CppCheck – free static code analysis for C++

CppCheck is a very helpful tool for C++ programmers. It performs the static code analysis of C++ project and discovers some types of error which can be easily overlooked by developers and compilers: out of bounds or uninitialized variables, redundant code, always true/false comparisons, exception safety and many others (all checks are listed here). If you want to maintain high code quality you should include the static code checks among the development routines.

Setup

The CppCheck tool is totally free and can be downloaded from the project page: sourceforge.net/projects/cppcheck/ or installed via command line. It works on Linux and Windows.

Usage

Check specific file and save the result to .txt file:

cppcheck filename.cpp 2> result.txt

Check all files in current directory (recursively):

cppcheck . 2> result.txt

By default only error messages are shown. To enable more messages use enable flag — enable=all will perform all checks possible (other possible values are warning, performance, information, style, unusedFunctions):

cppcheck --enable=all filename.cpp 2> result.txt

example and interpretation

I have cloned an open-source project QNapi and then tested the whole repository with the cppcheck. With the default check (only error level) no deviations were detected. Congratulations for the team :). However I go further and check with enable=warning flag. Now I see 9 warnings about uninitialized variables. Some of them are uninitialized member pointers — and this thing really deserves correction. Example:

[src/qnapiapp.cpp:17]: (warning) Member variable ‘QNapiApp::napisy24SubMenu’ is not initialized in the constructor.

The check with enable=perfomance produces additionally warnings like:

[src/qnapiconfig.cpp:128]: (performance) Prefer prefix ++/– operators for non-primitive types.

This one should not make a big difference in desktop application and can be optimized by compiler anyway, so we can ignore it. I go further with enable=style and I find:

[src/forms/frmlistsubtitles.cpp:60]: (style) Expression is always false because ‘else if’ condition matches previous condition at line 58.

This is interesting — such piece of code probably does not work intended way:

if(highlight && (s.resolution == SUBTITLE_GOOD))
   ++good;
else if(highlight && (s.resolution == SUBTITLE_GOOD))
   ++bad;

The analysis is very fast – for such small projects it lasts about one second. Detected bugs probably would not be found quickly without the help of this tool. In my opinion running the static analysis test is well-spent time. After having the results, we can make some improvements in our code.

Integrate cppcheck with eclipse

CppCheck can be easily integrated with Eclipse. Read Code Yarns article How to use CPPCheck with Eclipse CDT for comprehensive step-by-step setup instruction .

Other static analysis tools

It’s rather hard to find free substitute for CppCheck. A lot of commercial static code analysis tools are available on the market (i.e. QAC, Klocwork), but if we focus on the open source tools the choice become dramatically smaller. For now I haven’t found any other noteworthy tool for C++.

Advertisements

One thought on “CppCheck – free static code analysis for C++

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s