Cppcheck is a free static code analysis tool that finds bugs in C and C++ code without executing the program. It works by tokenizing, simplifying, and checking code for patterns that may indicate bugs. Some checks look for buffer overruns, unused functions, memory leaks, and invalid arguments. Cppcheck is cross-platform, has a GUI and command line interface, and has found hundreds of bugs in open source projects.
3. Goal: Provide confidence that code is correct
just by looking at it (without building or
executing it).
Helps us find easy bugs buried in thousands
of lines of code (not something people are
great at).
5. Formal Methods:
◦ Mathematical!
◦ Require a mathematical model and assertions!
◦ Often require modeling the system as a finite state machine
and verifying each state and transition.
Code Metrics
Reviews and Inspection
6. Formal Methods:
Too difficult! Static analysis is supposed to save time.
Code Metrics
Reviews and Inspection
7. Formal Methods:
Too difficult! Static analysis is supposed to save time.
Code Metrics:
• Identify areas where bugs are likely.
• Based on measures of code complexity rooted in graph
theory (e.g. Cyclomatic complexity).
Reviews and Inspection
8. Formal Methods:
Too difficult! Static analysis is supposed to save time.
Code Metrics:
Good, but doesn’t directly identify defects.
Reviews and Inspection
9. Formal Methods:
Too difficult! Static analysis is supposed to save time.
Code Metrics:
Good, but doesn’t directly identify defects.
Reviews and Inspection
• Just look at the code and try to find suspicious
patterns.
• Basically what we do when performing code reviews.
10. Formal Methods:
Too difficult! Static analysis is supposed to save time.
Code Metrics:
Good, but doesn’t directly identify defects.
Reviews and Inspection
Works pretty well!
12. Three Popular Commercial Tools:
◦ PC-Lint
◦ Klocwork Insight
◦ Coverity Prevent
One Free Software Tool:
◦ Cppcheck
13. PC-Lint
◦ Commercial
◦ Works for C code
◦ Often reports many false positives.
◦ Probably the cheapest after Cppcheck (which is free)
Klocwork Insight
Coverity Prevent
Cppcheck
14. PC-Lint
Klocwork Insight
◦ Commercial
◦ A spin-out of Nortel Networks
◦ Also includes project management and project
visualization capabilities.
Coverity Prevent
Cppcheck
15. PC-Lint
Klocworks Insight
Coverity Prevent
◦ Commercial
◦ Identified over 6000 bugs across 53 open-source
projects.
◦ Developed from research at Stanford University.
Cppcheck
16. PC-Lint
Klocworks Insight
Coverity Prevent
Cppcheck
◦ Open source
◦ Under active development.
◦ Has found > 400 bugs in open-source projects.
◦ Free!
18. Detects bugs in C and C++ source that compilers
normally do not warn about!
Cross-platform (Windows, Linux, etc)
Fancy Qt-based GUI client!
◦ Also available in a command-line version
Usable via plugins from various IDEs (but not VS):
◦ Eclipse
◦ Code::Blocks
◦ Hudson, Jenkins
19. Packages maintained for FreeBSD, Debian and
Ubuntu systems (sudo apt-get install cppcheck)
Used to find bugs in many open-source
projects:
◦ Linux Kernel: > 40 bugs found+fixed
◦ VLC Player: > 20 bugs found+fixed
◦ Others: 7-zip, curl, git, etc
20. Bounds checking for array overruns
Memory and resource leaks
Unused private class functions
Use of deprecated functions
Wrong # of arguments given to printf or scanf
Switch cases that fall through suspiciously
Dozens of others…
26. Bounds checking for array overruns
Unused private class functions
Use of deprecated functions
Memory and resource leaks
Dozens of others…
30. void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else
{ printf ( "Whoa" ) ; } }
Results
Checks
Each check iterates over the tokens, and reports if it finds a
suspicious pattern!
Checks implemented as C functions or XML documents that
describe the pattern to look for.
Results categorized as error, warning, style, performance,
portability, or informative.
31. Cppcheck is a free tool for finding
bugs in C++ source code.
It works by parsing the source
code, splitting it into tokens and
finding suspicious patterns in the
tokens.
32. Official project page:
◦ http://cppcheck.sourceforge.net/
Official source repository:
◦ https://github.com/danmar/cppc
heck