Cppcheck - A tool for static C/C++ code analysis
Overview
Cppcheck is an analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools, it doesn't detect syntax errors. Cppcheck only detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
We recommend that you enable as many warnings as possible in your compiler.
- If you use Visual C++: you should use warning level 4.
- If you use GCC: take a look at Warning options - using GCC
- If you use Clang: take a look at Options to Control Error and Warning Messages
- If you use another compiler: look in the manual.
Supported platforms:
- You can check non-standard code that includes various compiler extensions, inline assembly code, etc.
- Cppcheck is supposed to be compilable by any C++ compiler which handles the latest C++ standard.
- Cppcheck is supposed to work on any platform that has sufficient cpu and memory.
Accuracy
Cppcheck is far from finished, it is continuously improved to make it more accurate.
Cppcheck is rarely wrong about reported errors. But there are many bugs that it doesn't detect.
You will find more bugs in your software by testing your software carefully, than by using Cppcheck.
You will find more bugs in your software by instrumenting your software (with for example http://valgrind.org/), than by using Cppcheck.
It is unlikely that you will find all the bugs in your software through testing and instrumenting. Cppcheck can detect some of the bugs that you have missed.
Documents and articles
Manual
The Cppcheck manual is available as HTML and PDF.
Writing rules
Articles about writing rules.
Part 1 - Getting started
Part 2 - Data representation
Part 3 - Introduction to C++ rules
Cppcheck design
This article talks about the internal data in Cppcheck.
This article discuss the philosphy of Cppcheck - how we try to avoid false warnings.
Clients and plugins
Cppcheck can be used from many popular development tools.
DOWNLOAD
Clients and plugins
Cppcheck is integrated with many popular development tools. For instance:
CLion - Cppcheck plugin
Code::Blocks - integrated
CodeDX (software assurance tool) - integrated
CodeLite - integrated
CppDepend 5 - integrated
Eclipse - Cppcheclipse
gedit - gedit plugin
Hudson - Cppcheck Plugin
Jenkins - Cppcheck Plugin
Mercurial (Linux) - pre-commit hook - Check for new errors on commit (requires interactive terminal)
Tortoise SVN - Adding a pre-commit hook script
Git (Linux) - pre-commit hook - Check for errors in files going into commit (requires interactive terminal)
Visual Studio - Visual Studio plugin
QtCreator - Qt Project Tool (qpt)
Commercial
Command line - LintProject by RiverBlade
CppDepend - Integrated. Note: CppDepend is free to use for open source projects.
SonarQube - Commercial C++ plugin
Visual Studio / Eclipse - Visual Lint by RiverBlade
Checks
Cppcheck has many different kinds of checks. A full list is available.
To suggest a new checker, please use Trac.
Forum, chat
IRC channel:
channel: #cppcheck
server: irc://irc.freenode.net
The IRC channel can be access with a web browser: http://webchat.freenode.net
Forum: http://sourceforge.net/p/cppcheck/discussion/
Future releases
Version 1.76 is planned to be released in October.
Bugs and feature requests
Use Trac to report any problems: Trac
''Defects'' are for severe bugs such as:
- False positives
- Cppcheck hangs/crashes
- Fail to compile
''Enhancements'' are for issues such as:
- Fail to detect bug
- Change the output of Cppcheck
- Suggestion for a new check
Contribute
You are welcome to contribute. Help is needed.
- Testing - Pick a project and test it's source with latest version. Write tickets to Trac about issues you find from Cppcheck. If you test open source projects and write bug reports to them, check the issues in Found bugs section, and write links to the bug reports you have created e.g. to our Forum, so we can keep a track about them.
- Developing - Pick a ticket from Trac, write a test case for it (and write a comment to the ticket that test case has been created). Or pick a test case that fails and try to fix it. Make a patch and submit it to Trac either inline if it is small, or attach it as a file.
- Marketing - Write articles, reviews or tell your friends about us. The more users we have, the more people we have testing and the better we can become.
- Design - Invent new good checks and create tickets to Trac about them.
- Integration - Write a plugin to your favorite IDE or create a package for your distribution or operating system.
- Technical Writer - Write better documentation for the bugs we find. Currently only a few bugs have any documentation at all.
Getting the source code
Latest version can be found in the cppcheck git repository.
To get the source code using git:
git clone git://github.com/danmar/cppcheck.git
To get the source code using subversion:
svn checkout https://github.com/danmar/cppcheck/trunk
You can also download the latest sources in a zip archive from the github website.
Found bugs
Here are some of the found bugs that have been fixed:
Found bugs
Overview
Cppcheck is an analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools, it doesn't detect syntax errors. Cppcheck only detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
We recommend that you enable as many warnings as possible in your compiler.
- If you use Visual C++: you should use warning level 4.
- If you use GCC: take a look at Warning options - using GCC
- If you use Clang: take a look at Options to Control Error and Warning Messages
- If you use another compiler: look in the manual.
Supported platforms:
- You can check non-standard code that includes various compiler extensions, inline assembly code, etc.
- Cppcheck is supposed to be compilable by any C++ compiler which handles the latest C++ standard.
- Cppcheck is supposed to work on any platform that has sufficient cpu and memory.
Accuracy
Cppcheck is far from finished, it is continuously improved to make it more accurate.
Cppcheck is rarely wrong about reported errors. But there are many bugs that it doesn't detect.
You will find more bugs in your software by testing your software carefully, than by using Cppcheck.
You will find more bugs in your software by instrumenting your software (with for example http://valgrind.org/), than by using Cppcheck.
It is unlikely that you will find all the bugs in your software through testing and instrumenting. Cppcheck can detect some of the bugs that you have missed.
Documents and articles
Manual
The Cppcheck manual is available as HTML and PDF.
Writing rules
Articles about writing rules.
Part 1 - Getting started
Part 2 - Data representation
Part 3 - Introduction to C++ rules
Cppcheck design
This article talks about the internal data in Cppcheck.
This article discuss the philosphy of Cppcheck - how we try to avoid false warnings.
Clients and plugins
Cppcheck can be used from many popular development tools.
DOWNLOAD
Clients and plugins
Cppcheck is integrated with many popular development tools. For instance:
CLion - Cppcheck plugin
Code::Blocks - integrated
CodeDX (software assurance tool) - integrated
CodeLite - integrated
CppDepend 5 - integrated
Eclipse - Cppcheclipse
gedit - gedit plugin
Hudson - Cppcheck Plugin
Jenkins - Cppcheck Plugin
Mercurial (Linux) - pre-commit hook - Check for new errors on commit (requires interactive terminal)
Tortoise SVN - Adding a pre-commit hook script
Git (Linux) - pre-commit hook - Check for errors in files going into commit (requires interactive terminal)
Visual Studio - Visual Studio plugin
QtCreator - Qt Project Tool (qpt)
Commercial
Command line - LintProject by RiverBlade
CppDepend - Integrated. Note: CppDepend is free to use for open source projects.
SonarQube - Commercial C++ plugin
Visual Studio / Eclipse - Visual Lint by RiverBlade
Checks
Cppcheck has many different kinds of checks. A full list is available.
To suggest a new checker, please use Trac.
Forum, chat
IRC channel:
channel: #cppcheck
server: irc://irc.freenode.net
The IRC channel can be access with a web browser: http://webchat.freenode.net
Forum: http://sourceforge.net/p/cppcheck/discussion/
Future releases
Version 1.76 is planned to be released in October.
Bugs and feature requests
Use Trac to report any problems: Trac
''Defects'' are for severe bugs such as:
- False positives
- Cppcheck hangs/crashes
- Fail to compile
''Enhancements'' are for issues such as:
- Fail to detect bug
- Change the output of Cppcheck
- Suggestion for a new check
Contribute
You are welcome to contribute. Help is needed.
- Testing - Pick a project and test it's source with latest version. Write tickets to Trac about issues you find from Cppcheck. If you test open source projects and write bug reports to them, check the issues in Found bugs section, and write links to the bug reports you have created e.g. to our Forum, so we can keep a track about them.
- Developing - Pick a ticket from Trac, write a test case for it (and write a comment to the ticket that test case has been created). Or pick a test case that fails and try to fix it. Make a patch and submit it to Trac either inline if it is small, or attach it as a file.
- Marketing - Write articles, reviews or tell your friends about us. The more users we have, the more people we have testing and the better we can become.
- Design - Invent new good checks and create tickets to Trac about them.
- Integration - Write a plugin to your favorite IDE or create a package for your distribution or operating system.
- Technical Writer - Write better documentation for the bugs we find. Currently only a few bugs have any documentation at all.
Getting the source code
Latest version can be found in the cppcheck git repository.
To get the source code using git:
git clone git://github.com/danmar/cppcheck.git
To get the source code using subversion:
svn checkout https://github.com/danmar/cppcheck/trunk
You can also download the latest sources in a zip archive from the github website.
Found bugs
Here are some of the found bugs that have been fixed:
Found bugs
Post a Comment