SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 17 rules found
misra-advisory
    Impact
      Clean code attribute
        1. The "goto" statement should not be used

           Code Smell
        2. "std::vector" should not be specialized with "bool"

           Code Smell
        3. Variables of array type should not be declared

           Code Smell
        4. "Unscoped enumerations" should not be declared

           Code Smell
        5. Functions with "limited visibility" should be "used" at least once

           Code Smell
        6. All variables should be initialized

           Code Smell
        7. Variables should be captured explicitly in a non-"transient lambda"

           Code Smell
        8. The "#" and "##" preprocessor operators should not be used

           Code Smell
        9. A "noexcept" function should not attempt to propagate an exception to the calling function

           Bug
        10. Classes should not be inherited virtually

           Code Smell
        11. A "declaration" should not declare more than one variable or member variable

           Code Smell
        12. There should be no unnamed namespaces in "header files"

           Code Smell
        13. A cast should not convert a pointer type to an integral type

           Code Smell
        14. The "declaration" of an object should contain no more than two levels of pointer indirection

           Code Smell
        15. The names of the "standard signed integer types" and "standard unsigned integer types" should not be used

           Code Smell
        16. "#include" directives should only be preceded by preprocessor directives or comments

           Code Smell
        17. Variables with "limited visibility" should be "used" at least once

           Code Smell

        All variables should be initialized

        consistency - conventional
        maintainability
        Code Smell
        • pitfall
        • misra-c++2023
        • misra-advisory

        Why is this an issue?

        More Info

        This rule is part of MISRA C++:2023.

        MISRA Rule 11.6.1

        Category: Advisory

        Analysis Type: Decidable,Single Translation Unit

        Amplification

        All variables should either be explicitly or implicitly initialized.

        Apart from the following, all variables should be explicitly initialized with an associated initializer in their definition:

        • Variables of class type, or
        • Function parameters (which are initialized with the corresponding argument value), or
        • Variables with static storage duration (which are zero-initialized by default).

        Rationale

        Having several states within a program increases the risk of defects being introduced. Each variable that is first uninitialized, then set to a value creates two program states. It is therefore better to initialize the variable directly to a value that is to be used. The intent of this rule is not that each variable is initialized with some value, but that it is initialized with its real value; the one that will be used when the variable is next read.

        In order to achieve this, the variable definition can be delayed until the "right" value is available. This naturally leads to reducing the variable’s scope, reducing the risk of the variable being used inappropriately. An immediately evaluated lambda can be used to compute a value when a variable’s initialization is more complex.

        In many cases, initializing the variable within its definition allows it to be a constant definition.

        Note: there are many ways to explicitly initialize a variable. When possible, the list-initialization syntax (with curly braces) should be used as it does not suffer from the issues that arise from the use of other syntactic forms (e.g. narrowing or declaring a function while trying to define a variable, also known as "the most vexing parse").

        Example

        void f( bool cond )
        {
          int32_t i;                        // Non-compliant
        
          if ( cond ) { i =  42; }
          else        { i = -1;  }
        
          int32_t j = cond ? 42 : -1;       // Compliant
          int32_t k = [&]()                 // Compliant
            {
              if ( cond ) { return 42; }
              else        { return -1; }
            }();
        
          string s;                         // Compliant - default-initialized
        }
        
        int32_t g;                          // Compliant - static initialization applies
        
        void f()
        {
          thread_local int32_t i;           // Compliant - static initialization applies
        }
        

        Copyright The MISRA Consortium Limited © 2023

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use