Cppcheck is a static analysis tool for C/C++ code. Cppcheck does not detect syntax errors like C/C++ compilers but tries to detect bugs that are not visible by the compiler like memory leaks or out of bounds.
Cppcheck is a command line tool but don’t panic, a GUI is also available. With Cppcheck, you can analyze a single file or the content of a whole folder.
Links:
Cppcheck 1.51 changelog:
- New checks:
- actual initialization order of member variables is not the same as the written order. Use –inconclusive and –enable=style to enable this check.
- when first comparison is true, the 2nd comparison is always true. Example: ‘(x>5 && x!=1)’. Use –enable=style to enable this check.
- we fixed many false positives and false negatives in existing checks.
I tested Cppcheck with this piece of code:
bool f(int x)
{
int i;
if (x == 0)
{
i = 0;
return false;
}
return true;
}
char* createT()
{ return new char[100]; }
void destroyT(void* p)
{ free(p); }
void s(int x)
{
char* f = createT();
if (x == 1)
return;
destroyT(f);
}
int main()
{
char a[10];
char b[20];
a[10] = 0;
strcpy(a, b, 25);
for (int i=0; i<20; i++)
b[i] = a[i];
return 0;
}
And here are the errors detected by the tool:
I’d love a tool to tell me which includes to remove/redefine/move…
I would invite all who are interested in static code analysis, try our tool PVS-Studio.
PVS-Studio is a static analyzer that detects errors in source code of C/C++/C++11 applications (Visual Studio 2005/2008/2010).
Examples of use PVS-Studio: http://www.viva64.com/en/a/0077/
Comparison of static code analyzers: CppCat, Cppcheck, PVS-Studio and Visual Studio: http://www.viva64.com/en/b/0241/