64-bit portability
Check if there is 64-bit portability issues:
assign address to/from int/long
Auto Variables
A pointer to a variable is only valid as long as the variable is in scope. Check:
returning a pointer to auto or temporary variable
assigning address of an variable to an effective parameter of a function
returning reference to local/temporary variable
returning address of function parameter
Boost usage
Check for invalid usage of Boost:
container modification during BOOST_FOREACH
Bounds checking
out of bounds checking
Class
Check the code for each class.
Missing constructors
Are all variables initialized by the constructors?
Warn if memset, memcpy etc are used on a class
If it's a base class, check that the destructor is virtual
Are there unused private functions
'operator=' should return reference to self
'operator=' should check for assignment to self
Constness for member functions
Exception Safety
Checking exception safety
Throwing exceptions in destructors
Throwing exception during invalid state
Throwing a copy of a caught exception instead of rethrowing the original exception
exception caught by value instead of by reference
Match assignments and conditions
Match assignments and conditions:
Mismatching assignment and comparison => comparison is always true/false
Mismatching lhs and rhs in comparison => comparison is always true/false
Detect matching 'if' and 'else if' conditions
Memory leaks (address not taken)
Not taking the address to allocated memory
Memory leaks (class variables)
If the constructor allocate memory then the destructor must deallocate it.
Memory leaks (function variables)
Is there any allocated memory when a function goes out of scope
Memory leaks (struct members)
Don't forget to deallocate struct members
Non reentrant functions
Warn if any of these non reentrant functions are used:
crypt
ctermid
ecvt
fcvt
fgetgrent
fgetpwent
fgetspent
gcvt
getgrent
getgrgid
getgrnam
gethostbyaddr
gethostbyname
gethostbyname2
gethostent
getlogin
getnetbyaddr
getnetbyname
getnetgrent
getprotobyname
getpwent
getpwnam
getpwuid
getrpcbyname
getrpcbynumber
getrpcent
getservbyname
getservbyport
getservent
getspent
getspnam
gmtime
localtime
readdir
strtok
tempnam
ttyname
Null pointer
Null pointers
null pointer dereferencing
Obsolete functions
Warn if any of these obsolete functions are used:
asctime
asctime_r
bcmp
bcopy
bsd_signal
bzero
ctime
ctime_r
ecvt
fcvt
ftime
gcvt
getcontext
gethostbyaddr
gethostbyname
getwd
index
makecontext
pthread_attr_getstackaddr
pthread_attr_setstackaddr
rand_r
rindex
scalbln
swapcontext
tmpnam
tmpnam_r
ualarm
usleep
utime
vfork
wcswcs
Other
Other checks
Assigning bool value to pointer (converting bool value to address)
division with zero
using fflush() on an input stream
scoped object destroyed immediately after construction
assignment in an assert statement
sizeof for array given as function argument
sizeof for numeric given as function argument
using sizeof(pointer) instead of the size of pointed data
incorrect length arguments for 'substr' and 'strncmp'
invalid usage of output stream. For example: std::cout << std::cout;'
wrong number of arguments given to 'printf' or 'scanf;'
double free() or double closedir()
C-style pointer cast in cpp file
casting between incompatible pointer types
redundant if
bad usage of the function 'strtol'
Dangerous usage of 'scanf'
passing parameter by value
variable scope can be limited
condition that is always true/false
unusal pointer arithmetic. For example: "abc" + 'd'
redundant assignment in a switch statement
redundant strcpy in a switch statement
look for 'sizeof sizeof ..'
look for calculations inside sizeof()
assignment of a variable to itself
mutual exclusion over || always evaluating to true
Clarify calculation with parentheses
using increment on boolean
comparison of a boolean with a non-zero integer
comparison of a boolean expression with an integer other than 0 or 1
suspicious condition (assignment+comparison)
suspicious condition (runtime comparison of string literals)
suspicious condition (string literals as boolean)
duplicate break statement
unreachable code
testing if unsigned variable is negative
testing is unsigned variable is positive
using bool in bitwise expression
Suspicious use of ; at the end of 'if/for/while' statement.
incorrect usage of functions from ctype library.
optimisation: detect post increment/decrement
STL usage
Check for invalid usage of STL:
out of bounds errors
misuse of iterators when iterating through a container
mismatching containers in calls
dereferencing an erased iterator
for vectors: using iterator/pointer after push_back has been used
optimisation: use empty() instead of size() to guarantee fast code
suspicious condition when using find
redundant condition
common mistakes when using string::c_str()
using auto pointer (auto_ptr)
useless calls of string functions
Uninitialized variables
Uninitialized variables
using uninitialized variables and data
Unused functions
Check for functions that are never called
UnusedVar
UnusedVar checks
unused variable
allocated but unused variable
unred variable
unassigned variable
unused struct member
Using postfix operators
Warn if using postfix operators ++ or -- rather than prefix operator