Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 58 rules found

since-c++20

Impact

Clean code attribute

Aggregates should be initialized with braces in non-generic code
Code Smell
Coroutines should have well-defined exception behavior
Bug
"constexpr" literal operators should be "consteval".
Code Smell
"std::format" should be used instead of standard output manipulators
Code Smell
C++ formatting functions should be used instead of C printf-like functions
Code Smell
The result of "make_format_args" should be passed directly as an argument
Bug
Use "std::format" rather than "std::vformat" when the format string is known at compile time
Code Smell
"std::format" numeric types should be 0-padded using the numerical padding and not the character padding
Bug
Arguments corresponding to width and precision formatting options should be integers
Bug
Calls to "std::format" with a locale should use the "L" flag
Code Smell
"std::format" should not have unused arguments
Code Smell
"std::format" should not be missing indexes
Bug
Concatenated "std::format" outputs should be replaced by a single invocation
Code Smell
Width, alignment, and padding format options should be used consistently
Code Smell
Explicit argument indexing in "std::format" should be used only for non-trivial ordering
Code Smell
Generic iterator-based algorithms should be constrained
Code Smell
"std::declval" should not be used within requires-expression
Code Smell
Template should not be constrained with ad-hoc requires-expression
Code Smell
Type-constraints should not be used for forwarding reference parameters
Bug
Requires-expression should not contain unevaluated concept checks or type predicates
Bug
Use type-erased "coroutine_handle" when applicable
Code Smell
Coroutine should have co_return on each execution path or provide return_void
Bug
Thread local variables should not be used in coroutines
Code Smell
Use conditional suspension to resume current coroutine
Code Smell
Use symmetric transfer to switch execution between coroutines
Code Smell
"std::string_view" and "std::span" parameters should be directly constructed from sequences
Code Smell
Comparision operators ("<=>", "==") should be defaulted unless non-default behavior is required
Code Smell
"std::chrono" components should be used to operate on time
Code Smell
"std::has_single_bit" should be used to test if an integer is a power of two
Code Smell
Empty class members should be marked as "[[no_unique_address]]"
Code Smell
"std::to_address" should be used to convert iterators to raw pointers
Code Smell
"[[nodiscard]]" attributes on types should include explanations
Code Smell
Concept names should comply with a naming convention
Code Smell
"std::cmp_*" functions should be used to compare unsigned values with negative values
Bug
STL constrained algorithms with range parameter should be used when iterating over the entire range
Code Smell
"std::enable_if" should not be used
Code Smell
Cognitive Complexity of coroutines should not be too high
Code Smell
Coroutine names should comply with a naming convention
Code Smell
Cyclomatic Complexity of coroutines should not be too high
Code Smell
"std::source_location" should be used instead of "__FILE__", "__LINE__", and "__func__" macros
Code Smell
Function template parameters should be named if reused
Code Smell
"std::span" should be used for a uniform sequence of elements contiguous in memory
Code Smell
Operator spaceship "<=>" should be used to define comparable types
Code Smell
Redundant comparison operators should not be defined
Code Smell
"std::format" should be used instead of string concatenation and "std::to_string"
Code Smell
Coroutines should not have too many lines of code
Code Smell
"std::cmp_*" functions should be used to compare signed and unsigned values
Code Smell
"std::bit_cast" should be used to reinterpret binary representation instead of "std::memcpy"
Code Smell
"[[likely]]" and "[[unlikely]]" should be used instead of compiler built-ins
Code Smell
"std::midpoint" and "std::lerp" should be used for midpoint computation and linear interpolation
Code Smell
"starts_with" and "ends_with" should be used for prefix and postfix checks
Code Smell
"using enum" should be used in scopes with high concentration of "enum" constants
Code Smell
"contains" should be used to check if a key exists in a container
Code Smell
"std::is_constant_evaluated" and "if consteval" should only be used when necessary
Bug
"std::jthread" should be used instead of "std::thread"
Code Smell
"nodiscard" attributes on functions should include explanations
Code Smell
Elements in a container should be erased with "std::erase" or "std::erase_if"
Code Smell
Mathematical constants should not be hardcoded
Code Smell

"std::cmp_*" functions should be used to compare signed and unsigned values

intentionality - clear

maintainability

Code Smell

since-c++20
symbolic-execution
bad-practice
pitfall

Functions from the std::cmp_* family should be used to compare signed and unsigned values.

Why is this an issue?

What is the potential impact?

How can I fix it?

Interactions with associated rule <a href="/cpp/RSPEC-6214">S6214</a>

More Info

Comparisons between signed and unsigned integers are dangerous because they produce counterintuitive results outside their shared value range.

When a signed integer is compared to an unsigned one, the former might be converted to unsigned. The conversion preserves the two’s-complement bit pattern of the signed value that often corresponds to a large unsigned result. The expression 2U < -1 evaluates to true, for instance.

C++20 introduced a remedy to this common pitfall: a family of std::cmp_* functions defined in the <utility> header:

std::cmp_equal
std::cmp_not_equal
std::cmp_less
std::cmp_greater
std::cmp_less_equal
std::cmp_greater_equal

These functions correctly handle negative numbers and are safe against lossy integer conversion. For example, the comparison of 2U and -1 using std::cmp_less(2U, -1) evaluates to false and matches common intuition.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted