SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 22 rules found
unpredictable
    Impact
      Clean code attribute
        1. Globals should not depend on possibly not yet initialized variables

           Code Smell
        2. Coroutine should have co_return on each execution path or provide return_void

           Bug
        3. Thread local variables should not be used in coroutines

           Code Smell
        4. Arguments evaluation order should not be relied on

           Bug
        5. A single statement should not have more than one resource allocation

           Code Smell
        6. Functions that throw exceptions should not be used as hash functions

           Code Smell
        7. A call to "wait()" on a "std::condition_variable" should have a condition

           Bug
        8. Keywords shall not be used as macros identifiers

           Code Smell
        9. Incomplete types should not be deleted

           Code Smell
        10. Dereferenced null pointers should not be bound to references

           Code Smell
        11. Header guards should be followed by a matching "#define" macro

           Code Smell
        12. "memcmp" should only be called with pointers to trivially copyable types with no padding

           Bug
        13. Stack allocated memory and non-owned memory should not be freed

           Bug
        14. Destructors should not be called explicitly

           Code Smell
        15. An object shall not be accessed outside of its lifetime

           Bug
        16. Reads and writes on the same file stream shall be separated by a positioning operation

           Bug
        17. A pointer to an incomplete "class" type shall not be deleted

           Bug
        18. An object shall not be used while in a "potentially moved-from state"

           Code Smell
        19. A comparison of a "potentially virtual" pointer to member function shall only be with "nullptr"

           Bug
        20. Local variables shall not have static storage duration

           Code Smell
        21. The value of an object must not be read before it has been set

           Bug
        22. A line whose first token is "#" shall be a valid preprocessing directive

           Bug

        A pointer to an incomplete "class" type shall not be deleted

        intentionality - logical
        reliability
        Bug
        • unpredictable
        • misra-c++2023
        • misra-required

        Why is this an issue?

        More Info

        This rule is part of MISRA C++:2023.

        MISRA Rule 21.6.5

        Category: Required

        Analysis Type: Decidable,Single Translation Unit

        Rationale

        An incomplete class type is a forward declared class type for which the compiler has not yet seen a complete definition.

        Deleting a pointer to an incomplete class type results in undefined behaviour when the complete class type has a non-trivial destructor or a deallocation function.

        This rule prohibits deletion of a pointer to an incomplete class type even when it is a trivially destructible class without a deallocation function. This restriction defends against a non-trivial destructor or a deallocation function being added during development.

        Example

        The following examples violate M23_259: MISRA C++ 2023 Rule 21.6.2.

        class Bad
        {
          class Impl;
        
          Impl * pImpl;
        
        public:
          ~Bad()
          {
            delete pImpl;   // Non-compliant - at the point of deletion, pImpl points
                            // to an object of incomplete class type.
          }
        };
        
        // Header file
        class Good
        {
          class Impl;
        
          Impl * pImpl;
        
        public:
          ~Good();
        };
        
        // Implementation file
        class Good::Impl
        {
        };
        
        // Good::Impl is a complete type now
        Good::~Good()
        {
          delete pImpl;   // Compliant - at the point of deletion, pImpl points to
                          // a complete class type.
        }
        

        Copyright The MISRA Consortium Limited © 2023

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use