Cppcheck - A tool for static C/C++ code analysis
Cppcheck is an analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools, we don't detect syntax errors. Cppcheck only detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
We recommend that you enable as many warnings as possible in your compiler.
If you use Visual C++: you should use warning level 4.
If you use GCC: take a look at Warning options - using GCC
If you use another compiler: look in the manual.
- You can check non-standard code that includes various compiler extensions, inline assembly code, etc.
- Cppcheck is supposed to be compilable by any C++ compiler which handles the latest C++ standard.
- Cppcheck is supposed to work on any platform that has sufficient cpu and memory.
Cppcheck is far from finished, it is continuosly improved to make it more accurate.
Cppcheck is rarely wrong about reported errors. But there are many bugs that it doesn't detect.
You will find more bugs in your software by testing your software carefully, than by using Cppcheck.
You will find more bugs in your software by instrumenting your software (with for example valgrind), than by using Cppcheck.
It is unlikely that you will find all the bugs in your software through testing and instrumenting. Cppcheck can detect some of the bugs that you have missed.
Documents and articles
False warnings are not inevitable for static analysis tools. This article shows how Cppcheck tries to avoid false warnings.
Clients and plugins
To download the standalone Cppcheck tool: http://www.sourceforge.net/projects/cppcheck
Clients and plugins (open source):
- Code::Blocks - Integrated
- Codelite - Integrated
- Eclipse - http://cppcheclipse.googlecode.com/
- Hudson - http://wiki.hudson-ci.org/display/HUDSON/Cppcheck+Plugin
- Jenkins - http://wiki.jenkins-ci.org/display/JENKINS/Cppcheck+Plugin
Clients and plugins (commercial)
Check if there is 64-bit portability issues:
- assign address to/from int/long
A pointer to a variable is only valid as long as the variable is in scope. Check:
- returning a pointer to auto or temporary variable
- assigning address of an variable to an effective parameter of a function
- returning reference to local/temporary variable
- returning address of function parameter
out of bounds checking
Check the code for each class.
- Missing constructors
- Are all variables initialized by the constructors?
- Warn if memset, memcpy etc are used on a class
- Are there unused private functions
- 'operator=' should return reference to self
- 'operator=' should check for assignment to self
- Constness for member functions
Checking exception safety
- Throwing exceptions in destructors
- Throwing exception during invalid state
- Throwing a copy of a caught exception instead of rethrowing the original exception
Memory leaks (address not taken)
Not taking the address to allocated memory
Memory leaks (class variables)
If the constructor allocate memory then the destructor must deallocate it.
Memory leaks (function variables)
Is there any allocated memory when a function goes out of scope
Memory leaks (struct members)
Don't forget to deallocate struct members
Non reentrant functions
Warn if any of these non reentrant functions are used:
- null pointer dereferencing
Warn if any of these obsolete functions are used:
- Assigning bool value to pointer (converting bool value to address)* bad usage of the function 'sprintf' (overlapping data)
- division with zero
- using fflush() on an input stream
- scoped object destroyed immediately after construction
- assignment in an assert statement
- sizeof for array given as function argument
- sizeof for numeric given as function argument
- incorrect length arguments for 'substr' and 'strncmp'
- C-style pointer cast in cpp file
- redundant if
- bad usage of the function 'strtol'
- unsigned division
- Dangerous usage of 'scanf'
- passing parameter by value
- Incomplete statement
- check how signed char variables are used
- variable scope can be limited
- condition that is always true/false
- unusal pointer arithmetic. For example: "abc" + 'd'
- redundant assignment in a switch statement
- look for 'sizeof sizeof ..'
- look for calculations inside sizeof()
- assignment of a variable to itself
- mutual exclusion over || always evaluating to true
- exception caught by value instead of by reference
- Clarify calculation with parentheses
- using increment on boolean
- comparison of a boolean with a non-zero integer
- suspicious condition (assignment+comparison)
- suspicious condition (runtime comparison of string literals)
- duplicate break statement
- testing if unsigned variable is negative
- testing is unsigned variable is positive
- using bool in bitwise expression
- optimisation: detect post increment/decrement
Check for invalid usage of STL:
- out of bounds errors
- misuse of iterators when iterating through a container
- mismatching containers in calls
- dereferencing an erased iterator
- for vectors: using iterator/pointer after push_back has been used
- optimisation: use empty() instead of size() to guarantee fast code
- suspicious condition when using find
- redundant condition
- common mistakes when using string::c_str()
- using auto pointer (auto_ptr)
- using uninitialized variables and data
Check for functions that are never called
- unused variable
- allocated but unused variable
- unred variable
- unassigned variable
- unused struct member
Using postfix operators
Warn if using postfix operators ++ or -- rather than prefix operator
match assignments and conditions
Match assignments and conditions:
- Mismatching assignment and comparison => comparison is always true/false
- Mismatching lhs and rhs in comparison => comparison is always true/false
- Detect matching 'if' and 'else if' conditions
The plan is to release a new version every 1-2 months.
Version 1.52 is planned to be released on December 10th
Bugs and feature requests
Use Trac to report any problems: http://apps.sourceforge.net/trac/cppcheck/
Defects are for severe bugs such as:
- False positives
- Cppcheck hangs/crashes
- Fail to compile
Enhancements are for issues such as:
- Fail to detect bug
- Change the output of Cppcheck
- Suggestion for a new check
You are welcome to contribute. Help is needed.
- Testing - Pick a project and test it's source with latest version. Write tickets to Trac about issues you find from Cppcheck. If you test open source projects and write bug reports to them, check the issues in Found bugs section, and write links to the bug reports you have created e.g. to our forum, so we can keep a track about them.
- Developing - Pick a ticket from Trac, write a test case for it (and write a comment to the ticket that test case has been created). Or pick a test case that fails and try to fix it. Make a patch and submit it to Trac either inline if it is small, or attach it as a file.
- Marketing - Write articles, reviews or tell your friends about us. The more users we have, the more people we have testing and the better we can become.
- Design - Invent new good checks and create tickets to Trac about them.
- Integration - Write a plugin to your favorite IDE or create a package for your distribution or operating system.
- Technical Writer - Write better documentation for the bugs we find. Currently only a few bugs have any documentation at all.
Getting the source code
Latest version can be found in the cppcheck git repository. To download it, run the following command:
git clone git://github.com/danmar/cppcheck.git
You can also download the latest sources in a zip or tgz archive from the github website.