Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 81 rules found

cppcoreguidelines

Impact

Clean code attribute

Function-like macros should not be used
Code Smell
Array type function arguments should not decay to pointers
Code Smell
The unary "&" operator should not be overloaded
Code Smell
Boolean operations should not have numeric operands, and vice versa
Bug
A cast shall not remove any const or volatile qualification from the type of a pointer or reference
Code Smell
"std::jthread" should be used instead of "std::thread"
Code Smell
Structured binding should be used
Code Smell
"dynamic_cast" should be used for downcasting
Code Smell
Threads should not be detached
Code Smell
Loop variables should be declared in the minimal possible scope
Code Smell
"shared_ptr" should not be taken by rvalue reference
Code Smell
Inheriting constructors should be used
Code Smell
Return type of functions shouldn't be const qualified value
Code Smell
"make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"
Code Smell
"std::endl" should not be used
Code Smell
C-style array should not be used
Code Smell
Objects should not be sliced
Bug
"auto" should be used to avoid repetition of types
Code Smell
Relational and subtraction operators should not be used with pointers to different arrays
Bug
Arguments evaluation order should not be relied on
Bug
STL algorithms and range-based for loops should be preferred to traditional for loops
Code Smell
Multiple mutexes should not be acquired with individual locks
Code Smell
Local variables should be initialized immediately
Code Smell
Pointers or references obtained from aliased smart pointers should not be used as function parameters
Code Smell
"try_lock", "lock" and "unlock" should not be directly used for mutexes
Code Smell
A single statement should not have more than one resource allocation
Code Smell
Function parameters that are rvalue references should be moved
Code Smell
Capture by reference in lambdas used locally
Code Smell
"Forwarding references" parameters should be used only to forward parameters
Code Smell
Non-const global variables should not be used
Code Smell
The order for arguments of the same type in a function call should be obvious
Code Smell
"std::move" and "std::forward" should not be confused
Bug
"using" should be preferred for type aliasing
Code Smell
"std::move" should only be used where moving can happen
Code Smell
Classes should not contain both public and private data members
Code Smell
Functions that throw exceptions should not be used as hash functions
Code Smell
A call to "wait()" on a "std::condition_variable" should have a condition
Bug
"std::move" should not inhibit optimizations
Code Smell
User-defined types should not be passed as variadic arguments
Bug
Template parameters should be preferred to "std::function" when configuring behavior at compile time
Code Smell
Function pointers should not be used as function parameters
Code Smell
RAII objects should not be temporary
Bug
Macros should not be used to define constants
Code Smell
Memory should not be managed manually
Code Smell
Lambdas that capture "this" should capture everything explicitly
Code Smell
Move and swap operations should be "noexcept"
Code Smell
"void *" should not be used in typedefs, member variables, function parameters or return type
Code Smell
Function parameters should not be of type "std::unique_ptr<T> const &"
Code Smell
"nullptr" should be used to denote the null pointer
Code Smell
Non-exception types should not be caught
Code Smell
Comparison operators should not be virtual
Code Smell
Local variables and member data should not be volatile
Code Smell
Assignment operators should not be "virtual"
Code Smell
Member variables should not be "protected"
Code Smell
Destructors should be "noexcept"
Bug
Types and variables should be declared in separate statements
Code Smell
Scoped enumerations should be used
Code Smell
"reinterpret_cast" should not be used
Code Smell
Special member function should not be defined unless a non standard behavior is required
Code Smell
"override" or "final" should be used instead of "virtual"
Code Smell
Member data should be initialized in-class or in a constructor initialization list
Code Smell
Members should be initialized in the order they are declared
Code Smell
Binary operators should be overloaded as hidden friend functions
Code Smell
Child class fields should not shadow parent class fields
Code Smell
Exception specifications should not be used
Code Smell
Type specifiers should be listed in a standard order
Code Smell
"explicit" should be used on single-parameter constructors and conversion operators
Code Smell
Functions without parameters should not use "(void)"
Code Smell
"operator delete" should be written along with "operator new"
Bug
Inherited functions should not be hidden
Code Smell
Pass by reference to const should be used for large input parameters
Code Smell
Assignment operators should return non-"const" reference to the assigned object
Code Smell
Polymorphic base class destructor should be either public virtual or protected non-virtual
Code Smell
C-style memory allocation routines should not be used
Code Smell
Generic exceptions should not be caught
Code Smell
"empty()" should be used to test for emptiness
Code Smell
Generic exceptions should never be thrown
Code Smell
Exception classes should be caught by reference
Bug
Function templates should not be specialized
Code Smell
Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments
Code Smell
"using namespace" directives should not be used in header files
Code Smell

Non-const global variables should not be used

adaptability - modular

maintainability

Code Smell

cppcoreguidelines
bad-practice
pitfall

Why is this an issue?

More Info

A global variable can be modified from anywhere in the program. At first, this might look convenient. However, it makes programs harder to understand and maintain. When you see a function call, you cannot know if the function will affect the value of the global variable or not. You have lost the ability to reason locally about your code and must always have the whole program in mind.

Additionally, global variables are often subject to race conditions in multi-threaded environments.

These issues are related to modification and cannot occur when the global variable is const (or, in the case of a pointer, if it is const at every level).

unsigned** noncompliantPtr;
unsigned const* const* const compliantPtr = ...;

Some global variables defined in external libraries (such as std::cout, std::cin, std::cerr) are acceptable to use, but you should have a good reason to create your own. If you use a global variable, ensure they can be safely accessed concurrently, and there are no issues related to order of their initialization (see S7119).

Remember that it is much easier to maintain software without globals. Instead of such variables, it is better to design functions to take as input all the required variables. In addition to serving documentation, this also helps future refactoring and the evolution of the code.

This rule detects all declarations of global variables (at file scope or in any namespace) that are not constant.

Noncompliant code example

double oneFoot = 0.3048; // Noncompliant
double userValue; // Noncompliant

void readValue();
void writeResult();

int main() {
  readValue();
  writeResult();
}

Compliant solution

constexpr double footToMeter = 0.3048;

double readValueInFeet();
void writeResult(double valueInMeters);

int main() {
  auto userValue = readValueInFeet();
  writeResult(userValue * footToMeter);
}

Exceptions

volatile is used to indicate that some piece of memory can be mutated by external factors. For embedded software, some hardware inputs/outputs can be mapped to specific memory addresses, and accessing these bound data is usually done through a global pointer to volatile data.

In that situation, the pointer itself should be const, but the pointee can be non-const if the memory maps an output register that is supposed to be written to.

unsigned volatile      *       gpio1;       // Noncompliant
unsigned volatile      * const gpio2 = ...; // Compliant, used for input & output
unsigned volatile const* const gpio3 = ...; // Compliant, used for input only

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted