Home  »  Articles   »   Dissecting Cppcheck the Static C/C++ Code Analysis Tool

Dissecting Cppcheck the Static C/C++ Code Analysis Tool

Cppcheck 1.70 the static analysis tool for C and C++ code was recently released early September 2015. Static analysis tools are nothing new to C and C++ programmers and the same can be said of Cppcheck which is a mature tool to use in your C/C++ projects.

What is Cppcheck?

Cppcheck is a static analysis tool for C and C++ source code. Cppcheck is not designed to detect syntax errors in the source code. Instead it is designed to detect programming errors in the code thus making it defer from compilers which do more checks on syntax errors.

Static code analysis is where the analysis of the computer software code that is performed without compiling or actually executing the program. That would be refereed to as dynamic analysis where the analysis is usually done on the object code rather than the source code.

What can Cppcheck do for Me?

You would basically use Cppcheck to root out bugs in your source code. Let’s check out this usage example to give us a clear idea of what a bug in the source code could look like.

Save the file above as test.cpp and execute:

cppcheck test.cpp

Cppcheck will give us the following output:

Checking test.cpp...
[test.cpp:4]: (error) Array 'c[10]' index 10 out of bounds

The above bug will generally go undetected when you compile you code as C and C++ compilers generally trust you the programmer to be careful about these sorts of out of bounds bugs.

Even though Cppcheck handles the latest C++ standards, you can also use it to check non-standard code that includes inline assembly code and various compiler extensions.

Some of the features that come with Cppcheck includes out of bounds checking as we’ve seen above. Others are:

  • Checking for uninitialized variables and memory leaks
  • Checking for invalid usage of the Standard Template Library and obsolete or unsafe functions
  • Detection of possible null pointer differences and other code that could possibly indicate bugs
  • Checking exception safety and warn about unused or redundant code

Like many other programming tools there are limits to the validity of Cppcheck. With that said, it is safe to say that there are many bugs that it doesn’t detect. With that in mind it is always prudent to use a host of different tools in your software project to get complimentary results.

You can visit the Cppcheck website and download a copy for yourself.

Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.

Available under:
Articles