
        160. Functions/methods should not have too many lines

           Code Smell
        161. Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply

           Code Smell
        162. Octal values should not be used

           Code Smell
        163. "switch" statements should have "default" clauses

           Code Smell
        164. "if" statements should be preferred over "switch" when simpler

           Code Smell
        165. Track uses of "NOSONAR" comments

           Code Smell
        166. Switch cases should end with an unconditional "break" statement

           Code Smell
        167. "for" loop stop conditions should be invariant

           Code Smell
        168. A "while" loop should be used instead of a "for" loop

           Code Smell
        169. "if ... else if" constructs should end with "else" clauses

           Code Smell
        170. "typedef" should be used for function pointers

           Code Smell
        171. Sections of code should not be commented out

           Code Smell
        172. break statements should not be used except for switch cases

           Code Smell
        173. Statements should be on separate lines

           Code Smell
        174. "switch" statements should not contain non-case labels

           Code Smell
        175. Control structures should use curly braces

           Code Smell
        176. Nested code blocks should not be used

           Code Smell
        177. Deprecated K&R syntax should not be used for function definition

           Code Smell
        178. Methods should not be empty

           Code Smell
        179. Unused function parameters should be removed

           Code Smell
        180. Local variable and function parameter names should comply with a naming convention

           Code Smell
        181. Field names should comply with a naming convention

           Code Smell
        182. "switch case" clauses should not have too many lines of code

           Code Smell
        183. Unused functions and methods should be removed

           Code Smell
        184. Functions should not contain too many return statements

           Code Smell
        185. Track uses of "TODO" tags

           Code Smell
        186. Track uses of "FIXME" tags

           Code Smell
        187. Deprecated code should be removed

           Code Smell
        188. Lines should not end with trailing whitespaces

           Code Smell
        189. Files should end with a newline

           Code Smell
        190. Deprecated attributes should include explanations

           Code Smell
        191. Assignments should not be made from within conditions

           Code Smell
        192. Variables should not be shadowed

           Code Smell
        193. Empty statements should be removed

           Code Smell
        194. Redundant pairs of parentheses should be removed

           Code Smell
        195. "/*" and "//" should not be used within comments

           Code Smell
        196. Magic numbers should not be used

           Code Smell
        197. Nested blocks of code should not be left empty

           Code Smell
        198. Functions should not have too many parameters

           Code Smell
        199. Expressions should not be too complex

           Code Smell
        200. Mergeable "if" statements should be combined

           Code Smell
        201. Unused labels should be removed

           Code Smell
        202. Tabulation characters should not be used

           Code Smell
        203. Files should not have too many lines of code

           Code Smell
        204. Control should not be transferred into a complex logic block using a "goto" or a "switch" statement

           Code Smell
        205. Lines should not be too long

           Code Smell
        206. A function should have a single point of exit at the end of the function

           Code Smell
        207. Function names should comply with a naming convention

           Code Smell

        Array declarations should include an explicit size specification

        intentionality - clear
        maintainability
        Code Smell
        • based-on-misra
        • cert

        Why is this an issue?

        More Info

        It is possible to declare an array without explicitly specifying its size, but using an explicit size declaration is clearer, and is therefore preferred.

        Noncompliant code example

        int arr1 [ ];  // Noncompliant; nothing specified
        int arr2 [ ] = { [0] = 1, [12] = 36, [4] = 93 }; // Noncompliant; highest index determines size. May be difficult to spot
        int pirate [ ] = { 2, 4, 8, 42, 501, 90210, 7, 1776 }; // Noncompliant; size is implicit, not explicit
        

        Compliant solution

        int arr1 [10];
        int arr2 [13] = { [0] = 1, [12] = 36, [4] = 93 };
        int pirate [10] = { 2, 4, 8, 42, 501, 90210, 7, 1776 }; // Implicitly-assigned size was 8. Desired size was 10.
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use