Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
Go
HTML
Java
JavaScript
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Tags

Impact

Clean code attribute

"goto" should jump to labels declared later in the same function
Code Smell
The name "main" should not be used for any function other than the global "main" function
Code Smell
The global namespace should only contain "main", namespace declarations, and "extern" C declarations
Code Smell
Pointer and reference parameters should be "const" if the corresponding object is not modified
Code Smell
A variable which is not modified shall be const qualified
Code Smell
"<time.h>" should not be used
Code Smell
"abort", "exit", "getenv" and "system" from <stdlib.h> should not be used
Bug
"atof", "atoi" and "atol" from <stdlib.h> should not be used
Bug
"<stdio.h>" should not be used in production code
Code Smell
"<signal.h>" should not be used
Bug
"offsetof" macro should not be used
Code Smell
"errno" should not be used
Code Smell
Dynamic heap memory allocation should not be used
Bug
"setjmp" and "longjmp" should not be used
Code Smell
Reserved identifiers should not be defined or declared
Code Smell
Lines starting with "#" should contain valid preprocessing directives
Bug
Only standard forms of the "defined" directive should be used
Code Smell
Preprocessor operators "#" and "##" should not be used
Code Smell
There shall be at most one occurrence of the # or ## operators in a single macro definition
Code Smell
Macros used in preprocessor directives should be defined before use
Bug
In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##
Code Smell
Function-like macros should not be invoked without all of their arguments
Bug
Function-like macros should not be used
Code Smell
"#undef" should be used with caution
Code Smell
Macros should not be #define'd or #undef'd within a block
Code Smell
"#include" directives should be followed by either <filename> or "filename" sequences
Bug
Non-standard characters should not occur in header file names in "#include" directives
Bug
#include directives in a file should only be preceded by other preprocessor directives or comments
Code Smell
Unions should not be used
Code Smell
The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
Array type function arguments should not decay to pointers
Code Smell
Object declarations should contain no more than 2 levels of pointer indirection
Code Smell
Function names should be used either as a call with a parameter list or with the "&" operator
Code Smell
Function exit paths should have appropriate return values
Bug
Parameters in a function prototype should be named
Code Smell
Recursion should not be used
Code Smell
Loops should not have more than one "break" or "goto" statement
Code Smell
Functions should not be defined with a variable number of arguments
Code Smell
Evaluation of the operand to the sizeof operator shall not contain side effects
Bug
Switch statement conditions should not have essentially boolean type
Code Smell
The comma operator, "&&", and "||" should not be overloaded
Code Smell
Switch labels should not be nested inside non-switch blocks
Code Smell
The right-hand operands of && and || should not contain side effects
Code Smell
"continue" should not be used
Code Smell
"goto" statement should not be used
Code Smell
Non-empty statements should change control flow or have at least one side-effect
Bug
Unused type declarations should be removed
Code Smell
A loop-control-variable other than the loop-counter which is modified in statement shall have type bool
Code Smell
The loop-counter should be modified by one of: --, ++, -=n, or +=n; where n remains constant for the duration of the loop
Code Smell
The three expressions of a "for" statement should only be concerned with loop control
Code Smell
Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression
Code Smell
Comma operator should not be used
Code Smell
The unary "&" operator should not be overloaded
Code Smell
Unary minus should not be applied to an unsigned expression
Bug
Bitwise operators should not be applied to signed operands
Bug
"enum" values should not be used as operands to built-in operators other than [ ], =, ==, !=, unary &, and the relational operators <, <=, >, >=
Code Smell
"bool" expressions should not be used as operands to built-in operators other than =, &&, ||, !, ==, !=, unary &, and the conditional operator
Code Smell
C-style and functional notation casts should not be used
Code Smell
Operands of "&&" and "||" should be primary (C) or postfix (C++) expressions
Code Smell
Boolean operations should not have numeric operands, and vice versa
Bug
Limited dependence should be placed on operator precedence
Code Smell
Objects with integer type should not be converted to objects with pointer type
Bug
A cast shall not remove any const or volatile qualification from the type of a pointer or reference
Code Smell
Pointer conversions should be restricted to a safe subset
Bug
Function pointers should not be converted to any other type
Bug
Constants of unsigned type should have a "U" suffix
Code Smell
Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type
Bug
Signed and unsigned types should not be mixed in expressions
Code Smell
"enum" members with implicit values should not collide with other enumerators
Code Smell
Variables should be initialized before use
Bug
Braces should be used to indicate and match the structure in the non-zero initialization of arrays and structures
Code Smell
Array declarations should include an explicit size specification
Code Smell
If a function has internal linkage then all re-declarations shall include the static storage class specifer
Code Smell
Objects or functions with external linkage shall be declared in a header file
Code Smell
Functions should not be declared at block scope
Code Smell
Literal suffix "L" for long integers shall be upper case
Code Smell
String literals with different prefixes should not be concatenated
Bug
Bit fields should be declared with appropriate types
Code Smell
typedefs that indicate size and signedness should be used in place of the basic types
Code Smell
The first operand of a conditional operator should have type bool
Code Smell
The condition of an if-statement and the condition of an iteration-statement shall have type bool
Code Smell
Appropriate char types should be used for character and integer values
Code Smell
Identifiers should not be longer than 31 characters
Code Smell
Digraphs should not be used
Code Smell
Trigraphs should not be used
Code Smell
Only escape sequences defined in the ISO C standard should be used
Bug
All uses of the #pragma directive should be documented
Code Smell
Source code should only use /* ... */ style comments
Code Smell
Assembly language should be encapsulated and isolated
Code Smell
Named methods should be used to avoid confusion between testing an optional or an expected and testing the wrapped value
Code Smell
std::string_view::data() should not be passed to API expecting C-style strings
Code Smell
String literals should not be assigned to mutable char pointers
Code Smell
"std::size" should be used to determine the size of arrays
Code Smell
Calls to c_str() should not implicitly recreate strings or string_views
Code Smell
Globals should not depend on possibly not yet initialized variables
Code Smell
String methods should be used to query content instead of C apis
Code Smell
The first element of an array should not be accessed implicitly
Code Smell
"std::views::as_const" should be used to prevent modifying range elements
Code Smell
Escape sequences should use the delimited form (\u{}, \o{}, \x{})
Code Smell
"std::stringstream" or "std::spanstream" should be used instead of "std::strstream"
Code Smell
The underlying value of an enum should be accessed through "to_underlying"
Code Smell
"contains" should be used to test whether a substring is part of a string
Code Smell
"if consteval" should be used instead of "if (std::is_constant_evaluated())"
Code Smell
The optional init-statement in a control statements should only be used to declare variables
Code Smell
The condition of "assert" should not be trivially true
Code Smell
A single L in a literal suffix should only be used for long values
Code Smell
"static_assert" should be preferred to assert when the argument is a compile-time constant
Code Smell
Macro arguments should not contain preprocessing directives
Bug
Names of well-known C standard library macros and functions should not be used as identifiers
Code Smell
Aggregates should be initialized with braces in non-generic code
Code Smell
All the elements of an aggregate should be provided with an initial value
Code Smell
Variables should not be accessed outside of their scope
Bug
Coroutines should have well-defined exception behavior
Bug
"constexpr" literal operators should be "consteval".
Code Smell
"std::format" should be used instead of standard output manipulators
Code Smell
C++ formatting functions should be used instead of C printf-like functions
Code Smell
The result of "make_format_args" should be passed directly as an argument
Bug
Use "std::format" rather than "std::vformat" when the format string is known at compile time
Code Smell
"std::format" numeric types should be 0-padded using the numerical padding and not the character padding
Bug
Arguments corresponding to width and precision formatting options should be integers
Bug
Calls to "std::format" with a locale should use the "L" flag
Code Smell
"std::format" should not have unused arguments
Code Smell
"std::format" should not be missing indexes
Bug
Concatenated "std::format" outputs should be replaced by a single invocation
Code Smell
Width, alignment, and padding format options should be used consistently
Code Smell
Explicit argument indexing in "std::format" should be used only for non-trivial ordering
Code Smell
Generic iterator-based algorithms should be constrained
Code Smell
"std::declval" should not be used within requires-expression
Code Smell
Template should not be constrained with ad-hoc requires-expression
Code Smell
Type-constraints should not be used for forwarding reference parameters
Bug
Perfect forwarding constructors should be constrained
Bug
Requires-expression should not contain unevaluated concept checks or type predicates
Bug
Assigning to an optional should directly target the optional
Bug
Hard-coded secrets are security-sensitive
Security Hotspot
Coroutines should not take const references as parameters
Code Smell
Use type-erased "coroutine_handle" when applicable
Code Smell
Coroutine should have co_return on each execution path or provide return_void
Bug
Thread local variables should not be used in coroutines
Code Smell
Use conditional suspension to resume current coroutine
Code Smell
Use symmetric transfer to switch execution between coroutines
Code Smell
The return value of "std::move" should be used in a function
Code Smell
rvalue reference members should not be copied accidentally
Code Smell
"auto" should be used to store a result of functions that conventionally return an iterator or a range
Code Smell
Well-defined type-punning method should be used instead of a union-based one
Bug
"std::string_view" and "std::span" parameters should be directly constructed from sequences
Code Smell
Comparision operators ("<=>", "==") should be defaulted unless non-default behavior is required
Code Smell
"std::chrono" components should be used to operate on time
Code Smell
"std::has_single_bit" should be used to test if an integer is a power of two
Code Smell
Empty class members should be marked as "[[no_unique_address]]"
Code Smell
"std::to_address" should be used to convert iterators to raw pointers
Code Smell
Result of the standard remove algorithms should not be ignored
Bug
"[[nodiscard]]" attributes on types should include explanations
Code Smell
Concept names should comply with a naming convention
Code Smell
"std::cmp_*" functions should be used to compare unsigned values with negative values
Bug
"volatile" should not be used to qualify objects for which the meaning is not defined
Bug
STL constrained algorithms with range parameter should be used when iterating over the entire range
Code Smell
"std::enable_if" should not be used
Code Smell
Cognitive Complexity of coroutines should not be too high
Code Smell
Coroutine names should comply with a naming convention
Code Smell
Cyclomatic Complexity of coroutines should not be too high
Code Smell
"volatile" types should not be used in compound operations
Bug
"std::source_location" should be used instead of "__FILE__", "__LINE__", and "__func__" macros
Code Smell
Function template parameters should be named if reused
Code Smell
"std::span" should be used for a uniform sequence of elements contiguous in memory
Code Smell
Operator spaceship "<=>" should be used to define comparable types
Code Smell
Redundant comparison operators should not be defined
Code Smell
"std::format" should be used instead of string concatenation and "std::to_string"
Code Smell
Coroutines should not have too many lines of code
Code Smell
"std::cmp_*" functions should be used to compare signed and unsigned values
Code Smell
"std::bit_cast" should be used to reinterpret binary representation instead of "std::memcpy"
Code Smell
"[[likely]]" and "[[unlikely]]" should be used instead of compiler built-ins
Code Smell
"std::midpoint" and "std::lerp" should be used for midpoint computation and linear interpolation
Code Smell
"starts_with" and "ends_with" should be used for prefix and postfix checks
Code Smell
"using enum" should be used in scopes with high concentration of "enum" constants
Code Smell
Designated initializers should be used in their C++ compliant form
Code Smell
"contains" should be used to check if a key exists in a container
Code Smell
"std::is_constant_evaluated" and "if consteval" should only be used when necessary
Bug
"std::jthread" should be used instead of "std::thread"
Code Smell
"nodiscard" attributes on functions should include explanations
Code Smell
Elements in a container should be erased with "std::erase" or "std::erase_if"
Code Smell
Mathematical constants should not be hardcoded
Code Smell
Use discriminated unions or "std::variant"
Code Smell
"sprintf" should not be used
Security Hotspot
Transparent function objects should be used with associative "std::string" containers
Code Smell
"emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"
Code Smell
Unnecessary expensive copy should be avoided when using auto as a placeholder type
Code Smell
The right template argument should be specified for std::forward
Code Smell
"try_emplace" should be used with "std::map" and "std::unordered_map"
Code Smell
Exception specifications should be treated as part of the type
Code Smell
"auto" should be used for non-type template parameter
Code Smell
Use "std::variant" instead of unions with non-trivial types.
Code Smell
Free functions should be preferred to member functions when accessing a container in a generic context
Code Smell
"std::optional" member function "value_or" should be used
Code Smell
"std::byte" should be used when you need byte-oriented memory access
Code Smell
Heterogeneous sorted containers should only be used with types that support heterogeneous comparison
Bug
The "_t" and "_v" version of type traits should be used instead of "::type" and "::value"
Code Smell
Inline variables should be used to declare global variables in header files
Code Smell
"if constexpr" should be preferred to overloading for metaprogramming
Code Smell
"[*this]" should be used to capture the current object by copy
Code Smell
"std::uncaught_exception" should not be used
Code Smell
"static_assert" with no message should be used over "static_assert" with empty or redundant message
Code Smell
Redundant class template arguments should not be used
Code Smell
Objects should not be created solely to be passed as arguments to functions that perform delegated object creation
Code Smell
"std::filesystem::path" should be used to represent a file path
Code Smell
"std::string_view" should be used to pass a read-only string to a function
Code Smell
Fold expressions should be used instead of recursive template instantiations
Code Smell
[[nodiscard]] should be used when the return value of a function should not be ignored
Code Smell
"as_const" should be used to make a value constant
Code Smell
Structured binding should be used
Code Smell
"if" and "switch" initializer should be used to reduce scope of variables
Code Smell
Emplacement should be preferred when insertion creates a temporary with sequence containers
Code Smell
"std::visit" should be used to switch on the type of the current value in a "std::variant"
Code Smell
"std::scoped_lock" should be created with constructor arguments
Bug
"std::scoped_lock" should be used instead of "std::lock_guard"
Code Smell
"bind" should not be used
Code Smell
Changing working directories without verifying the success is security-sensitive
Security Hotspot
"dynamic_cast" should be used for downcasting
Code Smell
Multicharacter literals should not be used
Code Smell
Values returned from string find-related methods should not be treated as boolean
Bug
Struct should explicitly specify the access level when specifying base classes
Code Smell
Classes should explicitly specify the access level when specifying base classes
Code Smell
"std::initializer_list" constructor should not overlap with other constructors
Code Smell
Threads should not be detached
Code Smell
Loop variables should be declared in the minimal possible scope
Code Smell
"shared_ptr" should not be taken by rvalue reference
Code Smell
Inheriting constructors should be used
Code Smell
Return type of functions shouldn't be const qualified value
Code Smell
"make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"
Code Smell
"std::endl" should not be used
Code Smell
C-style array should not be used
Code Smell
Objects should not be sliced
Bug
Setting capabilities is security-sensitive
Security Hotspot
Accessing files should not introduce TOCTOU vulnerabilities
Vulnerability
Account validity should be verified when authenticating users with PAM
Vulnerability
"auto" should be used to avoid repetition of types
Code Smell
Macros should not be used as replacements for "typedef" and "using"
Code Smell
Using "tmpnam", "tmpnam_s" or "tmpnam_r" is security-sensitive
Security Hotspot
Integer literals should not be cast to bool
Code Smell
Member functions that don't mutate their objects should be declared "const"
Code Smell
Using "strncpy" or "wcsncpy" is security-sensitive
Security Hotspot
Using "strncat" or "wcsncat" is security-sensitive
Security Hotspot
Using "strcat" or "wcscat" is security-sensitive
Security Hotspot
Using "strlen" or "wcslen" is security-sensitive
Security Hotspot
Concise syntax should be used for concatenatable namespaces
Code Smell
Changing directories improperly when using "chroot" is security-sensitive
Security Hotspot
Using "strcpy" or "wcscpy" is security-sensitive
Security Hotspot
"memset" should not be used to delete sensitive data
Vulnerability
POSIX functions should not be called with arguments that trigger buffer overflows
Vulnerability
Relational and subtraction operators should not be used with pointers to different arrays
Bug
Track comments matching a regular expression
Code Smell
Arguments evaluation order should not be relied on
Bug
STL algorithms and range-based for loops should be preferred to traditional for loops
Code Smell
Immediately dangling references and pointers should not be created
Bug
Cipher algorithms should be robust
Vulnerability
Encryption algorithms should be used with secure mode and padding scheme
Vulnerability
Functions that are not used in a project should be removed
Code Smell
Server hostnames should be verified during SSL/TLS connections
Vulnerability
Multiple mutexes should not be acquired with individual locks
Code Smell
Local variables should be initialized immediately
Code Smell
Pointers or references obtained from aliased smart pointers should not be used as function parameters
Code Smell
"try_lock", "lock" and "unlock" should not be directly used for mutexes
Code Smell
A single statement should not have more than one resource allocation
Code Smell
"#pragma pack" should be used correctly
Bug
Function parameters that are rvalue references should be moved
Code Smell
Capture by reference in lambdas used locally
Code Smell
Size of bit fields should not exceed the size of their types
Code Smell
Enums should be consistent with the bit fields they initialize
Bug
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
Only valid arguments should be passed to UNIX/POSIX functions
Code Smell
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked
Bug
Only valid arguments should be passed to stream functions
Code Smell
Using publicly writable directories is security-sensitive
Security Hotspot
"Forwarding references" parameters should be used only to forward parameters
Code Smell
Functions should not have more than one argument of type "bool"
Code Smell
Non-const global variables should not be used
Code Smell
The order for arguments of the same type in a function call should be obvious
Code Smell
"std::move" and "std::forward" should not be confused
Bug
"using" should be preferred for type aliasing
Code Smell
"std::move" should only be used where moving can happen
Code Smell
Classes should not contain both public and private data members
Code Smell
Functions that throw exceptions should not be used as hash functions
Code Smell
"constexpr" functions should not be declared "inline"
Code Smell
A call to "wait()" on a "std::condition_variable" should have a condition
Bug
"^" should not be confused with exponentiation
Code Smell
Each operand of the ! operator, the logical && or the logical || operators shall have type bool
Bug
A cast should not convert a pointer type to an integral type
Code Smell
An object with integral type or pointer to void type shall not be converted to an object with pointer type
Code Smell
An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly
Code Smell
Pointer and reference local variables should be "const" if the corresponding object is not modified
Code Smell
Using clear-text protocols is security-sensitive
Security Hotspot
The identifiers used for the parameters in a re-declaration or override of a function shall be identical to those in the declaration
Code Smell
using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files
Code Smell
A loop-control-variable other than the loop-counter shall not be modified within condition or expression
Code Smell
Blocking functions should not be called inside critical sections
Code Smell
The loop-counter shall not be modified within condition or statement
Code Smell
If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=
Code Smell
A for loop shall contain a single loop-counter which shall not have floating type
Code Smell
Every switch statement shall have at least one case-clause
Code Smell
Return value of "setuid" family of functions should always be checked
Code Smell
All "if ... else if" constructs shall be terminated with an "else "clause
Code Smell
An `if ( condition )` construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
Code Smell
The statement forming the body of a "switch", "while", "do {...} while" or "for" statement shall be a compound statement
Code Smell
C-style casts (other than void casts) and functional notation casts (other than explicit constructor calls) shall not be used
Code Smell
A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast
Bug
When an array is declared, its size shall either be stated explicitly or defined implicitly by initialization
Bug
GNU attributes should be used correctly
Code Smell
Format strings should comply with ISO standards
Code Smell
Size of variable length arrays should be greater than zero
Code Smell
Argument of "printf" should be a format string
Code Smell
"mktemp" family of functions templates should have at least six trailing "X"s
Code Smell
Unevaluated operands should not have side effects
Code Smell
Size argument of memory functions should be consistent
Code Smell
Return value of "nodiscard" functions should not be ignored
Code Smell
Implicit casts should not lower precision
Code Smell
"reinterpret_cast" should be used carefully
Bug
"std::move" should not inhibit optimizations
Code Smell
Appropriate size arguments should be passed to "strncat" and "strlcpy"
Code Smell
Moved-from objects should not be relied upon
Code Smell
Functions which do not return should be declared as "noreturn"
Code Smell
User-defined types should not be passed as variadic arguments
Bug
Class members should not be initialized with dangling references
Bug
Functions with "noreturn" attribute should not return
Bug
Keywords shall not be used as macros identifiers
Code Smell
Incomplete types should not be deleted
Code Smell
Logical operators should not be confused with bitwise operators
Code Smell
Dereferenced null pointers should not be bound to references
Code Smell
"else" statements should be clearly matched with an "if"
Code Smell
Header guards should be followed by a matching "#define" macro
Code Smell
Template parameters should be preferred to "std::function" when configuring behavior at compile time
Code Smell
Function pointers should not be used as function parameters
Code Smell
RAII objects should not be temporary
Bug
The addresses of standard library functions should not be taken
Code Smell
Expanding archive files without controlling resource consumption is security-sensitive
Security Hotspot
Macros should not be used to define constants
Code Smell
Memory should not be managed manually
Code Smell
Facilities in <random> should be used instead of "srand", "rand" and "random_shuffle"
Code Smell
Lambdas that capture "this" should capture everything explicitly
Code Smell
Move and swap operations should be "noexcept"
Code Smell
"void *" should not be used in typedefs, member variables, function parameters or return type
Code Smell
"memcmp" should only be called with pointers to trivially copyable types with no padding
Bug
"memcpy", "memmove", and "memset" should only be called with pointers to trivially copyable types
Bug
Function parameters should not be of type "std::unique_ptr<T> const &"
Code Smell
"std::auto_ptr" should not be used
Bug
The "Rule-of-Zero" should be followed
Code Smell
"nullptr" should be used to denote the null pointer
Code Smell
Server certificates should be verified during SSL/TLS connections
Vulnerability
Using weak hashing algorithms is security-sensitive
Security Hotspot
"default" clauses should be first or last
Code Smell
Cryptographic keys should be robust
Vulnerability
Weak SSL/TLS protocols should not be used
Vulnerability
"auto" should not be used to deduce raw pointers
Code Smell
Include directives should not rely on non-portable search strategy
Code Smell
Methods should not have identical implementations
Code Smell
Array values should not be replaced unconditionally
Bug
Method overloads should be grouped together in the interface
Code Smell
A conditionally executed single line should be denoted by indentation
Code Smell
Conditionals should start on new lines
Code Smell
Integral operations should not overflow
Bug
"case" ranges should cover multiple values
Code Smell
"case" ranges should not be empty
Bug
All branches in a conditional structure should not have exactly the same implementation
Bug
Parameter values should be appropriate
Bug
"#include" paths should be portable
Code Smell
"#import" should not be used
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
Macros should not be redefined
Code Smell
Exceptions should not be thrown in "noexcept" functions
Code Smell
'extern "C"' should not be used with namespaces
Code Smell
"auto" should not be used as a storage class specifier
Code Smell
"#include_next" should not be used
Code Smell
Array indices should be placed between brackets
Code Smell
String literals should not be concatenated implicitly
Code Smell
"extern" shouldn't be used on member definitions
Bug
Virtual functions should not have default arguments
Code Smell
GNU extensions should not be used
Code Smell
Reference types should not be qualified with "const" or "volatile"
Code Smell
Non-exception types should not be caught
Code Smell
Non-exception types should not be thrown
Code Smell
Comparison operators should not be virtual
Code Smell
Partial specialization syntax should not be used for function templates
Code Smell
Declaration specifiers should not be redundant
Bug
Local variables and member data should not be volatile
Code Smell
String literals should not be immediately followed by macros
Code Smell
Alternative operators should not be used
Code Smell
Assignment operators should not be "virtual"
Code Smell
Member variables should not be "protected"
Code Smell
Destructors should be "noexcept"
Bug
Types and variables should be declared in separate statements
Code Smell
Scoped enumerations should be used
Code Smell
"const" and "volatile" should not be used in "enum" declarations
Code Smell
"reinterpret_cast" should not be used
Code Smell
Raw string literals should be used
Code Smell
Classes should have regular copy and move semantic
Code Smell
"static" should not be used in unnamed namespaces
Code Smell
Default capture should not be used
Code Smell
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
"final" classes should not have "virtual" functions
Code Smell
Redundant lambda return types should be omitted
Code Smell
"switch" statements should cover all cases
Code Smell
"inline" should not be used redundantly
Code Smell
Declarations of functions defined outside of the class should not be marked as "inline"
Code Smell
Standard groupings should be used with digit separators
Code Smell
Digit separators should be used
Code Smell
Allocation and deallocation functions should not be explicitly declared "static"
Code Smell
Base class access specifiers should not be redundant
Code Smell
Access specifiers should not be redundant
Code Smell
Freed memory should not be used
Bug
The "register" storage class specifier should not be used
Code Smell
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Zero should not be a possible denominator
Bug
Redundant pointer operator sequences should be removed
Code Smell
Special member function should not be defined unless a non standard behavior is required
Code Smell
"override" or "final" should be used instead of "virtual"
Code Smell
Standard namespaces should not be modified
Code Smell
Inheritance should be "public"
Code Smell
Function declarations that look like variable declarations should not be used
Bug
Empty "case" clauses that fall through to the "default" should be omitted
Code Smell
Format strings should be used correctly
Code Smell
Destructors should not be called explicitly
Code Smell
Conditional operators should not be nested
Code Smell
Namespaces should not be empty
Code Smell
"static" base class members should not be accessed via derived types
Code Smell
Forward declarations should not be redundant
Code Smell
Member data should be initialized in-class or in a constructor initialization list
Code Smell
Members should be initialized in the order they are declared
Code Smell
Label names should comply with a naming convention
Code Smell
"sizeof" should not be called on pointers
Bug
"this" should not be compared with null
Code Smell
"const" references to numbers should not be made
Bug
The "delete" operator should only be used for pointers
Code Smell
Binary operators should be overloaded as hidden friend functions
Code Smell
Bit fields should not be used
Code Smell
Unary prefix operators should not be repeated
Bug
Non-existent operators like "=+" should not be used
Bug
XML parsers should not be vulnerable to XXE attacks
Vulnerability
Declarations should not be empty
Code Smell
Values of different "enum" types should not be compared
Bug
General "catch" clauses should not be used
Code Smell
"catch" clauses should do more than rethrow
Code Smell
Multiline blocks should be enclosed in curly braces
Code Smell
Increment should not be used to set boolean variables to 'true'
Code Smell
The "sizeof" and "alignof" operator should not be used with operands of a "void" type
Bug
"nonnull" parameters and return values of "returns_nonnull" functions should not be null
Bug
Setting loose POSIX file permissions is security-sensitive
Security Hotspot
Conditionally executed code should be reachable
Bug
Exceptions should not be ignored
Code Smell
Control characters should not be used in literals
Code Smell
Child class fields should not shadow parent class fields
Code Smell
Enumeration values should comply with a naming convention
Code Smell
Enumeration names should comply with a naming convention
Code Smell
Octal and hexadecimal escape sequences should be terminated
Code Smell
Flexible array members should not be declared
Code Smell
Line-splicing should not be used in "//" comments
Bug
Standard C++ headers should be used
Code Smell
Namespace names should comply with a naming convention
Code Smell
Exception specifications should not be used
Code Smell
Printf-style format strings should not lead to unexpected behavior at runtime
Bug
Track parsing failures
Code Smell
Null pointers should not be dereferenced
Bug
User-specified functions should not be called
Code Smell
Using pseudorandom number generators (PRNGs) is security-sensitive
Security Hotspot
Parameters should be passed in the correct order
Code Smell
Single-bit named bit fields should not be of a signed type
Bug
"static" members should be accessed statically
Code Smell
"for" loop counters should not have essentially floating type
Bug
Recursion should not be infinite
Bug
"final" classes should not have "protected" members
Code Smell
Values should not be uselessly incremented
Bug
Member variables should be initialized
Bug
Resources should be closed
Bug
Hard-coded passwords are security-sensitive
Security Hotspot
"final" should not be used redundantly
Code Smell
Comment styles "//" and "/* ... */" should not be mixed within a file
Code Smell
Line continuation characters '\' should not be followed by trailing whitespace
Bug
Preprocessor directives should not be indented
Code Smell
Track instances of the "#error" preprocessor directive being reached
Code Smell
"sizeof(sizeof(...))" should not be used
Bug
Non-reentrant POSIX functions should be replaced with their reentrant versions
Code Smell
Obsolete POSIX functions should not be used
Code Smell
"goto" statements should not be used to jump into blocks
Code Smell
Redundant casts should not be used
Code Smell
"union" names should comply with a naming convention
Code Smell
Code annotated as deprecated should not be used
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Related "if/else if" statements should not have the same condition
Bug
Unused assignments should be removed
Code Smell
"switch" statements should not be nested
Code Smell
Structures should not have too many fields
Code Smell
The ternary operator should not be used
Code Smell
"public", "protected" and "private" sections of a class should be declared in that order
Code Smell
Constants should come first in equality tests
Code Smell
A "struct" should not have member functions
Code Smell
The sign of an unsigned variable should not be tested
Code Smell
Pointers should not be cast to integral types
Bug
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
"#pragma warning (default: ...)" should not be used
Code Smell
Pre-defined macros should not be defined, redefined or undefined
Code Smell
Keywords introduced in later specifications should not be used as identifiers
Code Smell
Loops with at most one iteration should be refactored
Bug
Lambdas should not be used
Code Smell
Type specifiers should be listed in a standard order
Code Smell
Default parameters should not be defined
Code Smell
"explicit" should be used on single-parameter constructors and conversion operators
Code Smell
C++ comments should be used
Code Smell
Track "TODO" and "FIXME" comments that do not contain a reference to a person
Code Smell
Exceptions should not be used
Code Smell
The prefix increment/decrement form should be used
Code Smell
Virtual functions should not be called from constructors or destructors
Code Smell
The original exception object should be rethrown
Bug
Context-sensitive keywords should not be used as identifiers
Code Smell
Multiple variables should not be declared on the same line
Code Smell
Variables should not be self-assigned
Bug
"struct" names should comply with a naming convention
Code Smell
File names should comply with a naming convention
Code Smell
Macro names should comply with a naming convention
Code Smell
Cyclomatic Complexity of functions should not be too high
Code Smell
Unused local variables should be removed
Code Smell
"switch" statements should not have too many "case" clauses
Code Smell
Track lack of copyright and license headers
Code Smell
Classes should not have too many methods
Code Smell
Comments should not be located at the end of lines of code
Code Smell
Functions/methods should not have too many lines
Code Smell
Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
Code Smell
Octal values should not be used
Code Smell
Using hardcoded IP addresses is security-sensitive
Security Hotspot
"switch" statements should have "default" clauses
Code Smell
"if" statements should be preferred over "switch" when simpler
Code Smell
Track uses of "NOSONAR" comments
Code Smell
Switch cases should end with an unconditional "break" statement
Code Smell
"::" operator should be used to access global variables and functions
Code Smell
Functions without parameters should not use "(void)"
Code Smell
"for" loop stop conditions should be invariant
Code Smell
"operator delete" should be written along with "operator new"
Bug
A "while" loop should be used instead of a "for" loop
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
"typedef" should be used for function pointers
Code Smell
Sections of code should not be commented out
Code Smell
Floating point numbers should not be tested for equality
Bug
Inherited functions should not be hidden
Code Smell
Pass by reference to const should be used for large input parameters
Code Smell
Assignment operators should return non-"const" reference to the assigned object
Code Smell
Polymorphic base class destructor should be either public virtual or protected non-virtual
Code Smell
Appropriate memory de-allocation should be used
Bug
C-style memory allocation routines should not be used
Code Smell
break statements should not be used except for switch cases
Code Smell
Statements should be on separate lines
Code Smell
"switch" statements should not contain non-case labels
Code Smell
Control structures should use curly braces
Code Smell
Nested code blocks should not be used
Code Smell
Lambdas should not have too many lines
Code Smell
Methods should not be empty
Code Smell
Overriding member functions should do more than simply call the same member in the base class
Code Smell
Generic exceptions should not be caught
Code Smell
Unused function parameters should be removed
Code Smell
Local variable and function parameter names should comply with a naming convention
Code Smell
Field names should comply with a naming convention
Code Smell
"empty()" should be used to test for emptiness
Code Smell
"switch case" clauses should not have too many lines of code
Code Smell
Unused functions and methods should be removed
Code Smell
Functions should not contain too many return statements
Code Smell
Try-catch blocks should not be nested
Code Smell
Track uses of "TODO" tags
Code Smell
Track uses of "FIXME" tags
Code Smell
Deprecated code should be removed
Code Smell
Lines should not end with trailing whitespaces
Code Smell
Files should end with a newline
Code Smell
Deprecated attributes should include explanations
Code Smell
Assignments should not be made from within conditions
Code Smell
Generic exceptions should never be thrown
Code Smell
Variables should not be shadowed
Code Smell
Empty statements should be removed
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
"/*" and "//" should not be used within comments
Code Smell
Inheritance tree of classes should not be too deep
Code Smell
Magic numbers should not be used
Code Smell
Insecure functions should not be used
Vulnerability
Nested blocks of code should not be left empty
Code Smell
"scanf()" and "fscanf()" format strings should specify a field width for the "%s" string placeholder
Vulnerability
Functions should not have too many parameters
Code Smell
Unused "private" fields should be removed
Code Smell
Expressions should not be too complex
Code Smell
Mergeable "if" statements should be combined
Code Smell
Unused labels should be removed
Code Smell
Standard outputs should not be used directly to log anything
Code Smell
"<cstdio>" should not be used
Code Smell
"<ctime>" should not be used
Code Smell
C libraries should not be used
Code Smell
Tabulation characters should not be used
Code Smell
Destructors should not throw exceptions
Bug
Condition-specific "catch" handlers should not be used after the ellipsis (catch-all) handler
Bug
Handlers in a single try-catch or function-try-block for a derived class and some or all of its bases should be ordered most-derived-first
Bug
Exception classes should be caught by reference
Bug
Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases
Bug
Files should not have too many lines of code
Code Smell
Empty throws ("throw;") should only be used in the compound statements of catch handlers
Bug
Control should not be transferred into a complex logic block using a "goto" or a "switch" statement
Code Smell
An exception object should not have pointer type
Bug
Function templates should not be specialized
Code Smell
Lines should not be too long
Code Smell
Pure "virtual" functions should not override non-pure "virtual" functions
Code Smell
Virtual functions should be declared with the "virtual" keyword
Code Smell
Accessible base classes should not be both "virtual" and non-virtual in the same hierarchy
Bug
Classes should not be derived from virtual bases
Code Smell
Class names should comply with a naming convention
Code Smell
Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments
Code Smell
A function should have a single point of exit at the end of the function
Code Smell
"using namespace" directives should not be used in header files
Code Smell
Multiple declarations for an identifier in the same namespace shall not straddle a using-declaration for that identifier
Bug
"using-directives" should not be used
Code Smell
Header files should not contain unnamed namespaces
Code Smell
Function names should comply with a naming convention
Code Smell
The character handling functions from "<cctype>" and "<cwctype>" shall not be used
Code Smell
The "goto" statement should not be used
Code Smell
An "integer-literal" of type "long long" shall not use a single "L" or "l" in any suffix
Code Smell
A non-"transient lambda" shall not implicitly capture "this"
Code Smell
"Global variables" shall not be used
Code Smell
An object shall not be accessed outside of its lifetime
Bug
A function declared with the "[[noreturn]]" attribute shall not return
Bug
"std::vector" should not be specialized with "bool"
Code Smell
Variables of array type should not be declared
Code Smell
The "setlocale" and "std::locale::global" functions shall not be called
Code Smell
"Unscoped enumerations" should not be declared
Code Smell
Functions with "limited visibility" should be "used" at least once
Code Smell
An "explicit type conversion" shall not be an "expression statement"
Bug
"Advanced memory management" shall not be used
Code Smell
Reads and writes on the same file stream shall be separated by a positioning operation
Bug
Line-splicing shall not be used in "//" comments
Bug
A pointer to an incomplete "class" type shall not be deleted
Bug
All variables should be initialized
Code Smell
The result of "std::remove", "std::remove_if", "std::unique" and "empty" shall be "used"
Bug
An object shall not be used while in a "potentially moved-from state"
Code Smell
"Forwarding references" and "std::forward" shall be used together
Code Smell
A comparison of a "potentially virtual" pointer to member function shall only be with "nullptr"
Bug
Variables should be captured explicitly in a non-"transient lambda"
Code Smell
Local variables shall not have static storage duration
Code Smell
The macro "offsetof" shall not be used
Code Smell
The standard "header file" "<csetjmp>" shall not be used
Code Smell
The "#" and "##" preprocessor operators should not be used
Code Smell
The "#include" directive shall be followed by either a "<filename>" or ""filename"" sequence
Bug
A "noexcept" function should not attempt to propagate an exception to the calling function
Bug
An exception of "class" type shall be caught by "const" reference or reference
Bug
Handlers for a "function-try-block" of a constructor or destructor shall not refer to non-static members from their class or its bases
Bug
An "empty throw" shall only occur within the "compound-statement" of a "catch handler"
Code Smell
An exception object shall not have pointer type
Bug
Classes should not be inherited virtually
Code Smell
A named bit-field with "signed integer type" shall not have a length of one bit
Bug
The "union" keyword shall not be used
Code Smell
The value of an object must not be read before it has been set
Bug
A "declaration" should not declare more than one variable or member variable
Code Smell
There should be no unnamed namespaces in "header files"
Code Smell
The identifier "main" shall not be used for a function other than the global function "main"
Code Smell
The "goto" statement shall jump to a label declared later in the function body
Code Smell
All "if ... else if" constructs shall be terminated with an "else" statement
Code Smell
The "address-of" operator shall not be overloaded
Code Smell
A cast should not convert a pointer type to an integral type
Code Smell
A cast shall not remove any "const" or "volatile" qualification from the type accessed via a pointer or by reference
Code Smell
C-style casts and "functional notation" casts shall not be used
Code Smell
A virtual base class shall only be cast to a derived class by means of "dynamic_cast"
Bug
The "declaration" of an object should contain no more than two levels of pointer indirection
Code Smell
"nullptr" shall be the only form of the "null-pointer-constant"
Code Smell
The names of the "standard signed integer types" and "standard unsigned integer types" should not be used
Code Smell
A line whose first token is "#" shall be a valid preprocessing directive
Bug
All identifiers used in the controlling expression of "#if" or "#elif" preprocessing directives shall be defined prior to evaluation
Bug
Tokens that look like a preprocessing directive shall not occur within a macro argument
Bug
Function-like macros shall not be defined
Code Smell
"#include" directives should only be preceded by preprocessor directives or comments
Code Smell
Unsigned "integer literals" shall be appropriately suffixed
Code Smell
The value returned by a function shall be "used"
Code Smell
Variables with "limited visibility" should be "used" at least once
Code Smell

Only valid arguments should be passed to stream functions

intentionality - logical

maintainability

Code Smell

symbolic-execution
suspicious

Passing invalid arguments to standard C library functions for handling I/O streams results in undefined behavior.

Why is this an issue?

What is the potential impact?

How can I fix it?

More Info

The standard C library includes a number of functions for handling I/O streams. These functions put certain constraints on the values of their parameters. The constraints include the following:

The value for the FILE*-typed parameter may not be NULL
The third argument of fseek must be either of SEEK_SET, SEEK_END, or SEEK_CUR

Failing to pass correctly constrained parameters renders them invalid and will result in undefined behavior.

#include <stdio.h>

size_t get_file_size() {
  FILE *f = fopen("example_file.txt", "r");
  // `f` may be NULL if `fopen` fails.
  fseek(f, 0L, SEEK_END); // Leads to undefined behavior, if `f` is NULL.
  size_t size = ftell(f); // Leads to undefined behavior, if `f` is NULL.
  fclose(f);
  return size;
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy | Terms of Use

In-IDE

SaaS

Self-Hosted