SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 62 rules found
since-c++11
    Impact
      Clean code attribute
        1. A single L in a literal suffix should only be used for long values

           Code Smell
        2. "static_assert" should be preferred to assert when the argument is a compile-time constant

           Code Smell
        3. Perfect forwarding constructors should be constrained

           Bug
        4. rvalue reference members should not be copied accidentally

           Code Smell
        5. "auto" should be used to store a result of functions that conventionally return an iterator or a range

           Code Smell
        6. "emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"

           Code Smell
        7. Unnecessary expensive copy should be avoided when using auto as a placeholder type

           Code Smell
        8. The right template argument should be specified for std::forward

           Code Smell
        9. Exception specifications should be treated as part of the type

           Code Smell
        10. Free functions should be preferred to member functions when accessing a container in a generic context

           Code Smell
        11. Objects should not be created solely to be passed as arguments to functions that perform delegated object creation

           Code Smell
        12. Emplacement should be preferred when insertion creates a temporary with sequence containers

           Code Smell
        13. "bind" should not be used

           Code Smell
        14. "std::initializer_list" constructor should not overlap with other constructors

           Code Smell
        15. Threads should not be detached

           Code Smell
        16. "shared_ptr" should not be taken by rvalue reference

           Code Smell
        17. Inheriting constructors should be used

           Code Smell
        18. "make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"

           Code Smell
        19. "auto" should be used to avoid repetition of types

           Code Smell
        20. Multiple mutexes should not be acquired with individual locks

           Code Smell
        21. Pointers or references obtained from aliased smart pointers should not be used as function parameters

           Code Smell
        22. "try_lock", "lock" and "unlock" should not be directly used for mutexes

           Code Smell
        23. Function parameters that are rvalue references should be moved

           Code Smell
        24. Capture by reference in lambdas used locally

           Code Smell
        25. "Forwarding references" parameters should be used only to forward parameters

           Code Smell
        26. "std::move" and "std::forward" should not be confused

           Bug
        27. "using" should be preferred for type aliasing

           Code Smell
        28. "std::move" should only be used where moving can happen

           Code Smell
        29. Functions that throw exceptions should not be used as hash functions

           Code Smell
        30. "constexpr" functions should not be declared "inline"

           Code Smell
        31. A call to "wait()" on a "std::condition_variable" should have a condition

           Bug
        32. "std::move" should not inhibit optimizations

           Code Smell
        33. Moved-from objects should not be relied upon

           Code Smell
        34. Functions which do not return should be declared as "noreturn"

           Code Smell
        35. Memory should not be managed manually

           Code Smell
        36. Facilities in <random> should be used instead of "srand", "rand" and "random_shuffle"

           Code Smell
        37. Lambdas that capture "this" should capture everything explicitly

           Code Smell
        38. Move and swap operations should be "noexcept"

           Code Smell
        39. Function parameters should not be of type "std::unique_ptr<T> const &"

           Code Smell
        40. "std::auto_ptr" should not be used

           Bug
        41. "nullptr" should be used to denote the null pointer

           Code Smell
        42. "auto" should not be used to deduce raw pointers

           Code Smell
        43. Local variables and member data should not be volatile

           Code Smell
        44. Destructors should be "noexcept"

           Bug
        45. Scoped enumerations should be used

           Code Smell
        46. "const" and "volatile" should not be used in "enum" declarations

           Code Smell
        47. Raw string literals should be used

           Code Smell
        48. "static" should not be used in unnamed namespaces

           Code Smell
        49. Default capture should not be used

           Code Smell
        50. "final" classes should not have "virtual" functions

           Code Smell
        51. Redundant lambda return types should be omitted

           Code Smell
        52. Special member function should not be defined unless a non standard behavior is required

           Code Smell
        53. "override" or "final" should be used instead of "virtual"

           Code Smell
        54. "final" classes should not have "protected" members

           Code Smell
        55. "final" should not be used redundantly

           Code Smell
        56. Lambdas should not be used

           Code Smell
        57. Lambdas should not have too many lines

           Code Smell
        58. A non-"transient lambda" shall not implicitly capture "this"

           Code Smell
        59. "Unscoped enumerations" should not be declared

           Code Smell
        60. "Forwarding references" and "std::forward" shall be used together

           Code Smell
        61. Variables should be captured explicitly in a non-"transient lambda"

           Code Smell
        62. "nullptr" shall be the only form of the "null-pointer-constant"

           Code Smell

        "static_assert" should be preferred to assert when the argument is a compile-time constant

        intentionality - efficient
        maintainability
        Code Smell
        Quick FixIDE quick fixes available with SonarQube for IDE
        • clumsy
        • since-c++11

        Why is this an issue?

        More Info

        Introduced in C++11, static_assert checks a precondition at compile-time and emits a diagnostic error message.

        For any condition that could be checked at compile-time, static_assert should be preferred to the C macro assert:

        • Because it is checked at compile-time, the maintainer changing the code is immediately warned when the condition breaks, as opposed to assert which will trigger only when the specific line is run, potentially by another person.
        • Because it is checked at compile-time, it is impossible to accidentally create a side-effect.
        • It cannot have a runtime performance cost.
        • Contrary to assert, it is not a macro and thus doesn’t have the same surprising behaviors like bad handling of commas or confusing error messages when it doesn’t compile.
        • It is designed to emit a customizable error message which will be useful to diagnose the error.
        template <class T>
        void testFunction(T t) {
          assert(sizeof(long) <= sizeof(long long) && "long long is smaller than long!"); // Noncompliant
          assert(std::is_integral_v<T> && "This template only works for integral types"); // Noncompliant
          assert(t > 0); // Compliant: only known at runtime
          // ...
        }
        
        template <class T>
        void testFunction(T t) {
          static_assert(sizeof(long) <= sizeof(long long), "long long is smaller than long!");
          static_assert(std::is_integral_v<T>, "This template only works for integral types");
          assert(t > 0); // Compliant: only known at runtime
          // ...
        }
        

        This rule doesn’t trigger for assertions that are false on purpose to stop the execution flow:

        [[noreturn]] void stop() {
          assert(false); // Compliant: Interrupting the runtime execution
          assert(!"We shouldn't reach this"); // Compliant: Interrupting the runtime execution
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          10.7

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use