Cppcheck
| Original author(s) | Daniel Marjamäki |
|---|---|
| Initial release | March 10, 2009 |
| Stable release | 1.52 / December 10, 2011 |
| Development status | Active |
| Written in | C++ |
| Operating system | Cross-platform |
| Available in | English, Dutch, Finnish, Swedish, German, Russian, Polish, Japanese, Serbian |
| Type | Static code analysis |
| License | GNU General Public License |
| Website | cppcheck.sourceforge.net |
Cppcheck is an open source static code analyzer tool for C/C++ programming languages. It's a versatile tool that can check non-standard code.[1]
Contents |
[edit] Plugins
Plugins for the following IDEs exist[2]
- Code::Blocks - integrated.
- CodeLite - integrated.
- Eclipse (software) - Cppcheclipse
- Hudson - Cppcheck Plugin
- Jenkins - Cppcheck Plugin
- Yasca - Cppcheck Plugin
No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool:
- Tools -> External Tools -> Add.
- In the name field write something like 'cppcheck'.
- In the command field write something like 'D:\cppcheck.exe'.
- In the arguments field write something like '-f --enable=all --template vs $(ItemPath)'.
- In the initial directory write something like '$(ItemDir)'.
- Just tick 'use output window' and anything else. That's all.
[edit] Features
Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature.
Some of the checks that are supported include:
- Automatic variable checking
- Bounds checking for array overruns
- Classes checking. (e.g. unused functions, variable initialisation and memory duplication).
- Usage of Deprecated or superseded functions according to http://www.opengroup.org
- Exception safety checking, for example usage of memory allocation and destructor checks
- Memory leaks, e.g. due to lost scope without deallocation
- Resource leaks, e.g. due to forgetting to close a file handler.
- Invalid usage of Standard Template Library functions and idioms
- Miscellaneous stylistic and performance errors
[edit] Status
The project is actively under development[3] and is actively maintained in different distributions.[4][5] It has found valid bugs in a number of popular projects[6] such as the Linux kernel and MPlayer.[7]
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.[8] Cppcheck has been identified for use in systems such as CERNs 4DSOFT meta analysis package,[9] for code verification in high energy particle detector readout devices[10], system monitoring software for radio telescopes[11] as well as in error analysis of large projects, such as Openoffice.org[12] and the debian archive.[13]
[edit] See also
[edit] References
- ^ "A Survey of C and C++ Software Tools for Computational Science". Science and Technologies Facility Council. Chilbolton, Daresbury, and Rutherford Appleton Laboratories. December 2009. p. 14. http://www.softeng.rl.ac.uk/media/uploads/publications/2010/03/c-c_tools_report.pdf. Retrieved 14 September 2010.
- ^ SourceForge.net: cppcheck
- ^ Cppcheck on Github
- ^ Cppcheck on Debian's Package Tracking System
- ^ Cppcheck FreeBSD port
- ^ "List of user reported bugs found by cppcheck". http://sourceforge.net/apps/phpbb/cppcheck/viewtopic.php?f=4&t=27.
- ^ "Found Bugs list". SourceForge. http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Found_bugs.
- ^ "Static Code Analysis For Embedded Systems". http://publications.lib.chalmers.se/records/fulltext/111920.pdf.
- ^ "Dissemination and use of knowledge plan (EU Deliverable DNA2.11". 2010. http://etics.web.cern.ch/etics/deliverables/ETICS-DNA2%2011-1065007-Dissemination_Use_Knowledge_Plan-v1%201.pdf.
- ^ "Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)". 2010. http://www.kip.uni-heidelberg.de/tip/root/img/pool/literature/theses/2009_mueller-klieser_stefan.pdf.
- ^ "The Wettzell System Monitoring Concept and First Realizations". International VLBI Service for Geodesy & Astrometry. 2010. p. 447. http://ivscc.gsfc.nasa.gov/publications/gm2010/ettl.pdf.
- ^ "Hunting for vulnerabilities in large software : the OpenOffice suite". http://www.cl.cam.ac.uk/~wmk26/openoffice/openoffice9.pdf.
- ^ "Introducing the "Debian's Automated Code Analysis" (DACA) project". LWN.net. http://lwn.net/Articles/420252/.
Proceedings of Science: SysMon, a monitoring concept for VLBI and more
