Better reporting of execution path-sensitive issues and 9 more MISRA C++2023 rules

Hello dear C and C++ users

First, your C++ code can now be analyzed against nine additional MISRA C++2023 rules.
5 rules about forbidden functions’ uses and common pitfalls:

  • Rule M23_058: The names of the ‘standard signed integer types’ and ‘standard unsigned integer types’ should not be used
  • Rule M23_400: An ‘integer-literal’ of type ‘long long’ shall not use a single ‘L’ or ‘l’ in any suffix
  • Rule M23_357: ‘std::vector’ should not be specialized with ‘bool’
  • Rule M23_355 : The ‘setlocale’ and ‘std::locale::global’ functions shall not be called
  • Rule M23_404: The character handling functions from ‘’ and ‘’ shall not be used

4 various rules

  • Rule M23_007: The value returned by a function having a non-‘void’ return type that is not an overloaded operator shall always be ‘used’
  • Rule M23_043: Tokens that look like a preprocessing directive shall not occur within a macro argument
  • Rule M23_239: A comparison of a ‘potentially virtual’ pointer to member shall only be with ‘nullptr’
  • Rule M23_233: Local variables shall not have static storage duration

All available MISRA C++ 2023 rules can be found here.

Second, it is now easier for you to better understand most execution path-sensitive issues.
It is better shown through an example.

In SonarQube and SonarCloud, execution path-sensitive bugs are usually shown by itemizing each and every step of the faulty execution.

While it is a complete description of the issue, it is not straight to the point and a lot of superfluous information can be found in such a report.

Such issues are now reported more selectively by back-tracking the data involved in the faulty statement. This is what most developers would do when they spot a faulty statement.

We consider this new reporting more efficient in most cases. The previous report can still be consulted by clicking on the execution flow.
This has been incrementally introduced to most concerned rules in SonarQube and SonarCloud for both C and C++ rules and will continue to grow.

These new features will be available with SonarQube 10.4 starting from Developer Edition. They will be available shortly on SonarCloud and in SonarLint.

As always, you can see what’s coming next and vote for C and C++ features you would like to see in SonarQube , SonarCloud , and SonarLint .