SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 24 rules found
performance
    Impact
      Clean code attribute
        1. "std::format" should be used instead of standard output manipulators

           Code Smell
        2. Concatenated "std::format" outputs should be replaced by a single invocation

           Code Smell
        3. Use conditional suspension to resume current coroutine

           Code Smell
        4. rvalue reference members should not be copied accidentally

           Code Smell
        5. "std::string_view" and "std::span" parameters should be directly constructed from sequences

           Code Smell
        6. Empty class members should be marked as "[[no_unique_address]]"

           Code Smell
        7. Transparent function objects should be used with associative "std::string" containers

           Code Smell
        8. "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"

           Code Smell
        9. Unnecessary expensive copy should be avoided when using auto as a placeholder type

           Code Smell
        10. "try_emplace" should be used with "std::map" and "std::unordered_map"

           Code Smell
        11. Heterogeneous sorted containers should only be used with types that support heterogeneous comparison

           Bug
        12. Objects should not be created solely to be passed as arguments to functions that perform delegated object creation

           Code Smell
        13. "std::filesystem::path" should be used to represent a file path

           Code Smell
        14. Emplacement should be preferred when insertion creates a temporary with sequence containers

           Code Smell
        15. Return type of functions shouldn't be const qualified value

           Code Smell
        16. "std::endl" should not be used

           Code Smell
        17. Capture by reference in lambdas used locally

           Code Smell
        18. "std::move" should not inhibit optimizations

           Code Smell
        19. Template parameters should be preferred to "std::function" when configuring behavior at compile time

           Code Smell
        20. Special member function should not be defined unless a non standard behavior is required

           Code Smell
        21. Member data should be initialized in-class or in a constructor initialization list

           Code Smell
        22. Bit fields should not be used

           Code Smell
        23. The prefix increment/decrement form should be used

           Code Smell
        24. Pass by reference to const should be used for large input parameters

           Code Smell

        "std::endl" should not be used

        intentionality - efficient
        maintainability
        Code Smell
        • cppcoreguidelines
        • performance
        • bad-practice
        • clumsy

        Why is this an issue?

        More Info

        When injecting std::endl into an output stream, two things happen:

        • An end of line character '\n' is added to the stream
        • The stream is flushed

        In many situations, you don’t need the stream to be flushed: It takes some time, and additionally, the stream is also flushed automatically in several circumstances:

        • When the stream is closed
        • In the case of std::cout, each time an input is read on std::cin or an output is written on std::cerr
        • In the case of std::cerr, each output is immediately written, the is no need to flush

        Therefore, if your only goal is to add an end of line, '\n' is usually more efficient than std::endl. If you do want to flush, you can be explicit and inject std::flush into the stream, or call the flush member function on the stream.

        Noncompliant code example

        void f() {
          cout << "Hello world!" << endl << endl << "How are you?" << endl; // Noncompliant, 3 useless flushes
          string s;
          cin >> s;
          cout << "Starting long operation now..." << endl; // Noncompliant, flushing is useful, but not explicit enough
          longOperation();
          cout << "Long operation is done" << endl; // Noncompliant
        }
        

        Compliant solution

        void f() {
          cout << R"(Hello world!
        
        How are you?
        )" << endl;
          // Or
          cout << "Hello world!\n\nHow are you?\n";
          string s;
          cin >> s;
          cout << "Starting long operation now...\n" << flush;
          longOperation();
          cout << "Long operation is done\n";
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use