How does cppcheck detect errors

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

How does cppcheck detect errors

Forum: General Discussion

Creator: Jiyoun

Created: 2024-11-10

Updated: 2024-11-12

Jiyoun - 2024-11-10

Hello! I am a student who wants to study static analysis methods. So I downloaded the source code of cppcheck version 2.15.0 and tried to study the flow or method of detecting vulnerabilities. But I am having difficulties, so I am asking for advice or help.

I followed the operation of cppcheck based on the cli, and discovered that CppCheckExecutor::check is executed first from main. Here, I understood that the path or options are set with fillSettingsFromArgs, getFiles, and getFileSettings, and then error checking is done in the code with check_wrapper(settings). It seems like check_wrapper(settings) calls check_internal(settings), which in turn calls SingleExecutor::check(). However, I couldn't find a code to detect errors such as zerodiv, syntaxError, and bufferoverrun in this flow and print them to the terminal.

So, if you could help me a little bit on exactly where in the code these error detection is happening, I'd really appreciate it.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2024-11-11

The checkers are in lib/check*.cpp

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Jiyoun - 2024-11-11

After the previous question, I found that SingleExecutor::check() leads to CppCheck::anyseWholeProgram(), which goes to the virtual pool annalyseWholeProgram at check.h. So I figured out that it was executing the lib/check*.cpp you left an answer for, but from the contents of the getErrorPath function(ex. in CheckNullPointer::analyseWholeProgram), it seemed to save the error path as a variable after already detecting the error. This isn't actual error detection, is it? Or is there something I got wrong?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Oleksandr Labetskyi - 2024-11-12
  
  Hello Jiyoun! SingleExecutor::check() execute the majority of checks in a loop. Right above the mCppcheck.analyseWholeProgram() we have a for loop which run result += mCppcheck.check(fs);. Which further calls CppCheck::checkFile function where you could find all the error you are looking for.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2024-11-11

I'd suggest identifying the error message that you're interested in, setting a breakpoint where it is generated (usually in a check*.cpp file), and working backwards from that.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.