-
Very hard in general.
-
use const consistently (check if member functions modify their object;
-
check if functions modify arguments passed by pointer or reference)
-
flag uses of casts (casts neuter the type system)
-
detect code that mimics the standard library (hard)
partial enforcement
clang-tidy: cppcoreguidelines-pro-type-const-cast,cppcoreguidelines-pro-type-cstyle-cast,cppcoreguidelines-pro-type-reinterpret-cast, cppcoreguidelines-pro-type-static-cast-downcast
- maybe
CodeCheckercould do the 'mimics' part with its similarity check - const would be a nice and valuable check for clang-tidy
- Use an up-to-date C++ compiler (currently C++11 or C++14) with a set of options that do not accept extensions.
no enforcement
- @pepsiman is working on that, See #2
-
Look for common patterns for which there are better alternatives
-
simple for loops vs. range-for loops
-
f(T*, int) interfaces vs. f(span) interfaces
-
loop variables in too large a scope
-
naked new and delete
-
functions with many parameters of built-in types
-
There is a huge scope for cleverness and semi-automated program transformation.
partial enforcement
clang-tidy: modernize-loop-convert,cppcoreguidelines-owning-memory,readability-function-size
cppcheck: variableScope
We can ban, restrain, or detect the individual problem categories separately, as required and feasible for individual programs. Always suggest an alternative. For example:
- unions -- use variant (in C++17)
- casts -- minimize their use; templates can help
- array decay -- use span (from the GSL)
- range errors -- use span
- narrowing conversions -- minimize their use and use
- narrow or narrow_cast (from the GSL) where they are necessary
partial enforcement
- Look for pointer arguments.
- Look for run-time checks for range violations.
partial enforcement
- Flag (pointer, count)-style interfaces (this will flag a lot of examples that can't be fixed for compatibility reasons)
no enforcement
- Look at pointers and arrays: Do range-checking early and not repeatedly
- Look at conversions: Eliminate or mark narrowing conversions
- Look for unchecked values coming from input
- Look for structured data (objects of classes with invariants) being converted into strings
partial enforcement
- Look at pointers: Classify them into non-owners (the default) and owners. Where feasible, replace owners with standard-library resource handles (as in the example above). Alternatively, mark an owner as such using owner from the GSL.
- Look for naked new and delete
- Look for known resource allocating functions returning raw pointers (such as fopen, malloc, and strdup)
partial enforcement
clang-tidy: cppcoreguidelines-no-malloc,cppcoreguidelines-owning-memory
clang-static-analyzer: leak checker
- Look for "messy code" such as complex pointer manipulation and casting outside the implementation of abstractions.
- limit the amount of indirection (max 1 Pointer/Reference indirection, banning int **)
no enforcement