Cppcheck
Encyclopedia
Cppcheck is an open source
static code analyzer tool
for C
/C++
programming language
s. It's a versatile tool that can check non-standard code.
s exist
No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool.
in nature.
Some of the checks that are supported include:
and MPlayer
.
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined. Cppcheck has been identified for use in systems such as CERN
s 4DSOFT meta analysis package, for code verification in high energy particle detector readout devices, system monitoring software for radio telescopes as well as in error analysis of large projects, such as Openoffice.org
and the debian
archive.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
static code analyzer tool
Static code analysis
Static program analysis is the analysis of computer software that is performed without actually executing programs built from that software In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code...
for C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
/C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
programming language
Programming language
A programming language is an artificial language designed to communicate instructions to a machine, particularly a computer. Programming languages can be used to create programs that control the behavior of a machine and/or to express algorithms precisely....
s. It's a versatile tool that can check non-standard code.
Plugins
Plugins for the following IDEIntegrated development environment
An integrated development environment is a software application that provides comprehensive facilities to computer programmers for software development...
s exist
- Code::BlocksCode::BlocksCode::Blocks is a free and open source, cross-platform IDE which supports multiple compilers including GCC and MSVC. It is developed in C++ using wxWidgets as the GUI toolkit. Using a plugin architecture, its capabilities and features are defined by the provided plugins.Currently, Code::Blocks is...
- integrated. - CodeLiteCodeliteCodeLite is a free, open-source, cross-platform IDE for the C/C++ programming languages.- History :On August 2006 Eran Ifrah, CodeLite's author, started a project named CodeLite...
- integrated. - Eclipse (software)Eclipse (software)Eclipse is a multi-language software development environment comprising an integrated development environment and an extensible plug-in system...
- Cppcheclipse - HudsonHudson (software)Hudson is a continuous integration tool written in Java, which runs in a servlet container, such as Apache Tomcat or the GlassFish application server. It supports SCM tools including CVS, Subversion, Git and Clearcase and can execute Apache Ant and Apache Maven based projects, as well as arbitrary...
- Cppcheck Plugin - JenkinsJenkins (software)Jenkins, previously known as Hudson, is an open source continuous integration tool written in Java. The project renamed itself after a dispute with Oracle who claims the right to trademark the Hudson name and has applied for such a trademark as of December 2010...
- Cppcheck Plugin - YascaYascaYasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan...
- Cppcheck Plugin
No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool.
Features
Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristicHeuristic
Heuristic refers to experience-based techniques for problem solving, learning, and discovery. Heuristic methods are used to speed up the process of finding a satisfactory solution, where an exhaustive search is impractical...
in nature.
Some of the checks that are supported include:
- Automatic variable checking
- Bounds checkingBounds checkingIn computer programming, bounds checking is any method of detecting whether a variable is within some bounds before its use. It is particularly relevant to a variable used as an index into an array to ensure its value lies within the bounds of the array...
for array overruns - ClassesClass (computer science)In object-oriented programming, a class is a construct that is used as a blueprint to create instances of itself – referred to as class instances, class objects, instance objects or simply objects. A class defines constituent members which enable these class instances to have state and behavior...
checking. (e.g. unused functions, variable initialisation and memory duplication). - Usage of DeprecatedDeprecationIn the process of authoring computer software, its standards or documentation, deprecation is a status applied to software features to indicate that they should be avoided, typically because they have been superseded...
or superseded functions according to http://www.opengroup.org - Exception safety checking, for example usage of memory allocation and destructor checks
- Memory leakMemory leakA memory leak, in computer science , occurs when a computer program consumes memory but is unable to release it back to the operating system. In object-oriented programming, a memory leak happens when an object is stored in memory but cannot be accessed by the running code...
s, e.g. due to lost scope without deallocation - Resource leakResource leakIn computer science, a resource leak is a particular type of resource consumption by a computer program where the program cannot release resources it has acquired. This condition is normally the result of a bug in a program...
s, e.g. due to forgetting to close a file handler. - Invalid usage of Standard Template LibraryStandard Template LibraryThe Standard Template Library is a C++ software library which later evolved into the C++ Standard Library. It provides four components called algorithms, containers, functors, and iterators. More specifically, the C++ Standard Library is based on the STL published by SGI. Both include some...
functions and idiomIdiomIdiom is an expression, word, or phrase that has a figurative meaning that is comprehended in regard to a common use of that expression that is separate from the literal meaning or definition of the words of which it is made...
s - Miscellaneous stylistic and performance errors
Status
The project is actively under development and is actively maintained in different distributions. It has found valid bugs in a number of popular projects such as the Linux kernelLinux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
and MPlayer
MPlayer
MPlayer is a free and open source media player. The program is available for all major operating systems, including Linux and other Unix-like systems, Microsoft Windows and Mac OS X. Versions for OS/2, Syllable, AmigaOS and MorphOS are also available. The Windows version works, with some minor...
.
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined. Cppcheck has been identified for use in systems such as CERN
CERN
The European Organization for Nuclear Research , known as CERN , is an international organization whose purpose is to operate the world's largest particle physics laboratory, which is situated in the northwest suburbs of Geneva on the Franco–Swiss border...
s 4DSOFT meta analysis package, for code verification in high energy particle detector readout devices, system monitoring software for radio telescopes as well as in error analysis of large projects, such as Openoffice.org
OpenOffice.org
OpenOffice.org, commonly known as OOo or OpenOffice, is an open-source application suite whose main components are for word processing, spreadsheets, presentations, graphics, and databases. OpenOffice is available for a number of different computer operating systems, is distributed as free software...
and the debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
archive.
See also
- Static code analysisStatic code analysisStatic program analysis is the analysis of computer software that is performed without actually executing programs built from that software In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code...
- List of tools for static code analysis