Cppcheck
| Original author(s) | Daniel Marjamäki |
|---|---|
| Initial release | March 10, 2009 |
| Stable release | 1.46.1
/ December 13, 2010 |
| Repository | |
| Written in | C++ |
| Operating system | Cross-platform |
| Available in | English, Dutch, Finnish, Swedish, German, Russian, Polish, Japanese, Serbian |
| Type | Static code analysis |
| License | GNU General Public License |
| Website | http://cppcheck.sourceforge.net/ |
Cppcheck is an open source static code analyzer tool for C/C++ programming languages. It's a versatile tool that can check non-standard code.[1]
Plugins
Plugins for the following IDEs exist[2]
- Code::Blocks - integrated.
- CodeLite - integrated.
- Eclipse (software) - Cppcheclipse
- Hudson - Cppcheck Plugin
No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool.
Features
Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature.
Some of the checks that are supported include:
- Automatic variable checking
- Bounds checking for array overruns
- Classes checking. (e.g. unused functions, variable initialisation and memory duplication).
- Usage of Deprecated or superseded functions according to http://www.opengroup.org
- Exception safety checking, for example usage of memory allocation and destructor checks
- Memory leaks, e.g. due to lost scope without deallocation
- Resource leaks, e.g. due to forgetting to close a file handler.
- Invalid usage of Standard Template Library functions and idioms
- Miscellaneous stylistic and performance errors
Status
The project is actively under development[3] and is actively maintained in different distributions[4][5]. It has found valid bugs in a number of popular projects such as the Linux kernel and MPlayer[6].
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.[7] Cppcheck has been identified for use in systems such as CERNs 4DSOFT meta analysis package[8], for code verification in high energy particle detector readout devices[9] as well as in error analysis of large projects, such as Openoffice.org[10] and the debian archive[11].
See also
References
- ^ "A Survey of C and C++ Software Tools for Computational Science" (PDF). Science and Technologies Facility Council. Chilbolton, Daresbury, and Rutherford Appleton Laboratories. December 2009. p. 14. Retrieved 14 September 2010.
{{cite web}}: More than one of|pages=and|page=specified (help) - ^ SourceForge.net: cppcheck
- ^ Cppcheck on Github
- ^ Cppcheck on Debian's Package Tracking System
- ^ Cppcheck FreeBSD port
- ^ "Found Bugs list". SourceForge.
- ^ "Static Code Analysis For Embedded Systems" (PDF).
- ^ "Dissemination and use of knowledge plan (EU Deliverable DNA2.11" (PDF). 2010.
- ^ "Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)" (PDF). 2010.
- ^ "Hunting for vulnerabilities in large software : the OpenOffice suite" (PDF).
- ^ http://lwn.net/Articles/420252/.
{{cite web}}: Missing or empty|title=(help)