|Original author(s)||Daniel Marjamäki|
|Initial release||March 10, 2009|
|Stable release||1.69 / May 1, 2015|
|Available in||English, Dutch, Finnish, Swedish, German, Russian, Polish, Japanese, Serbian|
|Type||Static code analysis|
|License||GNU General Public License|
Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature.
Some of the checks that are supported include:
- Automatic variable checking
- Bounds checking for array overruns
- Classes checking (e.g. unused functions, variable initialization and memory duplication)
- Usage of deprecated or superseded functions according to Open Group
- Exception safety checking, for example usage of memory allocation and destructor checks
- Memory leaks, e.g. due to lost scope without deallocation
- Resource leaks, e.g. due to forgetting to close a file handler
- Invalid usage of Standard Template Library functions and idioms
- Miscellaneous stylistic and performance errors
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined. Cppcheck has been identified for use in systems such as CERNs 4DSOFT meta analysis package, for code verification in high energy particle detector readout devices, system monitoring software for radio telescopes as well as in error analysis of large projects, such as OpenOffice.org and the debian archive.
The project is actively under development and is actively maintained in different distributions. It has found valid bugs in a number of popular projects such as the Linux kernel and MPlayer.
- Code::Blocks - integrated.
- CodeLite - integrated.
- Sublime Text
Visual Studio integration
The commercial third-party Add-In Visual Lint by British company Riverblade can be used to integrate CppCheck in Visual Studio. There is also an open source plugin cppcheck-vs-addin available. It is also possible to add Cppcheck as an external tool.
- "A Survey of C and C++ Software Tools for Computational Science" (PDF). Science and Technologies Facility Council. Chilbolton, Daresbury, and Rutherford Appleton Laboratories. December 2009. p. 14. Retrieved 14 September 2010.
- "Static Code Analysis For Embedded Systems" (PDF).
- "Dissemination and use of knowledge plan (EU Deliverable DNA2.11" (PDF). 2010.
- "Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)" (PDF). 2010.
- "The Wettzell System Monitoring Concept and First Realizations" (PDF). International VLBI Service for Geodesy & Astrometry. 2010. p. 447.
- "Hunting for vulnerabilities in large software : the OpenOffice suite" (PDF).
- "Introducing the "Debian's Automated Code Analysis" (DACA) project". LWN.net.
- Cppcheck on Github
- Cppcheck on Debian's Package Tracking System
- FreeBSD port
- "List of user reported bugs found by cppcheck".
- "Found Bugs list". SourceForge.
- "SourceForge.net: cppcheck". sourceforge.net.
- "Cppcheclipse". googlecode.com.
- "Flycheck". github.com.
- "gedit Cppcheck plugin". github.com.
- "Cppcheck Plugin". hudson-ci.org.
- "Cppcheck Plugin". jenkins-ci.org.
- "Sublimelinter plugin". github.com.
- "Yasca". scovetta.com.
- "Visual Lint homepage". Retrieved 11 December 2012.
- "Homepage cppcheck-vs-addin". Retrieved 3 March 2014.
- "Simple open source static analysis tool for Visual Studio". Retrieved 27 August 2012.