Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 24 rules found

since-c++17

Impact

Clean code attribute

The optional init-statement in a control statements should only be used to declare variables
Code Smell
Assigning to an optional should directly target the optional
Bug
"try_emplace" should be used with "std::map" and "std::unordered_map"
Code Smell
"auto" should be used for non-type template parameter
Code Smell
Use "std::variant" instead of unions with non-trivial types.
Code Smell
"std::optional" member function "value_or" should be used
Code Smell
"std::byte" should be used when you need byte-oriented memory access
Code Smell
Inline variables should be used to declare global variables in header files
Code Smell
"if constexpr" should be preferred to overloading for metaprogramming
Code Smell
"[*this]" should be used to capture the current object by copy
Code Smell
"std::uncaught_exception" should not be used
Code Smell
"static_assert" with no message should be used over "static_assert" with empty or redundant message
Code Smell
Redundant class template arguments should not be used
Code Smell
"std::filesystem::path" should be used to represent a file path
Code Smell
"std::string_view" should be used to pass a read-only string to a function
Code Smell
Fold expressions should be used instead of recursive template instantiations
Code Smell
[[nodiscard]] should be used when the return value of a function should not be ignored
Code Smell
"as_const" should be used to make a value constant
Code Smell
Structured binding should be used
Code Smell
"if" and "switch" initializer should be used to reduce scope of variables
Code Smell
"std::visit" should be used to switch on the type of the current value in a "std::variant"
Code Smell
"std::scoped_lock" should be created with constructor arguments
Bug
"std::scoped_lock" should be used instead of "std::lock_guard"
Code Smell
Concise syntax should be used for concatenatable namespaces
Code Smell

"static_assert" with no message should be used over "static_assert" with empty or redundant message

consistency - conventional

maintainability

Code Smell

Quick FixIDE quick fixes available with SonarQube for IDE

since-c++17
clumsy

Why is this an issue?

C++11 introduced static_assert(expr, message) to check that the compile-time constant expression expr is true.

C++17 has made the second argument message optional. This rule flags occurrences of std::static_assert where the second argument message is empty or a substring of expr.

Noncompliant code example

template <class T>
T f(T i) {
  static_assert(std::is_integral<T>::value, ""); // Noncompliant: remove the empty string second argument.
  static_assert(std::is_integral<T>::value, "std::is_integral"); // Noncompliant: remove the redundant second argument.
  // ...
}

Compliant solution

template <class T>
T f(T i) {
  static_assert(std::is_integral<T>::value); // Compliant
  static_assert(std::is_integral<T>::value, "Integral required"); // Compliant
  // ...
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted