Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 124 rules found

misra-required

Impact

Clean code attribute

"Predicates" shall not have "persistent side effects"
Bug
The C++ Standard Library functions "memcpy", "memmove" and "memcmp" from "<cstring>" shall not be used
Code Smell
A function call shall not violate the function's preconditions
Bug
The character handling functions from "<cctype>" and "<cwctype>" shall not be used
Code Smell
An "integer-literal" of type "long long" shall not use a single "L" or "l" in any suffix
Code Smell
The literal value zero shall be the only value assigned to "errno"
Code Smell
A non-"transient lambda" shall not implicitly capture "this"
Code Smell
There shall be no occurrence of "undefined" or "critical unspecified behaviour"
Bug
User-defined identifiers shall have an appropriate form
Code Smell
A "for-range-initializer" shall contain at most one function call
Bug
"Global variables" shall not be used
Code Smell
The "volatile" qualifier shall be used appropriately
Bug
"Assignment" between numeric types shall be appropriate
Code Smell
"Integral promotion" and the "usual arithmetic conversions" shall not change the signedness or the "type category" of an operand
Code Smell
The operands of "bitwise operators" and "shift operators" shall be appropriate
Bug
There shall be no conversion to type "bool"
Code Smell
There shall be no conversion from type "bool"
Code Smell
The numerical value of a character shall not be used
Code Smell
"Special member functions" shall be provided appropriately
Code Smell
The argument to a "mixed-use macro parameter" shall not be subject to further expansion
Code Smell
An "object pointer type" shall not be cast to an integral type other than "std::uintptr_t" or "std::intptr_t"
Code Smell
The library function "system" from "<cstdlib>" shall not be used
Vulnerability
"Exception-unfriendly" functions shall be "noexcept"
Code Smell
An object shall not be accessed outside of its lifetime
Bug
A function declared with the "[[noreturn]]" attribute shall not return
Bug
If a project defines either a sized or unsized version of a global "operator delete", then both shall be defined
Bug
The "setlocale" and "std::locale::global" functions shall not be called
Code Smell
"User-provided" "copy assignment operators" and "move assignment operators" shall handle self-assignment
Code Smell
"User-declared" member functions shall use the "virtual", "override" and "final" specifiers appropriately
Code Smell
Derived classes shall not "conceal" functions that are inherited from their bases
Code Smell
A class shall only define an "initializer-list constructor" when it is the only constructor
Code Smell
An "explicit type conversion" shall not be an "expression statement"
Bug
"Advanced memory management" shall not be used
Code Smell
Reads and writes on the same file stream shall be separated by a positioning operation
Bug
An argument passed via ellipsis shall have an appropriate type
Bug
Line-splicing shall not be used in "//" comments
Bug
A pointer to an incomplete "class" type shall not be deleted
Bug
Octal escape sequences, hexadecimal escape sequences and universal character names shall be terminated
Code Smell
The result of "std::remove", "std::remove_if", "std::unique" and "empty" shall be "used"
Bug
An object shall not be used while in a "potentially moved-from state"
Code Smell
"Forwarding references" and "std::forward" shall be used together
Code Smell
The argument to "std::move" shall be a non-const "lvalue"
Code Smell
Dynamic memory shall be managed automatically
Code Smell
An enumeration shall be defined with an explicit underlying type
Code Smell
The "assert" macro shall not be used with a "constant-expression"
Code Smell
A comparison of a "potentially virtual" pointer to member function shall only be with "nullptr"
Bug
Local variables shall not have static storage duration
Code Smell
The C Library input/output functions shall not be used
Code Smell
The facilities provided by the standard "header file" "<csignal>" shall not be used
Code Smell
The macro "offsetof" shall not be used
Code Smell
The "string handling functions" from "<cstring>", "<cstdlib>", "<cwchar>" and "<cinttypes>" shall not be used
Code Smell
The library functions "atof", "atoi", "atol" and "atoll" from "<cstdlib>" shall not be used
Bug
The standard "header file" "<csetjmp>" shall not be used
Code Smell
A macro parameter immediately following a "#" operator shall not be immediately followed by a "##" operator
Code Smell
The "#include" directive shall be followed by either a "<filename>" or ""filename"" sequence
Bug
The "'" or """ or "\" characters and the "/*" or "//" character sequences shall not occur in a "header file" name
Bug
Precautions shall be taken in order to prevent the contents of a "header file" being included more than once
Code Smell
All "#else", "#elif" and "#endif" preprocessor directives shall reside in the same file as the "#if", "#ifdef" or "#ifndef" directive to which they are related
Code Smell
The "defined" preprocessor operator shall be used appropriately
Bug
An exception of "class" type shall be caught by "const" reference or reference
Bug
Handlers for a "function-try-block" of a constructor or destructor shall not refer to non-static members from their class or its bases
Bug
An "empty throw" shall only occur within the "compound-statement" of a "catch handler"
Code Smell
An exception object shall not have pointer type
Bug
Function templates shall not be explicitly specialized
Code Smell
A name that is present in a dependent base shall not be resolved by unqualified lookup
Code Smell
Conversion operators and constructors that are callable with a single argument shall be "explicit"
Code Smell
An object's dynamic type shall not be used from within its constructor or destructor
Code Smell
An accessible base class shall not be both virtual and non-virtual in the same hierarchy
Bug
A named bit-field with "signed integer type" shall not have a length of one bit
Bug
A bit-field shall have an appropriate type
Code Smell
The "union" keyword shall not be used
Code Smell
Within an enumerator list, the value of an implicitly-specified "enumeration constant" shall be unique
Code Smell
A conversion from function type to pointer-to-function type shall only occur in appropriate contexts
Code Smell
A function with non-"void" return type shall return a value on all paths
Bug
The parameters in all "declarations" or overrides of a function shall either be unnamed or have identical names
Code Smell
The features of "<cstdarg>" shall not be used
Code Smell
Parameters in an overriding virtual function shall not specify different default arguments
Code Smell
Functions shall not call themselves, either directly or indirectly
Code Smell
An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime
Code Smell
The "asm" declaration shall not be used
Code Smell
The identifier "main" shall not be used for a function other than the global function "main"
Code Smell
The "goto" statement shall jump to a label declared later in the function body
Code Smell
A "goto" statement shall reference a label in a surrounding block
Code Smell
The structure of a "switch" statement shall be appropriate
Code Smell
All "if ... else if" constructs shall be terminated with an "else" statement
Code Smell
The body of an "iteration-statement" or a "selection-statement" shall be a "compound-statement"
Code Smell
The operand to "typeid" shall not be an expression of polymorphic class type
Code Smell
The "address-of" operator shall not be overloaded
Code Smell
An array passed as a function argument shall not decay to a pointer
Code Smell
The logical AND and logical OR operators shall not be overloaded
Code Smell
An object with integral, enumerated, or pointer to "void" type shall not be cast to a pointer type
Code Smell
"reinterpret_cast" shall not be used
Code Smell
Casts shall not be performed between a pointer to function and any other type
Bug
A cast shall not remove any "const" or "volatile" qualification from the type accessed via a pointer or by reference
Code Smell
C-style casts and "functional notation" casts shall not be used
Code Smell
A virtual base class shall only be cast to a derived class by means of "dynamic_cast"
Bug
The built-in relational operators ">", ">=", "<" and "<=" shall not be applied to objects of pointer type, except where they point to elements of the same array
Bug
Subtraction between pointers shall only be applied to pointers that address elements of the same array
Bug
Pointer arithmetic shall not form an invalid pointer
Bug
Operations on a memory location shall be sequenced appropriately
Bug
"nullptr" shall be the only form of the "null-pointer-constant"
Code Smell
The numeric value of an "unscoped enumeration" with no fixed "underlying type" shall not be used
Code Smell
The same type aliases shall be used in all "declarations" of the same "entity"
Code Smell
The source code used to implement an "entity" shall appear only once
Bug
The "one-definition rule" shall not be violated
Bug
All "declarations" of a variable or function shall have the same type
Bug
Block scope "declarations" shall not be "visually ambiguous"
Code Smell
A "header file" shall not contain definitions of functions or objects that are non-inline and have external linkage
Code Smell
A line whose first token is "#" shall be a valid preprocessing directive
Bug
All identifiers used in the controlling expression of "#if" or "#elif" preprocessing directives shall be defined prior to evaluation
Bug
Parentheses shall be used to ensure macro arguments are expanded appropriately
Code Smell
Tokens that look like a preprocessing directive shall not occur within a macro argument
Bug
Function-like macros shall not be defined
Code Smell
String literals with different encoding prefixes shall not be concatenated
Bug
The lowercase form of "L" shall not be used as the first character in a literal suffix
Code Smell
Unsigned "integer literals" shall be appropriately suffixed
Code Smell
Octal constants shall not be used
Code Smell
Within character literals and non raw-string literals, "\" shall only be used to form a defined escape sequence or universal character name
Bug
A variable declared in an "inner scope" shall not hide a variable declared in an "outer scope"
Code Smell
The character sequence "/*" shall not be used within a C-style comment
Code Smell
A program shall conform to ISO/IEC 14882:2017 (C++17)
Code Smell
A named function parameter shall be "used" at least once
Code Smell
The value returned by a function shall be "used"
Code Smell
A function shall not contain "unreachable" statements
Bug

Pointer arithmetic shall not form an invalid pointer

intentionality - logical

reliability

Bug

unpredictable
symbolic-execution
misra-c++2023
misra-required

Why is this an issue?

More Info

This rule is part of MISRA C++:2023.

Usage of this content is governed by Sonar’s terms and conditions. Redistribution is prohibited.

Rule 8.7.1 - Pointer arithmetic shall not form an invalid pointer

[expr.add] Undefined 4

Category: Required

Analysis: Undecidable,System

Amplification

This rule applies to all forms of pointer arithmetic, including array indexing:

integer_expression + pointer_expression
pointer_expression + integer_expression
pointer_expression - integer_expression
pointer_expression += integer_expression
pointer_expression -= integer_expression
++pointer_expression
--pointer_expression
pointer_expression++
pointer_expression--
pointer_expression [ integer_expression ]
integer_expression [ pointer_expression ]

A pointer resulting from pointer arithmetic is invalid if it does not point to:

An element of the same array as the original pointer; or
One past the end of the same array as the original pointer.

This rule also applies to pointer arithmetic that occurs within the C++ Standard Library functions. In addition, it is assumed that the implementation of the functions listed below perform pointer arithmetic on their pointer parameters:

memchr, memcmp, memcpy, memmove, memset, strncat, strncmp, strncpy, strxfrm

Note: a pointer to an object that is not an array is treated as if it were a pointer to the first element of an array with a single element.

Rationale

Undefined behaviour occurs if the result obtained from one of the above expressions is not a pointer to an element of the array pointed to by pointer_expression, or a pointer to one beyond the end of that array.

Note: dereferencing an invalid pointer, including a pointer to one past the end of an array, results in undefined behaviour — this is targeted by M23_393: MISRA C++ 2023 Rule 4.1.3.

Example

int32_t * f1( int32_t * const a1, int32_t a2[ 10 ], int32_t ( &a3 )[ 10 ] )
{
  a1[ 3 ] = 0;                  // Compliant only if the array pointed
                                // to by 'a1' has at least 4 elements

  *( a2 + 9 ) = 0;              // Compliant only if the array pointed
                                // to by 'a2' has at least 10 elements

  return a3 + 9;                // Compliant
}

void f2()
{
  int32_t a1[ 10 ] = { };

  int32_t * p1 = &a1[  0 ];     // Compliant
  int32_t * p2 = a1 + 10;       // Compliant - points to one beyond and
  int32_t    i = *p2;           //             dereferencing is undefined behaviour
  int32_t * p3 = a1 + 11;       // Non-compliant - points to two beyond, resulting
                                //                 in undefined behaviour

  p1++;                         // Compliant
  a1[ -1 ] = 0;                 // Non-compliant - exceeding array bounds results
                                //                 in undefined behaviour
  i = *( &i + 0 );              // Compliant     - 'i' is treated as an array
                                //                 of size 1

  // This declaration has 6 arrays:
  //   1 array of 5 elements of type array of int32_t
  //   5 arrays of 2 elements of type int32_t
  int32_t a2[ 5 ][ 2 ] = { };

  a2[ 3 ][ 1 ] = 0;             // Compliant
  i = *( *( a2 + 3 ) + 1 );     // Compliant
  i = a2[ 2 ][ 3 ];             // Non-compliant - exceeding array bounds results
                                //                 in undefined behaviour

  int32_t * p4 = a2[ 1 ];       // Compliant

  i = p4[ 1 ];                  // Compliant - p4 addresses an array of size 2
}

The following example illustrates pointer arithmetic applied to members of a structure. Because each member is an object in its own right, this rule prevents the use of pointer arithmetic to move from one member to the next.

struct
{
  uint16_t x;
  uint16_t y;
  uint16_t a[ 10 ];
} s;

void f3()
{
  uint16_t * p { &s.x };

  ++p;                          // Compliant - p points one past the end of s.x,
                                //   but this cannot be assumed to point to s.y
  *p = 0;                       //   and dereferencing is undefined behaviour

  ++p;                          // Non-compliant - more than one past the end


  p = &s.a[ 0 ];                // Compliant     - p points into s.a
  p = p + 8;                    // Compliant     - p still points into s.a
  p = p + 3;                    // Non-compliant - more than one past the end
}

The following example shows that the implicit pointer arithmetic within library functions can lead to accesses beyond the end of an array:

uint8_t buf1[ 5 ] = { 1, 2, 3, 4, 5 };
uint8_t buf2[ 7 ] = { 1, 2, 3, 4, 5, 6, 7 };

void f4()
{
  if ( std::memcmp( buf1, buf2, 5 ) == 0 ) {}    // Compliant
  if ( std::memcmp( buf1, buf2, 7 ) == 0 ) {}    // Non-compliant

  auto p1 = std::next( buf1, 3 );                // Compliant
  auto p2 = std::next( buf1, 7 );                // Non-compliant
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted