SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 17 rules found
misra-advisory
    Impact
      Clean code attribute
        1. The "goto" statement should not be used

           Code Smell
        2. "std::vector" should not be specialized with "bool"

           Code Smell
        3. Variables of array type should not be declared

           Code Smell
        4. "Unscoped enumerations" should not be declared

           Code Smell
        5. Functions with "limited visibility" should be "used" at least once

           Code Smell
        6. All variables should be initialized

           Code Smell
        7. Variables should be captured explicitly in a non-"transient lambda"

           Code Smell
        8. The "#" and "##" preprocessor operators should not be used

           Code Smell
        9. A "noexcept" function should not attempt to propagate an exception to the calling function

           Bug
        10. Classes should not be inherited virtually

           Code Smell
        11. A "declaration" should not declare more than one variable or member variable

           Code Smell
        12. There should be no unnamed namespaces in "header files"

           Code Smell
        13. A cast should not convert a pointer type to an integral type

           Code Smell
        14. The "declaration" of an object should contain no more than two levels of pointer indirection

           Code Smell
        15. The names of the "standard signed integer types" and "standard unsigned integer types" should not be used

           Code Smell
        16. "#include" directives should only be preceded by preprocessor directives or comments

           Code Smell
        17. Variables with "limited visibility" should be "used" at least once

           Code Smell

        The names of the "standard signed integer types" and "standard unsigned integer types" should not be used

        intentionality - clear
        maintainability
        reliability
        Code Smell
        • pitfall
        • misra-c++2023
        • misra-advisory

        Why is this an issue?

        More Info

        This rule is part of MISRA C++:2023.

        MISRA Rule 6.9.2

        Category: Advisory

        Analysis Type: Decidable,Single Translation Unit

        Amplification

        This rule applies to the names of integral types constructed using the keywords char, short, int, long, signed and unsigned (ignoring any cv-qualification). It does not apply to the use of plain char.

        Rationale

        It is implementation-defined how much storage is required for any object of the standard signed integer types or standard unsigned integer types. When the amount of storage being used is important, the use of types having specified widths makes it clear how much storage is being reserved for each object.

        The C++ Standard Library header file [1] <cstdint> often provides a suitable set of integer types having specified widths. If a project defines its own type aliases, it is good practice to use static_assert to validate any size assumptions. For example:

        using torque_t = unsigned short;
        
        static_assert( sizeof( torque_t ) >= 2 );
        

        Notes:

        • Compliance with this rule does not prevent integer promotion, which is influenced by the implemented size of int and the type used for an alias. For example, an expression of type int16_t will only be promoted if the aliased type has a rank lower than that of int. The presence or absence of integer promotion may have an influence on overload resolution.
        • Strong typing, which may be provided by class or enum types, is more robust than the use of type aliases to represent specific width types.

        Exception

        • The names of the standard signed integer types and standard unsigned integer types may be used to define a type alias.
        • The name int may be used for:
        • The parameter to a postfix operator, which must use that type; and
        • The return type of main; and
        • The argc parameter to main.

        Example

        #include <cstdint>
        
        int           x = 0;                     // Non-compliant - use of int
        int32_t       y = 0;                     // Compliant
        int_least32_t z = 0;                     // Compliant
        
        using torque_t = int;                    // Compliant by exception #1
        torque_t w = 0;
        
        class C
        {
        public:
          C  operator++( int );                  // Compliant by exception #2.1
        };
        
        int main() { }                           // Compliant by exception #2.2
        int main( int argc, char * argv[] ) { }  // Compliant by exception #2.2 and #2.3
        

        Glossary

        [1] Header file

        A header file is considered to be any file that is included during preprocessing (for example via the #include directive), regardless of its name or suffix.

        Copyright The MISRA Consortium Limited © 2023

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use