Request for Validation Support for Cppcheck Tool

[Prarthana B S]

Hi ,

I am planning to use Cppcheck as the static analysis tool for C++ code in our project. Since our product will be going through FDA certification, one of the key requirements is that any software tool used in the development process must be validated.
Before proceeding further, I wanted to check if validation support or documentation for Cppcheck is available. Specifically:

1. Does Cppcheck provide any formal tool validation package or certification artifacts?
2. Is there any existing guidance or support from the vendor/team for tool qualification in regulated environments such as FDA?
3. If not, are there recommended approaches or templates for performing independent validation of Cppcheck?

[john borland]

As someone who has written simulations for NASA the role cppcheck has always filled for us making sure our simulations are following C++ best practices. I would double check your definitions of what validation means to the FDA. A lot of times I find groups using the words verification and validation interchangeably which is a big mistake. For me verification means does the software meet it's requirements. Validation means does the software do what was actually wanted. A lot of the time I can't tell that until after the mission until I can compare the simulation results with real world data captured during the mission.

While I think cppcheck is very capable tool and has a lot of great features. In my mind it would be out of the scope of any static analysis tool to verify runtime behaviors. There is a premium version of cppcheck https://www.cppcheck.com/ that has some additional features that might better aid someone creating software with stricture requirements. For example its bug hunting analysis and more strict coding standard checks like misra.

There are some formal method tools like frama-c https://frama-c.com/ but I find programing in those types of tools often takes a lot more planing, brain power and an unnatural amount of love for math proofs to use.

NASA does have some documentation that might help you https://www.nasa.gov/reference/appendix-i-verification-and-validation-plan-outline/
https://nodis3.gsfc.nasa.gov/displayDir.cfm?t=NPR&c=7150&s=2D

I hope this helps