Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
Go
HTML
Java
JavaScript
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 118 rules found

pitfall

Impact

Clean code attribute

Macro arguments should not contain preprocessing directives
Bug
A call to "wait()" on a "std::condition_variable" should have a condition
Bug
"goto" should jump to labels declared later in the same function
Code Smell
The name "main" should not be used for any function other than the global "main" function
Code Smell
Use "std::variant" instead of unions with non-trivial types.
Code Smell
A single statement should not have more than one resource allocation
Code Smell
Array indices should be placed between brackets
Code Smell
Comparison operators should not be virtual
Code Smell
Assignment operators should not be "virtual"
Code Smell
"goto" statements should not be used to jump into blocks
Code Smell
Context-sensitive keywords should not be used as identifiers
Code Smell
Control should not be transferred into a complex logic block using a "goto" or a "switch" statement
Code Smell
Coroutines should have well-defined exception behavior
Bug
Member variables should be initialized
Bug
Functions should not be defined with a variable number of arguments
Code Smell
Use discriminated unions or "std::variant"
Code Smell
Multiple mutexes should not be acquired with individual locks
Code Smell
"try_lock", "lock" and "unlock" should not be directly used for mutexes
Code Smell
Non-const global variables should not be used
Code Smell
Logical operators should not be confused with bitwise operators
Code Smell
The addresses of standard library functions should not be taken
Code Smell
Lambdas that capture "this" should capture everything explicitly
Code Smell
Exceptions should not be thrown in "noexcept" functions
Code Smell
Member variables should not be "protected"
Code Smell
Classes should have regular copy and move semantic
Code Smell
Standard groupings should be used with digit separators
Code Smell
Control characters should not be used in literals
Code Smell
The sign of an unsigned variable should not be tested
Code Smell
Virtual functions should not be called from constructors or destructors
Code Smell
Pure "virtual" functions should not override non-pure "virtual" functions
Code Smell
Well-defined type-punning method should be used instead of a union-based one
Bug
"std::cmp_*" functions should be used to compare unsigned values with negative values
Bug
Class members should not be initialized with dangling references
Bug
Conditionally executed code should be reachable
Bug
Related "if/else if" statements should not have the same condition
Bug
If a function has internal linkage then all re-declarations shall include the static storage class specifer
Code Smell
"std::views::as_const" should be used to prevent modifying range elements
Code Smell
"std::stringstream" or "std::spanstream" should be used instead of "std::strstream"
Code Smell
The underlying value of an enum should be accessed through "to_underlying"
Code Smell
The optional init-statement in a control statements should only be used to declare variables
Code Smell
Use symmetric transfer to switch execution between coroutines
Code Smell
rvalue reference members should not be copied accidentally
Code Smell
Comparision operators ("<=>", "==") should be defaulted unless non-default behavior is required
Code Smell
Function template parameters should be named if reused
Code Smell
Redundant comparison operators should not be defined
Code Smell
"std::bit_cast" should be used to reinterpret binary representation instead of "std::memcpy"
Code Smell
Designated initializers should be used in their C++ compliant form
Code Smell
The right template argument should be specified for std::forward
Code Smell
Exception specifications should be treated as part of the type
Code Smell
"std::byte" should be used when you need byte-oriented memory access
Code Smell
"[*this]" should be used to capture the current object by copy
Code Smell
Member functions that don't mutate their objects should be declared "const"
Code Smell
Function parameters that are rvalue references should be moved
Code Smell
Classes should not contain both public and private data members
Code Smell
Keywords shall not be used as macros identifiers
Code Smell
Include directives should not rely on non-portable search strategy
Code Smell
"#include" paths should be portable
Code Smell
"reinterpret_cast" should not be used
Code Smell
"static" members should be accessed statically
Code Smell
Variables should not be shadowed
Code Smell
Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments
Code Smell
Header files should not contain unnamed namespaces
Code Smell
Literal suffix "L" for long integers shall be upper case
Code Smell
"std::midpoint" and "std::lerp" should be used for midpoint computation and linear interpolation
Code Smell
Macros should not be used as replacements for "typedef" and "using"
Code Smell
Alternative operators should not be used
Code Smell
Scoped enumerations should be used
Code Smell
Tokens that look like a preprocessing directive shall not occur within a macro argument
Bug
Bit fields should not be used
Code Smell
Octal values should not be used
Code Smell
The identifier "main" shall not be used for a function other than the global function "main"
Code Smell
The "goto" statement shall jump to a label declared later in the function body
Code Smell
Dynamic heap memory allocation should not be used
Bug
An exception object shall not have pointer type
Bug
"setjmp" and "longjmp" should not be used
Code Smell
Macros should not be #define'd or #undef'd within a block
Code Smell
Array type function arguments should not decay to pointers
Code Smell
Object declarations should contain no more than 2 levels of pointer indirection
Code Smell
Recursion should not be used
Code Smell
Constants of unsigned type should have a "U" suffix
Code Smell
Functions should not have more than one argument of type "bool"
Code Smell
Virtual functions should not have default arguments
Code Smell
Octal and hexadecimal escape sequences should be terminated
Code Smell
Preprocessor directives should not be indented
Code Smell
"switch" statements should not be nested
Code Smell
Control structures should use curly braces
Code Smell
A non-"transient lambda" shall not implicitly capture "this"
Code Smell
"Advanced memory management" shall not be used
Code Smell
"Forwarding references" and "std::forward" shall be used together
Code Smell
The macro "offsetof" shall not be used
Code Smell
The standard "header file" "<csetjmp>" shall not be used
Code Smell
An "empty throw" shall only occur within the "compound-statement" of a "catch handler"
Code Smell
The "declaration" of an object should contain no more than two levels of pointer indirection
Code Smell
Function-like macros shall not be defined
Code Smell
Unsigned "integer literals" shall be appropriately suffixed
Code Smell
A named bit-field with "signed integer type" shall not have a length of one bit
Bug
C-style and functional notation casts should not be used
Code Smell
All the elements of an aggregate should be provided with an initial value
Code Smell
The order for arguments of the same type in a function call should be obvious
Code Smell
A "struct" should not have member functions
Code Smell
"::" operator should be used to access global variables and functions
Code Smell
"for" loop stop conditions should be invariant
Code Smell
The character handling functions from "<cctype>" and "<cwctype>" shall not be used
Code Smell
An "integer-literal" of type "long long" shall not use a single "L" or "l" in any suffix
Code Smell
An object shall not be used while in a "potentially moved-from state"
Code Smell
Variables should be captured explicitly in a non-"transient lambda"
Code Smell
There should be no unnamed namespaces in "header files"
Code Smell
The "address-of" operator shall not be overloaded
Code Smell
The loop-counter should be modified by one of: --, ++, -=n, or +=n; where n remains constant for the duration of the loop
Code Smell
"std::cmp_*" functions should be used to compare signed and unsigned values
Code Smell
Local variables should be initialized immediately
Code Smell
"using-directives" should not be used
Code Smell
"std::vector" should not be specialized with "bool"
Code Smell
The "setlocale" and "std::locale::global" functions shall not be called
Code Smell
"Unscoped enumerations" should not be declared
Code Smell
All variables should be initialized
Code Smell
C-style casts and "functional notation" casts shall not be used
Code Smell
The names of the "standard signed integer types" and "standard unsigned integer types" should not be used
Code Smell

All variables should be initialized

consistency - conventional

maintainability

Code Smell

MinorSonarSource default severity
click to learn more

pitfall
misra-c++2023
misra-advisory

Why is this an issue?

More Info

This is a draft version of a MISRA C++ 202x rule proposed for public review.

MISRA Rule 11.6.1

Category: Advisory

Analysis Type: Decidable,Single Translation Unit

Amplification

All variables should either be explicitly or implicitly initialized.

Apart from the following, all variables should be explicitly initialized with an associated initializer in their definition:

Variables of a class type, or
Function parameters (which are initialized with the corresponding argument value), or
Variables with static storage duration (which are zero-initialized by default).

Rationale

Having several states within a program increases the risk of defects being introduced. Each variable that is first uninitialized, then set to a value creates two program states. It is therefore better to initialize the variable directly to a value that is to be used. The intent of this rule is not that each variable is initialized with some value, but that it is initialized with its real value; the one that will be used when the variable is next read.

In order to achieve this, the variable definition can be delayed until the "right" value is available. This naturally leads to reducing the variable’s scope, reducing the risk of the variable being used inappropriately. An immediately evaluated lambda can be used to compute a value when a variable’s initialization is more complex.

In many cases, initializing the variable within its definition allows it to be a constant definition.

Note: there are many ways to explicitly initialize a variable. When possible, the list-initialization syntax (with curly braces) should be used as it does not suffer from the issues that arise from the use of other syntactic forms (e.g. narrowing or declaring a function while trying to define a variable, aka "the most vexing parse").

Example

void f( bool cond )
{
  int32_t i;                        // Non-compliant

  if ( cond ) { i =  42; }
  else        { i = -1;  }

  int32_t j = cond ? 42 : -1;       // Compliant
  int32_t k = [&]()                 // Compliant
    {
      if ( cond ) { return 42; }
      else        { return -1; }
    }();

  string s;                         // Compliant - default-initialized
}

int32_t g;                          // Compliant - static initialization applies

void f()
{
  thread_local int32_t i;           // Compliant - static initialization applies
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted