Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
Go
HTML
Java
JavaScript
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 67 rules found

suspicious

Impact

Clean code attribute

"std::move" and "std::forward" should not be confused
Bug
RAII objects should not be temporary
Bug
"std::auto_ptr" should not be used
Bug
Recursion should not be infinite
Bug
Trigraphs should not be used
Code Smell
"case" ranges should cover multiple values
Code Smell
Redundant pointer operator sequences should be removed
Code Smell
Switch cases should end with an unconditional "break" statement
Code Smell
"switch" statements should not contain non-case labels
Code Smell
Coroutine should have co_return on each execution path or provide return_void
Bug
"reinterpret_cast" should be used carefully
Bug
Function names should be used either as a call with a parameter list or with the "&" operator
Code Smell
A cast shall not remove any const or volatile qualification from the type of a pointer or reference
Code Smell
The return value of "std::move" should be used in a function
Code Smell
Pointers or references obtained from aliased smart pointers should not be used as function parameters
Code Smell
Only valid arguments should be passed to UNIX/POSIX functions
Code Smell
Only valid arguments should be passed to stream functions
Code Smell
"Forwarding references" parameters should be used only to forward parameters
Code Smell
Size of variable length arrays should be greater than zero
Code Smell
"mktemp" family of functions templates should have at least six trailing "X"s
Code Smell
A conditionally executed single line should be denoted by indentation
Code Smell
Conditionals should start on new lines
Code Smell
Default capture should not be used
Code Smell
Pre-defined macros should not be defined, redefined or undefined
Code Smell
C-style memory allocation routines should not be used
Code Smell
Methods should not be empty
Code Smell
"using namespace" directives should not be used in header files
Code Smell
"std::format" numeric types should be 0-padded using the numerical padding and not the character padding
Bug
Type-constraints should not be used for forwarding reference parameters
Bug
Perfect forwarding constructors should be constrained
Bug
Requires-expression should not contain unevaluated concept checks or type predicates
Bug
"#pragma pack" should be used correctly
Bug
User-defined types should not be passed as variadic arguments
Bug
Array values should not be replaced unconditionally
Bug
Conditionally executed code should be reachable
Bug
"bool" expressions should not be used as operands to built-in operators other than =, &&, ||, !, ==, !=, unary &, and the conditional operator
Code Smell
The condition of "assert" should not be trivially true
Code Smell
"std::format" should not have unused arguments
Code Smell
Thread local variables should not be used in coroutines
Code Smell
"std::move" should only be used where moving can happen
Code Smell
Unevaluated operands should not have side effects
Code Smell
Size argument of memory functions should be consistent
Code Smell
Return value of "nodiscard" functions should not be ignored
Code Smell
Implicit casts should not lower precision
Code Smell
Appropriate size arguments should be passed to "strncat" and "strlcpy"
Code Smell
Methods should not have identical implementations
Code Smell
"switch" statements should cover all cases
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Assignments should not be made from within conditions
Code Smell
Variables should not be shadowed
Code Smell
Nested blocks of code should not be left empty
Code Smell
"std::to_address" should be used to convert iterators to raw pointers
Code Smell
"^" should not be confused with exponentiation
Code Smell
Members should be initialized in the order they are declared
Code Smell
Exceptions should not be ignored
Code Smell
The result of "std::remove", "std::remove_if", "std::unique" and "empty" shall be "used"
Bug
A comparison of a "potentially virtual" pointer to member function shall only be with "nullptr"
Bug
"offsetof" macro should not be used
Code Smell
"errno" should not be used
Code Smell
Flexible array members should not be declared
Code Smell
A cast shall not remove any "const" or "volatile" qualification from the type accessed via a pointer or by reference
Code Smell
"enum" values should not be used as operands to built-in operators other than [ ], =, ==, !=, unary &, and the relational operators <, <=, >, >=
Code Smell
[[nodiscard]] should be used when the return value of a function should not be ignored
Code Smell
The order for arguments of the same type in a function call should be obvious
Code Smell
An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly
Code Smell
Track parsing failures
Code Smell
"dynamic_cast" should be used for downcasting
Code Smell

C-style memory allocation routines should not be used

consistency - conventional

maintainability

Code Smell

CriticalSonarSource default severity
click to learn more

cppcoreguidelines
leak
suspicious

Why is this an issue?

More Info

The malloc, realloc, calloc and free routines are used to dynamically allocate memory in the heap. But, in contrast to the new and delete operators introduced in C++, they allocate raw memory, which is not type-safe, and they do not correctly invoke object constructors. Additionally, mixing them with new/delete results in undefined behavior.

Note that directly replacing those functions with new/delete is usually not a good idea (see S5025).

Noncompliant code example

string* pStringArray1 = static_cast<string*>(malloc(10 * sizeof(string))); // Noncompliant
Person *p = (Person*)malloc(sizeof(Person)); // Noncompliant

Compliant solution

std::array<string, 10> stringArray1 ; // Compliant, use std::vector instead if the size is dynamic
auto p1 = new Person("Bjarne"); // Compliant, but don't do that, prefer the version on next line
auto p2 = std::make_unique<Person>("Bjarne"); // Compliant

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted