64-bit portability

Check if there is 64-bit portability issues:

• assign address to/from int/long

Auto Variables

A pointer to a variable is only valid as long as the variable is in scope. Check:

• returning a pointer to auto or temporary variable
• assigning address of an variable to an effective parameter of a function
• returning reference to local/temporary variable
• returning address of function parameter

Boost usage

Check for invalid usage of Boost:

• container modification during BOOST_FOREACH

Bounds checking

out of bounds checking

Class

Check the code for each class.

• Missing constructors
• Are all variables initialized by the constructors?
• Warn if memset, memcpy etc are used on a class
• If it's a base class, check that the destructor is virtual
• Are there unused private functions
• 'operator=' should return reference to self
• 'operator=' should check for assignment to self
• Constness for member functions

Exception Safety

Checking exception safety

• Throwing exceptions in destructors
• Throwing exception during invalid state
• Throwing a copy of a caught exception instead of rethrowing the original exception
• exception caught by value instead of by reference

Match assignments and conditions

Match assignments and conditions:

• Mismatching assignment and comparison => comparison is always true/false
• Mismatching lhs and rhs in comparison => comparison is always true/false
• Detect matching 'if' and 'else if' conditions

Memory leaks (address not taken)

Not taking the address to allocated memory

Memory leaks (class variables)

If the constructor allocate memory then the destructor must deallocate it.

Memory leaks (function variables)

Is there any allocated memory when a function goes out of scope

Memory leaks (struct members)

Don't forget to deallocate struct members

Non reentrant functions

Warn if any of these non reentrant functions are used:

• crypt
• ctermid
• ecvt
• fcvt
• fgetgrent
• fgetpwent
• fgetspent
• gcvt
• getgrent
• getgrgid
• getgrnam
• gethostbyaddr
• gethostbyname
• gethostbyname2
• gethostent
• getlogin
• getnetbyaddr
• getnetbyname
• getnetgrent
• getprotobyname
• getpwent
• getpwnam
• getpwuid
• getrpcbyname
• getrpcbynumber
• getrpcent
• getservbyname
• getservbyport
• getservent
• getspent
• getspnam
• gmtime
• localtime
• readdir
• strtok
• tempnam
• ttyname

Null pointer

Null pointers

• null pointer dereferencing

Obsolete functions

Warn if any of these obsolete functions are used:

• asctime
• asctime_r
• bcmp
• bcopy
• bsd_signal
• bzero
• ctime
• ctime_r
• ecvt
• fcvt
• ftime
• gcvt
• getcontext
• gethostbyaddr
• gethostbyname
• getwd
• index
• makecontext
• pthread_attr_getstackaddr
• pthread_attr_setstackaddr
• rand_r
• rindex
• scalbln
• swapcontext
• tmpnam
• tmpnam_r
• ualarm
• usleep
• utime
• vfork
• wcswcs

Other

Other checks

• Assigning bool value to pointer (converting bool value to address)
• division with zero
• using fflush() on an input stream
• scoped object destroyed immediately after construction
• assignment in an assert statement
• sizeof for array given as function argument
• sizeof for numeric given as function argument
• using sizeof(pointer) instead of the size of pointed data
• incorrect length arguments for 'substr' and 'strncmp'
• invalid usage of output stream. For example: std::cout << std::cout;'
• wrong number of arguments given to 'printf' or 'scanf;'
• double free() or double closedir()
• C-style pointer cast in cpp file
• casting between incompatible pointer types
• redundant if
• bad usage of the function 'strtol'
• Dangerous usage of 'scanf'
• passing parameter by value
• variable scope can be limited
• condition that is always true/false
• unusal pointer arithmetic. For example: "abc" + 'd'
• redundant assignment in a switch statement
• redundant strcpy in a switch statement
• look for 'sizeof sizeof ..'
• look for calculations inside sizeof()
• assignment of a variable to itself
• mutual exclusion over || always evaluating to true
• Clarify calculation with parentheses
• using increment on boolean
• comparison of a boolean with a non-zero integer
• comparison of a boolean expression with an integer other than 0 or 1
• suspicious condition (assignment+comparison)
• suspicious condition (runtime comparison of string literals)
• suspicious condition (string literals as boolean)
• duplicate break statement
• unreachable code
• testing if unsigned variable is negative
• testing is unsigned variable is positive
• using bool in bitwise expression
• Suspicious use of ; at the end of 'if/for/while' statement.
• incorrect usage of functions from ctype library.
• optimisation: detect post increment/decrement

STL usage

Check for invalid usage of STL:

• out of bounds errors
• misuse of iterators when iterating through a container
• mismatching containers in calls
• dereferencing an erased iterator
• for vectors: using iterator/pointer after push_back has been used
• optimisation: use empty() instead of size() to guarantee fast code
• suspicious condition when using find
• redundant condition
• common mistakes when using string::c_str()
• using auto pointer (auto_ptr)
• useless calls of string functions

Uninitialized variables

Uninitialized variables

• using uninitialized variables and data

Unused functions

Check for functions that are never called

UnusedVar

UnusedVar checks

• unused variable
• allocated but unused variable
• unred variable
• unassigned variable
• unused struct member

Using postfix operators

Warn if using postfix operators ++ or -- rather than prefix operator