SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
 
Tags
    Impact
      Clean code attribute
        1. Pointer and reference parameters should be "const" if the corresponding object is not modified

           Code Smell
        2. Non-standard characters should not occur in header file names in "#include" directives

           Bug
        3. Objects or functions with external linkage shall be declared in a header file

           Code Smell
        4. Functions should not be declared at block scope

           Code Smell
        5. Literal suffix "L" for long integers shall be upper case

           Code Smell
        6. Digraphs should not be used

           Code Smell
        7. std::string_view::data() should not be passed to API expecting C-style strings

           Code Smell
        8. "std::size" should be used to determine the size of arrays

           Code Smell
        9. Calls to c_str() should not implicitly recreate strings or string_views

           Code Smell
        10. The first element of an array should not be accessed implicitly

           Code Smell
        11. Escape sequences should use the delimited form (\u{}, \o{}, \x{})

           Code Smell
        12. "contains" should be used to test whether a substring is part of a string

           Code Smell
        13. "if consteval" should be used instead of "if (std::is_constant_evaluated())"

           Code Smell
        14. The condition of "assert" should not be trivially true

           Code Smell
        15. A single L in a literal suffix should only be used for long values

           Code Smell
        16. "static_assert" should be preferred to assert when the argument is a compile-time constant

           Code Smell
        17. Aggregates should be initialized with braces in non-generic code

           Code Smell
        18. "constexpr" literal operators should be "consteval".

           Code Smell
        19. Assigning to an optional should directly target the optional

           Bug
        20. Use type-erased "coroutine_handle" when applicable

           Code Smell
        21. "auto" should be used to store a result of functions that conventionally return an iterator or a range

           Code Smell
        22. Comparision operators ("<=>", "==") should be defaulted unless non-default behavior is required

           Code Smell
        23. "starts_with" and "ends_with" should be used for prefix and postfix checks

           Code Smell
        24. "using enum" should be used in scopes with high concentration of "enum" constants

           Code Smell
        25. "contains" should be used to check if a key exists in a container

           Code Smell
        26. Elements in a container should be erased with "std::erase" or "std::erase_if"

           Code Smell
        27. "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"

           Code Smell
        28. Unnecessary expensive copy should be avoided when using auto as a placeholder type

           Code Smell
        29. The right template argument should be specified for std::forward

           Code Smell
        30. "try_emplace" should be used with "std::map" and "std::unordered_map"

           Code Smell
        31. "std::optional" member function "value_or" should be used

           Code Smell
        32. The "_t" and "_v" version of type traits should be used instead of "::type" and "::value"

           Code Smell
        33. "[*this]" should be used to capture the current object by copy

           Code Smell
        34. "static_assert" with no message should be used over "static_assert" with empty or redundant message

           Code Smell
        35. Objects should not be created solely to be passed as arguments to functions that perform delegated object creation

           Code Smell
        36. "as_const" should be used to make a value constant

           Code Smell
        37. "if" and "switch" initializer should be used to reduce scope of variables

           Code Smell
        38. Emplacement should be preferred when insertion creates a temporary with sequence containers

           Code Smell
        39. Values returned from string find-related methods should not be treated as boolean

           Bug
        40. Loop variables should be declared in the minimal possible scope

           Code Smell
        41. "shared_ptr" should not be taken by rvalue reference

           Code Smell
        42. Inheriting constructors should be used

           Code Smell
        43. Return type of functions shouldn't be const qualified value

           Code Smell
        44. "make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"

           Code Smell
        45. "auto" should be used to avoid repetition of types

           Code Smell
        46. Integer literals should not be cast to bool

           Code Smell
        47. Member functions that don't mutate their objects should be declared "const"

           Code Smell
        48. Concise syntax should be used for concatenatable namespaces

           Code Smell
        49. Capture by reference in lambdas used locally

           Code Smell
        50. "using" should be preferred for type aliasing

           Code Smell
        51. "std::move" should only be used where moving can happen

           Code Smell
        52. "constexpr" functions should not be declared "inline"

           Code Smell
        53. Pointer and reference local variables should be "const" if the corresponding object is not modified

           Code Smell
        54. Lambdas that capture "this" should capture everything explicitly

           Code Smell
        55. "nullptr" should be used to denote the null pointer

           Code Smell
        56. String literals should not be immediately followed by macros

           Code Smell
        57. Alternative operators should not be used

           Code Smell
        58. "reinterpret_cast" should not be used

           Code Smell
        59. Raw string literals should be used

           Code Smell
        60. "static" should not be used in unnamed namespaces

           Code Smell
        61. Default capture should not be used

           Code Smell
        62. "final" classes should not have "virtual" functions

           Code Smell
        63. Standard groupings should be used with digit separators

           Code Smell
        64. Digit separators should be used

           Code Smell
        65. Access specifiers should not be redundant

           Code Smell
        66. Special member function should not be defined unless a non standard behavior is required

           Code Smell
        67. "override" or "final" should be used instead of "virtual"

           Code Smell
        68. Members should be initialized in the order they are declared

           Code Smell
        69. "sizeof" should not be called on pointers

           Bug
        70. Control characters should not be used in literals

           Code Smell
        71. Parameters should be passed in the correct order

           Code Smell
        72. "static" members should be accessed statically

           Code Smell
        73. "final" should not be used redundantly

           Code Smell
        74. Redundant casts should not be used

           Code Smell
        75. "explicit" should be used on single-parameter constructors and conversion operators

           Code Smell
        76. Multiple variables should not be declared on the same line

           Code Smell
        77. Unused local variables should be removed

           Code Smell
        78. Octal values should not be used

           Code Smell
        79. Functions without parameters should not use "(void)"

           Code Smell
        80. A "while" loop should be used instead of a "for" loop

           Code Smell
        81. Sections of code should not be commented out

           Code Smell
        82. Pass by reference to const should be used for large input parameters

           Code Smell
        83. Overriding member functions should do more than simply call the same member in the base class

           Code Smell
        84. "empty()" should be used to test for emptiness

           Code Smell
        85. Redundant pairs of parentheses should be removed

           Code Smell
        86. Handlers in a single try-catch or function-try-block for a derived class and some or all of its bases should be ordered most-derived-first

           Bug
        87. Exception classes should be caught by reference

           Bug
        88. Virtual functions should be declared with the "virtual" keyword

           Code Smell
        89. An "integer-literal" of type "long long" shall not use a single "L" or "l" in any suffix

           Code Smell
        90. A "declaration" should not declare more than one variable or member variable

           Code Smell
        91. A virtual base class shall only be cast to a derived class by means of "dynamic_cast"

           Bug

        Members should be initialized in the order they are declared

        intentionality - logical
        maintainability
        Code Smell
        Quick FixIDE quick fixes available with SonarQube for IDE
        • cppcoreguidelines
        • cert
        • suspicious

        Why is this an issue?

        More Info

        Class members are initialized in the order in which they are declared in the class, not the order in which they appear in the class initializer list. To avoid errors caused by order-dependent initialization, the order of members in the initialization list should match the order in which members are declared in a class.

        The initialization order, as described here, is:

        1. If the constructor is for the most-derived class, virtual bases are initialized in the order in which they appear in depth-first left-to-right traversal of the base class declarations (left-to-right refers to the appearance in base-specifier lists)
        2. Then, direct bases are initialized in left-to-right order as they appear in this class’s base-specifier list
        3. Then, non-static data members are initialized in order of declaration in the class definition.

        Noncompliant code example

        #include <iostream>
        
        struct A {
          A(int num) {
            std::cout << "A(num = " << num << ")" << std::endl;
          }
        };
        
        struct B {
          int b;
        };
        
        class C : public A, B {
        public:
          int x;
          int y;
        
          C(int i) : B{i}, A{b}, y(i), x(y + 1) { }  // Noncompliant
        };
        
        int main() {
          C c(1); // Undefined behavior, might print "A(num = 0)"
          std::cout << c.x << " " << c.y << std::endl;  // might print "1 1"
        }
        

        Compliant solution

        #include <iostream>
        
        struct A {
          A(int num) {
            std::cout << "A(num = " << num << ")" << std::endl;
          }
        };
        
        struct B {
          int b;
        };
        
        class C : public A, B {
        public:
          int x;
          int y;
        
          C(int i) : A{i}, B{i}, x(i + 1), y(i) { }
        };
        
        int main() {
          C c(1); // prints "A(num = 1)"
          std::cout << c.x << " " << c.y << std::endl;  // prints "2 1"
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use