Jump to content

Cppcheck: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Status: add debian archive check project
Line 46: Line 46:
The project is actively under development<ref name="github">[http://github.com/danmar/cppcheck/ Cppcheck on Github]</ref> and is actively maintained in different distributions<ref name="debianpts">[http://packages.qa.debian.org/c/cppcheck.html Cppcheck on Debian's Package Tracking System]</ref><ref name="freebsdports">[http://www.freebsd.org/cgi/cvsweb.cgi/ports/devel/cppcheck/distinfo?sortby=rev Cppcheck FreeBSD port]</ref>. It has found valid bugs in a number of popular projects such as the [[Linux kernel]] and [[MPlayer]]<ref name="foundbugs">{{cite web|url=http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Found_bugs|title=Found Bugs list|work=SourceForge}}</ref>.
The project is actively under development<ref name="github">[http://github.com/danmar/cppcheck/ Cppcheck on Github]</ref> and is actively maintained in different distributions<ref name="debianpts">[http://packages.qa.debian.org/c/cppcheck.html Cppcheck on Debian's Package Tracking System]</ref><ref name="freebsdports">[http://www.freebsd.org/cgi/cvsweb.cgi/ports/devel/cppcheck/distinfo?sortby=rev Cppcheck FreeBSD port]</ref>. It has found valid bugs in a number of popular projects such as the [[Linux kernel]] and [[MPlayer]]<ref name="foundbugs">{{cite web|url=http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Found_bugs|title=Found Bugs list|work=SourceForge}}</ref>.


As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.<ref name="Chalmers09">{{cite web|url=http://publications.lib.chalmers.se/records/fulltext/111920.pdf|title=Static Code Analysis For Embedded Systems}}</ref> Cppcheck has been identified for use in systems such as [[CERN]]s 4DSOFT meta analysis package<ref name="Cern10">{{cite web|url=http://etics.web.cern.ch/etics/deliverables/ETICS-DNA2%2011-1065007-Dissemination_Use_Knowledge_Plan-v1%201.pdf|title=Dissemination and use of knowledge plan (EU Deliverable DNA2.11|year=2010}}</ref>, for code verification in high energy particle detector readout devices<ref name="Müller-Klieser09">{{cite web|url=http://www.kip.uni-heidelberg.de/tip/root/img/pool/literature/theses/2009_mueller-klieser_stefan.pdf|title=Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)|year=2010}}</ref> as well as in error analysis of large projects, such as [[Openoffice.org]]<ref>{{cite web|url=http://www.cl.cam.ac.uk/~wmk26/openoffice/openoffice9.pdf|title=Hunting for vulnerabilities in large software : the OpenOffice suite}}</ref>
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.<ref name="Chalmers09">{{cite web|url=http://publications.lib.chalmers.se/records/fulltext/111920.pdf|title=Static Code Analysis For Embedded Systems}}</ref> Cppcheck has been identified for use in systems such as [[CERN]]s 4DSOFT meta analysis package<ref name="Cern10">{{cite web|url=http://etics.web.cern.ch/etics/deliverables/ETICS-DNA2%2011-1065007-Dissemination_Use_Knowledge_Plan-v1%201.pdf|title=Dissemination and use of knowledge plan (EU Deliverable DNA2.11|year=2010}}</ref>, for code verification in high energy particle detector readout devices<ref name="Müller-Klieser09">{{cite web|url=http://www.kip.uni-heidelberg.de/tip/root/img/pool/literature/theses/2009_mueller-klieser_stefan.pdf|title=Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)|year=2010}}</ref> as well as in error analysis of large projects, such as [[Openoffice.org]]<ref>{{cite web|url=http://www.cl.cam.ac.uk/~wmk26/openoffice/openoffice9.pdf|title=Hunting for vulnerabilities in large software : the OpenOffice suite}}</ref> and the [[debian]] archive<ref>{{cite web|url=http://lwn.net/Articles/420252/}}</ref>.


==See also==
==See also==

Revision as of 14:38, 22 January 2011

Cppcheck
Original author(s)Daniel Marjamäki
Initial releaseMarch 10, 2009 (2009-03-10)
Stable release
1.46.1 / December 13, 2010; 13 years ago (2010-12-13)
Repository
Written inC++
Operating systemCross-platform
Available inEnglish, Dutch, Finnish, Swedish, German, Russian, Polish, Japanese, Serbian
TypeStatic code analysis
LicenseGNU General Public License
Websitehttp://cppcheck.sourceforge.net/

Cppcheck is an open source static code analyzer tool for C/C++ programming languages. It's a versatile tool that can check non-standard code.[1]

Plugins

Plugins for the following IDEs exist[2]

No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool.

Features

Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature.

Some of the checks that are supported include:

Status

The project is actively under development[3] and is actively maintained in different distributions[4][5]. It has found valid bugs in a number of popular projects such as the Linux kernel and MPlayer[6].

As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.[7] Cppcheck has been identified for use in systems such as CERNs 4DSOFT meta analysis package[8], for code verification in high energy particle detector readout devices[9] as well as in error analysis of large projects, such as Openoffice.org[10] and the debian archive[11].

See also

References

  1. ^ "A Survey of C and C++ Software Tools for Computational Science" (PDF). Science and Technologies Facility Council. Chilbolton, Daresbury, and Rutherford Appleton Laboratories. December 2009. p. 14. Retrieved 14 September 2010. {{cite web}}: More than one of |pages= and |page= specified (help)
  2. ^ SourceForge.net: cppcheck
  3. ^ Cppcheck on Github
  4. ^ Cppcheck on Debian's Package Tracking System
  5. ^ Cppcheck FreeBSD port
  6. ^ "Found Bugs list". SourceForge.
  7. ^ "Static Code Analysis For Embedded Systems" (PDF).
  8. ^ "Dissemination and use of knowledge plan (EU Deliverable DNA2.11" (PDF). 2010.
  9. ^ "Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)" (PDF). 2010.
  10. ^ "Hunting for vulnerabilities in large software : the OpenOffice suite" (PDF).
  11. ^ http://lwn.net/Articles/420252/. {{cite web}}: Missing or empty |title= (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cppcheck&oldid=409367113"