Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 62 rules found

since-c++11

Impact

Clean code attribute

A single L in a literal suffix should only be used for long values
Code Smell
"static_assert" should be preferred to assert when the argument is a compile-time constant
Code Smell
Perfect forwarding constructors should be constrained
Bug
rvalue reference members should not be copied accidentally
Code Smell
"auto" should be used to store a result of functions that conventionally return an iterator or a range
Code Smell
"emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"
Code Smell
Unnecessary expensive copy should be avoided when using auto as a placeholder type
Code Smell
The right template argument should be specified for std::forward
Code Smell
Exception specifications should be treated as part of the type
Code Smell
Free functions should be preferred to member functions when accessing a container in a generic context
Code Smell
Objects should not be created solely to be passed as arguments to functions that perform delegated object creation
Code Smell
Emplacement should be preferred when insertion creates a temporary with sequence containers
Code Smell
"bind" should not be used
Code Smell
"std::initializer_list" constructor should not overlap with other constructors
Code Smell
Threads should not be detached
Code Smell
"shared_ptr" should not be taken by rvalue reference
Code Smell
Inheriting constructors should be used
Code Smell
"make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"
Code Smell
"auto" should be used to avoid repetition of types
Code Smell
Multiple mutexes should not be acquired with individual locks
Code Smell
Pointers or references obtained from aliased smart pointers should not be used as function parameters
Code Smell
"try_lock", "lock" and "unlock" should not be directly used for mutexes
Code Smell
Function parameters that are rvalue references should be moved
Code Smell
Capture by reference in lambdas used locally
Code Smell
"Forwarding references" parameters should be used only to forward parameters
Code Smell
"std::move" and "std::forward" should not be confused
Bug
"using" should be preferred for type aliasing
Code Smell
"std::move" should only be used where moving can happen
Code Smell
Functions that throw exceptions should not be used as hash functions
Code Smell
"constexpr" functions should not be declared "inline"
Code Smell
A call to "wait()" on a "std::condition_variable" should have a condition
Bug
"std::move" should not inhibit optimizations
Code Smell
Moved-from objects should not be relied upon
Code Smell
Functions which do not return should be declared as "noreturn"
Code Smell
Memory should not be managed manually
Code Smell
Facilities in <random> should be used instead of "srand", "rand" and "random_shuffle"
Code Smell
Lambdas that capture "this" should capture everything explicitly
Code Smell
Move and swap operations should be "noexcept"
Code Smell
Function parameters should not be of type "std::unique_ptr<T> const &"
Code Smell
"std::auto_ptr" should not be used
Bug
"nullptr" should be used to denote the null pointer
Code Smell
"auto" should not be used to deduce raw pointers
Code Smell
Local variables and member data should not be volatile
Code Smell
Destructors should be "noexcept"
Bug
Scoped enumerations should be used
Code Smell
"const" and "volatile" should not be used in "enum" declarations
Code Smell
Raw string literals should be used
Code Smell
"static" should not be used in unnamed namespaces
Code Smell
Default capture should not be used
Code Smell
"final" classes should not have "virtual" functions
Code Smell
Redundant lambda return types should be omitted
Code Smell
Special member function should not be defined unless a non standard behavior is required
Code Smell
"override" or "final" should be used instead of "virtual"
Code Smell
"final" classes should not have "protected" members
Code Smell
"final" should not be used redundantly
Code Smell
Lambdas should not be used
Code Smell
Lambdas should not have too many lines
Code Smell
A non-"transient lambda" shall not implicitly capture "this"
Code Smell
"Unscoped enumerations" should not be declared
Code Smell
"Forwarding references" and "std::forward" shall be used together
Code Smell
Variables should be captured explicitly in a non-"transient lambda"
Code Smell
"nullptr" shall be the only form of the "null-pointer-constant"
Code Smell

"static_assert" should be preferred to assert when the argument is a compile-time constant

intentionality - efficient

maintainability

Code Smell

Quick FixIDE quick fixes available with SonarQube for IDE

clumsy
since-c++11

Why is this an issue?

More Info

Introduced in C++11, static_assert checks a precondition at compile-time and emits a diagnostic error message.

For any condition that could be checked at compile-time, static_assert should be preferred to the C macro assert:

Because it is checked at compile-time, the maintainer changing the code is immediately warned when the condition breaks, as opposed to assert which will trigger only when the specific line is run, potentially by another person.
Because it is checked at compile-time, it is impossible to accidentally create a side-effect.
It cannot have a runtime performance cost.
Contrary to assert, it is not a macro and thus doesn’t have the same surprising behaviors like bad handling of commas or confusing error messages when it doesn’t compile.
It is designed to emit a customizable error message which will be useful to diagnose the error.

template <class T>
void testFunction(T t) {
  assert(sizeof(long) <= sizeof(long long) && "long long is smaller than long!"); // Noncompliant
  assert(std::is_integral_v<T> && "This template only works for integral types"); // Noncompliant
  assert(t > 0); // Compliant: only known at runtime
  // ...
}

template <class T>
void testFunction(T t) {
  static_assert(sizeof(long) <= sizeof(long long), "long long is smaller than long!");
  static_assert(std::is_integral_v<T>, "This template only works for integral types");
  assert(t > 0); // Compliant: only known at runtime
  // ...
}

This rule doesn’t trigger for assertions that are false on purpose to stop the execution flow:

[[noreturn]] void stop() {
  assert(false); // Compliant: Interrupting the runtime execution
  assert(!"We shouldn't reach this"); // Compliant: Interrupting the runtime execution
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
10.7

In-IDE

SaaS

Self-Hosted