1. Summary
  2. Files
  3. Support
  4. Report Spam
  5. Create account
  6. Log in
Version 4 (modified by hyd_danmar, 5 years ago)

Explaining cppcheck

cppcheck development

This wiki is about cppcheck development

Creating new tickets

Defects:

  • false positives (when --all is not used)
  • hang / crash
  • fail to compile

Enhancements:

  • new checks
  • an existing check fails to detect bug (use the component "new check")
  • suggestions about different output
  • integration

Status

cppcheck is currently developed at "full speed". All open tickets are looked at - not just the ones in the current milestone.

Overview

cppcheck will not "compile" the code into any form of lower level byte code like some other tools do. It will not try to execute the code.

Instead cppcheck is looking at the code pretty much the same way you do. The input code will be matched against various patterns that is known to be bugs. The pattern matching is made especially for matching C/C++ code, this makes it easy and fast to create checks.

Analyzing a file

First the file is preprocessed through a normal preprocessor.

Secondly the code is tokenized. For example:

int abc=a+b+c;

is split up into 9 tokens: int abc = a + b + c ;

The same 9 tokens will be generated for this:

   int /* aa */ abc // ..
             = a +        b /*
   */ +c
;

When all tokens has been created all the checks will run. Each check will perform simple pattern matching on the tokens. When "bad" patterns are found, error messages are written.