- Cppcheck
-
Cppcheck Original author(s) Daniel Marjamäki Initial release March 10, 2009 Stable release 1.51 / October 8, 2011 Development status Active Written in C++ Operating system Cross-platform Available in English, Dutch, Finnish, Swedish, German, Russian, Polish, Japanese, Serbian Type Static code analysis License GNU General Public License Website cppcheck.sourceforge.net Cppcheck is an open source static code analyzer tool for C/C++ programming languages. It's a versatile tool that can check non-standard code.[1]
Contents
Plugins
Plugins for the following IDEs exist[2]
- Code::Blocks - integrated.
- CodeLite - integrated.
- Eclipse (software) - Cppcheclipse
- Hudson - Cppcheck Plugin
- Jenkins - Cppcheck Plugin
- Yasca - Cppcheck Plugin
No plugin exists for Visual Studio, but it's possible to add Cppcheck as an external tool.
Features
Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature.
Some of the checks that are supported include:
- Automatic variable checking
- Bounds checking for array overruns
- Classes checking. (e.g. unused functions, variable initialisation and memory duplication).
- Usage of Deprecated or superseded functions according to http://www.opengroup.org
- Exception safety checking, for example usage of memory allocation and destructor checks
- Memory leaks, e.g. due to lost scope without deallocation
- Resource leaks, e.g. due to forgetting to close a file handler.
- Invalid usage of Standard Template Library functions and idioms
- Miscellaneous stylistic and performance errors
Status
The project is actively under development[3] and is actively maintained in different distributions.[4][5] It has found valid bugs in a number of popular projects[6] such as the Linux kernel and MPlayer.[7]
As with many analysis programs, there are many unusual cases of programming idioms which may be acceptable in particular target cases, or outside of the programmer's scope for source code correction. A study conducted in March 2009 identified several areas where false positives were found by cppcheck, but did not specify the program version examined.[8] Cppcheck has been identified for use in systems such as CERNs 4DSOFT meta analysis package,[9] for code verification in high energy particle detector readout devices[10], system monitoring software for radio telescopes[11] as well as in error analysis of large projects, such as Openoffice.org[12] and the debian archive.[13]
See also
References
- ^ "A Survey of C and C++ Software Tools for Computational Science". Science and Technologies Facility Council. Chilbolton, Daresbury, and Rutherford Appleton Laboratories. December 2009. p. 14. http://www.softeng.rl.ac.uk/media/uploads/publications/2010/03/c-c_tools_report.pdf. Retrieved 14 September 2010.
- ^ SourceForge.net: cppcheck
- ^ Cppcheck on Github
- ^ Cppcheck on Debian's Package Tracking System
- ^ Cppcheck FreeBSD port
- ^ "List of user reported bugs found by cppcheck". http://sourceforge.net/apps/phpbb/cppcheck/viewtopic.php?f=4&t=27.
- ^ "Found Bugs list". SourceForge. http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Found_bugs.
- ^ "Static Code Analysis For Embedded Systems". http://publications.lib.chalmers.se/records/fulltext/111920.pdf.
- ^ "Dissemination and use of knowledge plan (EU Deliverable DNA2.11". 2010. http://etics.web.cern.ch/etics/deliverables/ETICS-DNA2%2011-1065007-Dissemination_Use_Knowledge_Plan-v1%201.pdf.
- ^ "Entwurf und Implementierung eines adaptiven, strahlentoleranten eingebetteten Systems am Beispiel eines Read-Out-Controllers (En: Development and implementation of an adaptive, radiation tolerant embedded system for operation of a Read-Out controller)". 2010. http://www.kip.uni-heidelberg.de/tip/root/img/pool/literature/theses/2009_mueller-klieser_stefan.pdf.
- ^ "The Wettzell System Monitoring Concept and First Realizations". International VLBI Service for Geodesy & Astrometry. 2010. p. 447. http://ivscc.gsfc.nasa.gov/publications/gm2010/ettl.pdf.
- ^ "Hunting for vulnerabilities in large software : the OpenOffice suite". http://www.cl.cam.ac.uk/~wmk26/openoffice/openoffice9.pdf.
- ^ "Introducing the "Debian's Automated Code Analysis" (DACA) project". LWN.net. http://lwn.net/Articles/420252/.
Proceedings of Science: SysMon, a monitoring concept for VLBI and more
External links
Categories:- Static program analysis tools
- Free cross-platform software
- Free software programmed in C++
Wikimedia Foundation. 2010.
