SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 24 rules found
performance
    Impact
      Clean code attribute
        1. "std::format" should be used instead of standard output manipulators

           Code Smell
        2. Concatenated "std::format" outputs should be replaced by a single invocation

           Code Smell
        3. Use conditional suspension to resume current coroutine

           Code Smell
        4. rvalue reference members should not be copied accidentally

           Code Smell
        5. "std::string_view" and "std::span" parameters should be directly constructed from sequences

           Code Smell
        6. Empty class members should be marked as "[[no_unique_address]]"

           Code Smell
        7. Transparent function objects should be used with associative "std::string" containers

           Code Smell
        8. "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"

           Code Smell
        9. Unnecessary expensive copy should be avoided when using auto as a placeholder type

           Code Smell
        10. "try_emplace" should be used with "std::map" and "std::unordered_map"

           Code Smell
        11. Heterogeneous sorted containers should only be used with types that support heterogeneous comparison

           Bug
        12. Objects should not be created solely to be passed as arguments to functions that perform delegated object creation

           Code Smell
        13. "std::filesystem::path" should be used to represent a file path

           Code Smell
        14. Emplacement should be preferred when insertion creates a temporary with sequence containers

           Code Smell
        15. Return type of functions shouldn't be const qualified value

           Code Smell
        16. "std::endl" should not be used

           Code Smell
        17. Capture by reference in lambdas used locally

           Code Smell
        18. "std::move" should not inhibit optimizations

           Code Smell
        19. Template parameters should be preferred to "std::function" when configuring behavior at compile time

           Code Smell
        20. Special member function should not be defined unless a non standard behavior is required

           Code Smell
        21. Member data should be initialized in-class or in a constructor initialization list

           Code Smell
        22. Bit fields should not be used

           Code Smell
        23. The prefix increment/decrement form should be used

           Code Smell
        24. Pass by reference to const should be used for large input parameters

           Code Smell

        Pass by reference to const should be used for large input parameters

        intentionality - efficient
        maintainability
        Code Smell
        Quick FixIDE quick fixes available with SonarQube for IDE
        • cppcoreguidelines
        • performance

        Why is this an issue?

        More Info

        To pass an input parameter to a function, there are two possibilities: pass by value, or pass by reference to const. Which one is best depends of the size of the object, which is an indicator of the cost to copy it. A small one, with cheap copy constructors, should be passed by value, while a larger one should be passed by reference to const.

        This rule detects when a parameter has been passed by value, while it should have been passed by reference to const:

        • Because it is too large
        • Because it contains virtual functions and passing it by value will slice the extra members if you happen to pass an object of a derived class.

        In some cases, you may want to pass by value a large object, if you modify it in the function but you don’t want the initial object to be impacted by these changes. We do not detect such a situation, which will be a false positive.

        There are other ways to pass input parameters for sinks (for instance by rvalue references), but this rule is only about the choice between pass by value and pass by reference to const.

        Noncompliant code example

        struct Student {string firstName; string lastName; Date birthDate;};
        class XmlNode {
          virtual ~XmlNode();
          virtual string toString();
        };
        void registerStudent(School &school, Student p); // Noncompliant, Student is a large object
        void dump(ostream &out, XmlNode node); // Noncompliant, XmlNode is a polymorphic type
        

        Compliant solution

        struct Student {string firstName; string lastName; Date birthDate;};
        class XmlNode {
          virtual ~XmlNode();
          virtual string toString();
        };
        void registerStudent(School &school, Student const & p); // Compliant, avoids useless copy
        void dump(ostream &out, XmlNode const &node); // Compliant, no slicing
        

        Exceptions

        This rule does not flag large objects passed by value to coroutines because passing arguments by reference to a coroutine often leads to dangling references, e.g., after suspension and resumpion of the coroutine.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use