SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 24 rules found
performance
    Impact
      Clean code attribute
        1. "std::format" should be used instead of standard output manipulators

           Code Smell
        2. Concatenated "std::format" outputs should be replaced by a single invocation

           Code Smell
        3. Use conditional suspension to resume current coroutine

           Code Smell
        4. rvalue reference members should not be copied accidentally

           Code Smell
        5. "std::string_view" and "std::span" parameters should be directly constructed from sequences

           Code Smell
        6. Empty class members should be marked as "[[no_unique_address]]"

           Code Smell
        7. Transparent function objects should be used with associative "std::string" containers

           Code Smell
        8. "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"

           Code Smell
        9. Unnecessary expensive copy should be avoided when using auto as a placeholder type

           Code Smell
        10. "try_emplace" should be used with "std::map" and "std::unordered_map"

           Code Smell
        11. Heterogeneous sorted containers should only be used with types that support heterogeneous comparison

           Bug
        12. Objects should not be created solely to be passed as arguments to functions that perform delegated object creation

           Code Smell
        13. "std::filesystem::path" should be used to represent a file path

           Code Smell
        14. Emplacement should be preferred when insertion creates a temporary with sequence containers

           Code Smell
        15. Return type of functions shouldn't be const qualified value

           Code Smell
        16. "std::endl" should not be used

           Code Smell
        17. Capture by reference in lambdas used locally

           Code Smell
        18. "std::move" should not inhibit optimizations

           Code Smell
        19. Template parameters should be preferred to "std::function" when configuring behavior at compile time

           Code Smell
        20. Special member function should not be defined unless a non standard behavior is required

           Code Smell
        21. Member data should be initialized in-class or in a constructor initialization list

           Code Smell
        22. Bit fields should not be used

           Code Smell
        23. The prefix increment/decrement form should be used

           Code Smell
        24. Pass by reference to const should be used for large input parameters

           Code Smell

        Use conditional suspension to resume current coroutine

        intentionality - efficient
        maintainability
        Code Smell
        • performance
        • since-c++20

        Why is this an issue?

        More Info

        One of the use cases for the coroutines is suspending execution until certain conditions are satisfied (e.g. value is produced, flag/event is triggered). In some situations, the expected result may be already available at the point of the co_await/co_yield expression, and the execution can be resumed immediately.

        The C++ standard provides an efficient method to suspend the coroutine conditionally. The result of await_ready is used to determine whether a coroutine should be suspended. Returning true from this function avoids the cost of the coroutine suspension if it is not needed (e.g., the result is already available). Furthermore, the bool-returning version of await_suspend allows immediate resumption of the current coroutine in the case when false is returned (returning true indicates that the coroutine should remain suspended). Compared to symmetric transfer, this method provides better optimization opportunities, as the continuation code is known to the compiler - i.e., it is the code of the current coroutine, while in symmetric transfer the handle could point to an arbitrary coroutine.

        This rule raises an issue on await_suspend that can benefit from using conditional suspension.

        Noncompliant code example

        struct WaitForAwaiter {
          Event& event;
          /* .... */
          std::coroutine_handle<> await_suspend(std::coroutine_handle<> current) { // Noncompliant
            bool callback_registered = event.register_callback(current);
            if (!callback_registered) {
              return current;
            } else {
              return std::noop_coroutine();
            }
          }
        };
        
        struct ReadBytesAwaiter {
          Socket& socket;
          std::size_t count;
          std::span<std::byte> buffer;
          std::error_code error;
          /* .... */
          void await_suspend(std::coroutine_handle<> current) { // Noncompliant
            auto callback = [&error_store=error, current](std::error_code ec) {
              error_store = ec;
              current.resume();
            };
        
            auto ec = socket.async_read(buffer, count, callback);
            if (ec) {
              error = ec;
              current.resume();
            }
          }
        };
        

        Compliant solution

        struct WaitForAwaiter {
          Event& event;
          /* .... */
          bool await_ready() const {
            return event.is_already_triggered();
          }
          bool await_suspend(std::coroutine_handle<> current) {
            bool callback_registered = event.register_callback(current);
            return callback_registered;
          }
        };
        
        struct ReadBytesAwaiter {
          Socket& socket;
          std::size_t count;
          std::span<std::byte> buffer;
          std::error_code error;
          /* .... */
        
          bool await_ready() const {
            return false; // no way to query before suspension
          }
          bool await_suspend(std::coroutine_handle<> current) {
            auto callback = [&error_store=error, current](std::error_code ec) {
              error_store = ec;
              current.resume();
            };
        
            auto ec = socket.async_read(buffer, count, callback);
            if (ec) {
              error = ec;
              return false;
            }
        
            return true;
          }
        };
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.3

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use